You can use this as a baseline for the logic behind implementing TOTP.
It is probably incredibly insecure and this is incredibly barebones but the purpose is to show that it is extremely simple to implement and every site should implement this if there is a login system (that isn't OAUTH).
Try a working example at https://2fa.epicgamer007.repl.co