asked on web development
need to secure user registration on the website . when user tries to configure account a 4 digit number goes toward mobile and that 4 digit number needs to enter in the website for completing registration . how it can be done .
PHPWeb ComponentsJavaScript
Last Comment
PimOnline
Could u please define the question some more. What do you want to get answered? How to send the code to the user? How to make a simple login system? What do you have so far?
The easiest way to do some sort of account verification would be to send the user a link in a email which they then have to click on to complete their account set up.
The four digit key would be part of the link and when you receive that key it would automatically finish the registration.
I have had to deal with account set ups and barring any strange email hangups it is a fairly simple way to do account verifications.
The four digit key would be part of the link and when you receive that key it would automatically finish the registration.
I have had to deal with account set ups and barring any strange email hangups it is a fairly simple way to do account verifications.
ASKER
to haloexpertsexchange:
email verification is not secured as anybody can create email with any name
to PimOnline:
yes , how the workflow , how to send 4 digit code to mobile , does it need to subscribe any sms provider , is API for sms enough ? how code 4 digit will send (OTP) two factor
Yes I agree with haloexpertsexchange, there's no way to do this easily other than using email verification. You can do the mobile text verification but i think you need to coordinate with a telecommunication company. If you said that email verification is not secured as anybody can create email with any name, if given you have the access to a tel co satellite to implement mobile text verification, how can you make sure that the mobile number entered is a valid one? I think it's the same situation. That if i get your problem/concern right. hehehe Or can you explain more about your concern? Thank you...
Warning: I am not an expert on the subject of SMS.
That said, you can take a look at the following tutorial, which looks pretty good. This tutorial discusses how to send an email message to a carrier's email SMS gateway, which will then translate the message into a text message. It is also possible to directly interface with a SMS gateway through HTTP requests, if one is available.
That said, you can take a look at the following tutorial, which looks pretty good. This tutorial discusses how to send an email message to a carrier's email SMS gateway, which will then translate the message into a text message. It is also possible to directly interface with a SMS gateway through HTTP requests, if one is available.
ASKER
hello Mr wizzy,
if a person register with username "ssshhh" and if he enters mobile number . the sites gives code to the mobile with 4 digit to complete registration , after that he cannot enter again other username . and whatever he does on this username belongs to that mobile . and so many countries mobile number is registered eventhough it is not 100% correct . this way it can delete unneccarry entries , otherwise same person can create multiple usernames and multiple email ids and fake messages and nobody can trace it easily as emails are free . i would like to the how it can implement on the website . there are sms gateways , but the website can send 4 digit code
Lets also note i am not a expert on security.
What i would do.
Create a page where they can request access with mobile number.
On submit generate a code to access store it and send it to the user by webapi. (If u need a webapi there are a few but not all of them support all providers.)
One page to login
On the forum submit see if the key entered is stored in the DB. (and if it is still valid and not to many attempts).
If so allow the user access if not record a failed attempt.
This is one way to do it. Not sure if it's safe.
What i would do.
Create a page where they can request access with mobile number.
On submit generate a code to access store it and send it to the user by webapi. (If u need a webapi there are a few but not all of them support all providers.)
One page to login
On the forum submit see if the key entered is stored in the DB. (and if it is still valid and not to many attempts).
If so allow the user access if not record a failed attempt.
This is one way to do it. Not sure if it's safe.
ASKER
hello pimonline
can you elaborate your words (On submit generate a code to access store it and send it to the user by webapi. (If u need a webapi there are a few but not all of them support all providers.))
When the user submits the i think registration page. Create a account but store that it is not activated. Generate a code, store it as verification key. Do a webrequest for sending a SMS api.
For a example API http://www.bulksms.com/int/docs/eapi/submission/send_sms/. (i never used and do not know it). There are more ways to do a webrequest one of them is to use http://php.net/manual/en/function.fopen.php.
When the user tries to login check if the account is activated.
If the account is not activated, show a form where the user has to enter the code. If the code is correct activate the account. else show a error page (with perhaps
go on with your login process.
I hope i wrote it a bit more clear now.
For a example API http://www.bulksms.com/int/docs/eapi/submission/send_sms/. (i never used and do not know it). There are more ways to do a webrequest one of them is to use http://php.net/manual/en/function.fopen.php.
When the user tries to login check if the account is activated.
If the account is not activated, show a form where the user has to enter the code. If the code is correct activate the account. else show a error page (with perhaps
go on with your login process.
I hope i wrote it a bit more clear now.
ASKER
how it can generate code and send same code by sms . sms sending is ok . but a particular code
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.