web development

techp
techp used Ask the Experts™
on

 need to secure user registration on the website . when user tries to configure account a 4 digit number goes toward mobile and that 4 digit number needs to enter in the website for completing registration . how it can be done .
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Could u please define the question some more. What do you want to get answered? How to send the code to the user? How to make a simple login system? What do you have so far?
The easiest way to do some sort of account verification would be to send the user a link in a email which they then have to click on to complete their account set up.
The four digit key would be part of the link and when you receive that key it would automatically finish the registration.
I have had to deal with account set ups and barring any strange email hangups it is a fairly simple way to do account verifications.

Author

Commented:


 to haloexpertsexchange:
email verification is not secured as anybody can create email with any name

 to PimOnline:

 yes , how the workflow , how to send 4 digit code to mobile , does it need to subscribe any sms provider , is API for sms enough ? how code 4 digit will send (OTP) two factor
 
 
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Yes I agree with haloexpertsexchange, there's no way to do this easily other than using email verification. You can do the mobile text verification but i think you need to coordinate with a telecommunication company. If you said that email verification is not secured as anybody can create email with any name, if given you have the access to a tel co satellite to implement mobile text verification, how can you make sure that the mobile number entered is a valid one? I think it's the same situation. That if i get your problem/concern right. hehehe Or can you explain more about your concern? Thank you...
Top Expert 2004

Commented:
Warning: I am not an expert on the subject of SMS.

That said, you can take a look at the following tutorial, which looks pretty good. This tutorial discusses how to send an email message to a carrier's email SMS gateway, which will then translate the message into a text message. It is also possible to directly interface with a SMS gateway through HTTP requests, if one is available.

Author

Commented:

 hello Mr wizzy,

    if a person register with username "ssshhh" and if he enters mobile number . the sites gives code to the mobile with 4 digit to complete registration , after that he cannot enter again other username . and whatever he does on this username belongs to that mobile . and so many countries mobile number is registered eventhough it is not 100% correct . this way it can delete unneccarry entries , otherwise same person can create multiple usernames and multiple email ids and fake messages and nobody can trace it easily as emails are free . i would like to the how it can implement on the website . there are sms gateways , but the website can send 4 digit code
Lets also note i am not a expert on security.

What i would do.

Create a page where they can request access with mobile number.
On submit generate a code to access store it and send it to the user by webapi. (If u need a webapi there are a few but not all of them support all providers.)
One page to login
On the forum submit see if the key entered is stored in the DB. (and if it is still valid and not to many attempts).
If so allow the user access if not record a failed attempt.

This is one way to do it. Not sure if it's safe.

Author

Commented:

 hello pimonline

 can you elaborate your words (On submit generate a code to access store it and send it to the user by webapi. (If u need a webapi there are a few but not all of them support all providers.))

 
When the user submits the i think registration page. Create a account but store that it is not activated. Generate a code, store it as verification key. Do a webrequest for sending a SMS api.
For a example API http://www.bulksms.com/int/docs/eapi/submission/send_sms/. (i never used and do not know it). There are more ways to do a webrequest one of them is to use http://php.net/manual/en/function.fopen.php.

When the user tries to login check if the account is activated.
If the account is not activated, show a form where the user has to enter the code. If the code is correct activate the account. else show a error page (with perhaps
go on with your login process.

I hope i wrote it a bit more clear now.

Author

Commented:

 how it can generate code and send same code by sms . sms sending is ok . but a particular code
u can generate a random number using http://php.net/manual/en/function.rand.php
(but take in account if u need for digites that u make sure it used leading zero' s or use 1000 as smalles digit).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial