Hint: Implementing Pin Based Authentication ( With mOTP API )


/ Published in: PHP
Save to your folder(s)

Introduction:

Pin Based login is a mechanism to authenticate user, by sending one time valid pin to user's phone. This implementation makes use of a mOTP API for sending one time pin, via Missed call and thus eliminates any cost involved with the SMS One Time Password ( OTP ) implementation.

The code is contributed by tny.im developer.
Live example is available on this URL: https://tny.im/otplogin.php


Details:
The source code is shared for developer's reference, to Implement user authentication via Missed Calls ( by using mOTP API )

Step1: To send a one-time password to a phone:

Step2: To retrieve the correct password for the session ID that is returned on the previous step (so you can compare with what the user entered):

Another reference code can be downloaded at
http://code.google.com/p/missed-call-otp/wiki/SampleCode


Copy this code and paste it in your HTML
  1. Step1: To send a one-time password to a phone:
  2.  
  3.  
  4.  
  5. $replye = file_get_contents("http://api.motp.in/v1/YOUR_API_KEY_HERE/" . "USER_PHONE_NUMBER_HERE");
  6. $reply = json_decode(trim($replye), true);
  7. if($reply["Status"] == "Success") {
  8. // OTP sent, session ID is on $reply["Result"]
  9. // you need the session ID to get the correct code
  10. }
  11.  
  12.  
  13.  
  14. Step2: To retrieve the correct password for the session ID that is returned on the previous step (so you can compare with what the user entered):
  15.  
  16.  
  17.  
  18. // get login otp that was sent to user
  19. $ch = curl_init();
  20. curl_setopt($ch,CURLOPT_URL,"http://api.motp.in/v1/OTP/YOUR_API_KEY_HERE/" . $reply["Result"]);
  21. curl_setopt($ch,CURLOPT_POST,1);
  22. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  23. curl_setopt($ch,CURLOPT_POSTFIELDS,"private=YOUR_PRIVATE_KEY_HERE");
  24. $replye = curl_exec($ch);
  25. $reply = json_decode(trim($replye), true);
  26. if($reply["Status"] == "Success") {
  27. // correct code is on $reply["Result"]
  28. // you can now compare it with what the user entered
  29. // obviously, you must let the user enter the received code before
  30.  
  31.  
  32.  
  33. You can push the code to the user and get a session ID first, then have the user input the code and only then retrieve the correct one from the API, or you can do like me and do it all in one run, storing the correct code in a session variable and only comparing it later when the user provides it.

URL: http://code.google.com/p/missed-call-otp/wiki/SampleCode2

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.