{"id":200,"date":"2018-05-22T05:26:45","date_gmt":"2018-05-22T05:26:45","guid":{"rendered":"http:\/\/www.infotheme.in\/blog\/?p=89"},"modified":"2018-06-14T07:02:34","modified_gmt":"2018-06-14T07:02:34","slug":"make-otp-system-in-php","status":"publish","type":"post","link":"https:\/\/infotheme.net\/blog\/make-otp-system-in-php\/","title":{"rendered":"How to Make OTP (One Time Password) System Using Php"},"content":{"rendered":"<p><strong>Create OTP System In PHP with Simple Mobile\u00a0SMS Integration:\u00a0<\/strong>Today I am here to introduce you to OTP system and how to make <a href=\"https:\/\/en.wikipedia.org\/wiki\/One-time_password\" target=\"_blank\" rel=\"nofollow noopener\"><strong>OTP (One Time Password)<\/strong><\/a> system using php.\u00a0OTP is the need of today&#8217;s website and mobile apps. Everyone seller or website owner want valid customer on their platform. So As i am a web developer and today our every clients are searching for an otp system, it might be an Email Based\u00a0OTP System or Mobile\u00a0Based OTP System. So first here i wanna let you know about OTP System.<\/p>\n<p><strong>Create Secure OTP System using PHP<\/strong><\/p>\n<p>After a discussion on social media with some experts, I decided to share this with you, Creating OTP System In PHP for production or a live website is really tough for beginner need some Crypto expert which can make it easily. Here I am providing you a basic code for php otp system which you can use for small tasks on your website. Here i am sharing <strong>Why Security Is Important in OTP System,\u00a0<\/strong>So for secure OTP System you need a <strong>cryptographically secured random number<\/strong> however in this post the\u00a0<strong><a href=\"http:\/\/php.net\/manual\/en\/function.openssl-random-pseudo-bytes.php\" target=\"_blank\" rel=\"nofollow noopener\"><em>openssl_random_pseudo_bytes()<\/em><\/a>\u00a0<\/strong>is a way which can make a secured random number and i tried my best to share a secured code with you. I also using <strong>CryptoLib<\/strong> Which can help to make more secure random number. I\u00a0will recommend you to use <strong>Google Authenticator\u00a0<\/strong>to create best OTP System. Now Here in this post i will share <strong>how to integrate Google Authenticator for OTP system PHP<\/strong>.<\/p>\n<figure id=\"attachment_93\" aria-describedby=\"caption-attachment-93\" style=\"width: 600px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" class=\"wp-image-93 size-full\" src=\"http:\/\/www.infotheme.in\/blog\/wp-content\/uploads\/2016\/08\/make-otp-system-for-mobile-and-email-using-php-tutorial.png\" alt=\"How to Make OTP System in Php\" width=\"600\" height=\"450\" \/><figcaption id=\"caption-attachment-93\" class=\"wp-caption-text\">Make OTP System in Php<\/figcaption><\/figure>\n<p>[BUTTON url=&#8221;http:\/\/www.infotheme.in\/blog\/demo\/php\/otp-system-using-php\/&#8221;]See Live Demo[\/BUTTON]<\/p>\n<p>[BUTTON url=&#8221;http:\/\/www.infotheme.in\/blog\/wp-content\/uploads\/2016\/08\/otp-system-using-php.zip&#8221;]Download Now[\/BUTTON]<\/p>\n<div id=\"toc_container\" class=\"no_bullets\"><p class=\"toc_title\">Contents<\/p><ul class=\"toc_list\"><li><a href=\"#What_is_OTP_One_Time_Password_System_8211_Create_OTP_System_In_PHP\"><span class=\"toc_number toc_depth_1\">1<\/span> What is OTP (One Time Password) System &#8211; Create OTP System In PHP:<\/a><ul><li><a href=\"#How_OTP_System_Works\"><span class=\"toc_number toc_depth_2\">1.1<\/span> How OTP System Works:<\/a><\/li><li><a href=\"#How_to_Create_OTP_System_InPHP\"><span