how to generate OTP and send the password to mobile via sms

Question

I am doing a project of using OTP for the login of the websites, I have created a button named "Generate" once clicked it will create an OTP and send an SMS via HTTP gateway, then it stores the password in the database.

My code to create an OTP and save in DB:

if(isset($_POST['generate']))
{
    $string = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $string_shuffled = str_shuffle($string);
    $password = substr($string_shuffled, 1, 7);

    $password = base64_encode($password);
    $query = mysql_query("UPDATE user_login SET password='".$password."' WHERE username = 'ajai sandy' ");
    $qry_run = mysql_query($query);
}

Now I need to place this code of SMS API:

http://login.smsgatewayhub.com/smsapi/pushsms.aspx?user=abc&pwd=xyz&to=919898123 456&sid=senderid&msg=test%20message&fl=0 

The thing is the 5th line of code generates the OTP, then I need to place my SMS API after this so that it could send the password to the mobile, then it should encrypt the password which is on the 6th line and then saves in the database.

Am not sure how to perform this action in sequence and don't know where to place the code

Answer 1

Try this.

if(isset($_POST['generate']))
{
    $string = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $string_shuffled = str_shuffle($string);
    $password = substr($string_shuffled, 1, 7);

    file_get_contents("http://login.smsgatewayhub.com/smsapi/pushsms.aspx?user=abc&pwd=$password&to=919898123456&sid=senderid&msg=test%20message&fl=0");


    $password = base64_encode($password);
    $query = mysql_query("UPDATE user_login SET password='".$password."' WHERE username = 'ajai sandy' ");
    $qry_run = mysql_query($query);
}

Answer 2

The following code works like a charm ,

 header('Location:http://login.smsgatewayhub.com/smsapi/pushsms.aspx?user=abc&pwd=$password&to=919898123456&sid=senderid&msg=test%20message&fl=0');

Answer 3

Thanks, I am happy to refer you this awesome tutorial

//OTP SYSTEM CODE

function sendSMS($mobile=null, $subject=null)
{
$SMSapiKey = 'XYZ';
$url = 'http://example.com/api_2.0/SendSMS.php?APIKEY='.$SMSapiKey.'&MobileNo='.urlencode($mobile).'&SenderID=SAMPLE_MSG&Message='.urlencode($subject).'&ServiceName=TEMPLATE_BASED';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$returndata = curl_exec($ch);
curl_close($ch);
return "A SMS SENT SUCCESSFULLY TO $mobile";
}
$otp_code = strtoupper(substr(md5(uniqid()), 0, 6));   // A smart code to generate OTP PIN.

Checkout this awesome tutorial and implementation of G2FA for crypto-graphically secured OTP make otp system using php

Answer 4

Here is a quick sample code to send OTP via PHP with http://2Factor.in OTP API

 <?php

$YourAPIKey='<YourAPI>';
$SentTo='<User10DigitNumber>';


### DO NOT Change anything below this line
$agent= 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)';
$url = "https://2factor.in/API/V1/$YourAPIKey/SMS/$SentTo/AUTOGEN"; 
$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL,$url); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
echo curl_exec($ch); 
curl_close($ch);

You may refer to THIS LINK illustrating quick steps to implement SMS OTP from PHP

Answer 5

Verifying a phone number using OTP (One Time Password) is a sure shot way to reduce the spam over your website. In this article, we will be going to discuss this topic in great detail. We will be learning how we can set up our PHP code to send the OTP to the mobile numbers and hence verifying the user. We would be using Twilio as a third party service to send the messages containing One Time Passwords (OTPs).

Actually, Twilio is a third party tool which can be used to send text messages, IVR and much more. There are many alternatives to Twilio but due to its seamless integration and a bit of my personal choice, we would be using Twilio here in our article. Although Twilio is a paid tool, we can use a "free version" of it which of course has certain limitations but it would suffice for our article and hence our purpose.