$code should have (string) type. (int) will produce always false.

[utilmind]

Hello! I just spent some amount of time trying to figure out why it doesn't accepts entered 6-digits integer then realized that verifyCode() only accepts (string)'s.

I suggest to make strict conversion $code to (string), to correctly process possible integers.

Also I suggest to replace $var++ to ++$var for better performance, but it's less important.

Thanks!

[RobThree]

The code should never be an int, it's always a string in the first place. An integer can't hold zeroes: 008164 in an int becomes 8614 which 1) doesn't match the length requirement and 2) is ambigious; did the user forget to input the missing digits or did the user, somehow, get 4 digits from somewhere?

When we drop support for old(er) PHP versions all methods (including verifyCode() will be type hinted (i.e. verifyCode(string $secret, string $code, int $discrepancy = 1, ...).

The $var++ v.s. ++$var is such a micro-optimisation (if at all) on such little iterations that it will make no noticeable difference in whatever real world setting.

Thanks for your input and PR anyway! It may not sound like it, but it's appreciated nonetheless.