class=\"toc_number toc_depth_2\">1.2<\/span> How to Create OTP System In\u00a0PHP<\/a><\/li><\/ul><\/li><li><a href=\"#How_to_Create_OTP_Code_By_Secured_PHP_Library_Generate_OTP_Number_in_Php\"><span class=\"toc_number toc_depth_1\">2<\/span> How to Create OTP Code By Secured PHP Library |\u00a0Generate OTP Number in Php<\/a><ul><li><a href=\"#What_is_OTP_Confirmationand_Why_OTP_Verification_Required\"><span class=\"toc_number toc_depth_2\">2.1<\/span> What is OTP Confirmation\u00a0and Why OTP Verification Required:<\/a><\/li><li><a href=\"#Integrate_Google_Authenticator_Using_PHP_8211Google_TOTP_2FA\"><span class=\"toc_number toc_depth_2\">2.2<\/span> Integrate Google Authenticator Using PHP &#8211;\u00a0Google TOTP 2FA:\u00a0<\/a><\/li><li><a href=\"#Save_OTP_To_Database_as_Temporary_Value_Data\"><span class=\"toc_number toc_depth_2\">2.3<\/span> Save OTP To Database as Temporary Value \/ Data<\/a><\/li><li><a href=\"#Send_OTP_to_Users_Using_Email\"><span class=\"toc_number toc_depth_2\">2.4<\/span> Send OTP to Users Using Email<\/a><\/li><li><a href=\"#SMS_Api_Integration_to_Send_OTPto_Users_Mobile\"><span class=\"toc_number toc_depth_2\">2.5<\/span> SMS Api Integration to Send OTP\u00a0to Users Mobile<\/a><\/li><li><a href=\"#Conclusion_and_Final_Code\"><span class=\"toc_number toc_depth_2\">2.6<\/span> Conclusion and Final Code:<\/a><\/li><\/ul><\/li><\/ul><\/div>\n<h2><span id=\"What_is_OTP_One_Time_Password_System_8211_Create_OTP_System_In_PHP\">What is OTP (One Time Password) System &#8211; Create OTP System In PHP:<\/span><\/h2>\n<p>A OTP or One Time Password System is a concept to prevent spam and Unwanted hack on website and Mobile App. It helps individual users to make secured their data online on any OTP integrated website. ONE TIME PASSWORD is an automatically generated numeric or alphanumeric strings which helps in authentication of a single transaction or session of particular user. The number changes in a timely manner, depending on how it is configured in\u00a0coding \/ Program.<\/p>\n<p><strong>Also Learn :<\/strong> <a href=\"http:\/\/www.infotheme.in\/blog\/2016\/10\/digital-ocean-setup-ubuntu-apache-mysql-php-vsftpd-ftp-phpmyadmin-and-wordpress-275.html\" rel=\"nofollow noopener\" target=\"_blank\"><strong>How to install LAMPP and WordPress in Digital Ocean with\u00a0Ubuntu<\/strong><\/a><\/p>\n<h3><span id=\"How_OTP_System_Works\">How OTP System Works:<\/span><\/h3>\n<p>OTP always works according it&#8217;s program or coding. It depends on website requirement and how that website want to integrate it to authenticate sessions or transactions of their users. It can be used in Registration or Login system of Customer Panel. Most of popular website using OTP system for Login and Registration of User \/ Customers. And Many other websites are using OTP for payment transactions and other important or confidentials sessions, which helps them to prevent user sessions with unwanted hacks.<\/p>\n<h3><span id=\"How_to_Create_OTP_System_InPHP\">How to Create OTP System In\u00a0PHP<\/span><\/h3>\n<p>So it&#8217;s time to create one time password for your website, I know you want to make a secured session for your users or customers, Oh&#8217;O please wait before creating a OTP System using PHP,\u00a0i want to tell\u00a0you about Mobile and Email Based OTP system.<\/p>\n<p><strong>What Is Mobile Based OTP System :<\/strong><\/p>\n<p>When we use a Mobile SMS gateway to authenticates users or send One Time Password to Users via TEXT SMS on their mobile. It called Mobile based OTP System. For Mobile based OTP system you have to Buy Bulk SMS Service from SMS Service Provider. Which will cost you an amount, so this is li&#8217;l bit costly for startups.