It's fairly easy to validate TOTP codes on the server side. It's just a SHA hashing function. See RFC 6238. I wrote my own but I'm sure source code is out there somewhere.
Free/open source client side apps are readily available for iOS and Android.
The only problem left is how to share the random/secret key/seed that your web site will generate for each user. This can be done relatively error free using email or on-screen using QR Code at the time the user enables 2FA.
Don't know how to generate a QR code? No problem --- lots of generators are available for free on the web. Just embed a proper link to generate one.