<\/p>\n<p><strong>What Is Email Based OTP system:\u00a0<\/strong><\/p>\n<p>Email is best way to send any information, but in case of OTP i will recommend you to use Mobile Based or SMS based OTP System. But if you don&#8217;t have a budget to buy a BULK SMS Service, so you can send your otp via Email to your users for authentication of any session or transaction.<\/p>\n<p>Now here i will tell you\u00a0about Configuration of OTP system using PHP and SMS gateway Integration for OTP System.<\/p>\n<p><strong>How to Generate OTP Code Using PHP<\/strong><\/p>\n<p>Here i am writing a code so you can generate a unique code as otp for users and customers (One Time Password), So let&#8217;s focus on &#8220;how to generate one time password (otp code)&#8221;:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">$otp_code = strtoupper(bin2hex(openssl_random_pseudo_bytes(3))); \/\/ A smart code to generate OTP PIN.<\/pre>\n<p>In this sample of code we will generate a 6 Character Alphanumerical digit \/ character.<\/p>\n<h2><span id=\"How_to_Create_OTP_Code_By_Secured_PHP_Library_Generate_OTP_Number_in_Php\">How to Create OTP Code By Secured PHP Library |\u00a0Generate OTP Number in Php<\/span><\/h2>\n<p>So guys after a long time i came to meet you here today, Do you know why ? because I was busy in a long holidays for my honeymoon. Hmm! do you think a programmer can go for a long vacation \ud83d\ude41 No guys is just a myth, we are programmers and we will die after submitting a project to client without any errors and 1k+ re-checks. So i think i don&#8217;t have words now regarding my awesome holiday which i spent with my wife ( Yes it&#8217;s my laptop \ud83d\ude42 ).<\/p>\n<p>So let&#8217;s start\u00a0 with code so guys few days ago I was working with a new cms which\u00a0 i developed for my future presentation in Industry. So I found a php library which can be <strong>used to generate some random cryptographically secured strings<\/strong>. Now here the name of my new announcement is &#8220;<strong>RandomLib (A Secure PHP library to make otp system or some random secured string in php)<\/strong>&#8220;. I think you have great knowledge of composer, hmm! what is this man ?\u00a0\ud83d\ude2f You really don&#8217;t know ? No man i am newbie Okay okay i thought an expert of Laravel is there. Okay no problem simply a composer is used to integrate libraries or modules or extensions into projects.<\/p>\n<p>So here you have to follow these few commands to get rid from an unsecured otp code.<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">$ composer require ircmaxell\/random-lib<\/pre>\n<p>A factory is used to get generators of varying strength:<\/p>\n<p>$factory = new RandomLib\\Factory;<\/p>\n<p>$generator = $factory-&gt;getGenerator(new SecurityLib\\Strength(SecurityLib\\Strength::MEDIUM)); \/\/ This is the magic method of Factory to generate random string<\/p>\n<p>If you want a limitation in otp code just use it<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">$generator-&gt;generateString(8, 'abcdef');<\/pre>\n<p>If you fill there is a problem in implementation of this library just comment down or ask to father of library <a href=\"https:\/\/github.com\/ircmaxell\/RandomLib\" target=\"_blank\" rel=\"nofollow noopener\">Check Git Here<\/a><\/p>\n<blockquote><p>This Is A New Updates for my happy lovers\u00a0\ud83d\ude09<\/p><\/blockquote>\n<h3><span id=\"What_is_OTP_Confirmationand_Why_OTP_Verification_Required\">What is OTP Confirmation\u00a0and Why OTP Verification Required:<\/span><\/h3>\n<p>So here is a question in my mind why OTP Verification is required, so after sending an OTP to user&#8217;s mobile number or email, you need to confirm user&#8217;s otp code. So you can save otp code to a table as a temporary value in database. And when user will input otp code, just try to confirm the orp code using mysql query. Instead of session you should verify user code from\u00a0database&#8217;s data.<\/p>\n<p>So here is the code to confirm otp using temporary data in database:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">$dbLink = new PDO('mysql:host=localhost;dbname=yourdbname', &quot;dbusername&quot;, &quot;dbuserpassword&quot;);\r\n\r\n$statement = $dbLink-&gt;prepare(&quot;SELECT n_otp_email from n_otp_table where n_otp_email = :otp_email and n_otp_code = :otp_code&quot;);\r\n$statement-&gt;execute(array(\r\n&quot;otp_email&quot; =&gt; &quot;$re_email&quot;,\r\n&quot;otp_code&quot; =&gt; &quot;$re_otp_code&quot;\r\n));\r\n$fetch = $statement-&gt;fetch();\r\nif($fetch[0]){\r\n$msg =&quot;Thanks To Verify Your OTP Code!&quot;;\r\n\r\n}<\/pre>\n<h3><span id=\"Integrate_Google_Authenticator_Using_PHP_8211Google_TOTP_2FA\"><strong>Integrate Google Authenticator Using PHP &#8211;\u00a0<\/strong>Google TOTP 2FA<strong>:\u00a0<\/strong><\/span><\/h3>\n<p>In this part of post we will learn How to implement \/ integrate Google TOTP 2FA to make secure your\u00a0OTP system. Google Authenticator is a (TOTP) Time Based One Time Password, It&#8217;s initialize with <a href=\"http:\/\/tools.ietf.org\/html\/rfc4648\" target=\"_blank\" rel=\"nofollow noopener\">RFC 4648<\/a>\u00a0encoded seed value. Now here is a library which was developed by phill and i wanna share it with you.<\/p>\n<p><strong>So here is\u00a0step by step guide for GOOGLE TOTP 2FA Implementation :<\/strong><\/p>\n<p>Create A file with name <strong>Google2FAClass.php<\/strong><\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">class Google2FA {\r\n\r\n\tconst keyRegeneration \t= 30;\t\/\/ Interval between key regeneration\r\n\tconst otpLength\t\t= 6;\t\/\/ Length of the Token generated\r\n\r\n\tprivate static $lut = array(\t\/\/ Lookup needed for Base32 encoding\r\n\t\t&quot;A&quot; =&gt; 0,\t&quot;B&quot; =&gt; 1,\r\n\t\t&quot;C&quot; =&gt; 2,\t&quot;D&quot; =&gt; 3,\r\n\t\t&quot;E&quot; =&gt; 4,\t&quot;F&quot; =&gt; 5,\r\n\t\t&quot;G&quot; =&gt; 6,\t&quot;H&quot; =&gt; 7,\r\n\t\t&quot;I&quot; =&gt; 8,\t&quot;J&quot; =&gt; 9,\r\n\t\t&quot;K&quot; =&gt; 10,\t&quot;L&quot; =&gt; 11,\r\n\t\t&quot;M&quot; =&gt; 12,\t&quot;N&quot; =&gt; 13,\r\n\t\t&quot;O&quot; =&gt; 14,\t&quot;P&quot; =&gt; 15,\r\n\t\t&quot;Q&quot; =&gt; 16,\t&quot;R&quot; =&gt; 17,\r\n\t\t&quot;S&quot; =&gt; 18,\t&quot;T&quot; =&gt; 19,\r\n\t\t&quot;U&quot; =&gt; 20,\t&quot;V&quot; =&gt; 21,\r\n\t\t&quot;W&quot; =&gt; 22,\t&quot;X&quot; =&gt; 23,\r\n\t\t&quot;Y&quot; =&gt; 24,\t&quot;Z&quot; =&gt; 25,\r\n\t\t&quot;2&quot; =&gt; 26,\t&quot;3&quot; =&gt; 27,\r\n\t\t&quot;4&quot; =&gt; 28,\t&quot;5&quot; =&gt; 29,\r\n\t\t&quot;6&quot; =&gt; 30,\t&quot;7&quot; =&gt; 31\r\n\t);\r\n\r\n\t\/**\r\n\t * Generates a 16 digit secret key in base32 format\r\n\t * @return string\r\n\t **\/\r\n\tpublic static function generate_secret_key($length = 16) {\r\n\t\t$b32 \t= &quot;234567QWERTYUIOPASDFGHJKLZXCVBNM&quot;;\r\n\t\t$s \t= &quot;&quot;;\r\n\r\n\t\tfor ($i = 0; $i &lt; $length; $i++)\r\n\t\t\t$s .= $b32[rand(0,31)];\r\n\r\n\t\treturn $s;\r\n\t}\r\n\r\n\t\/**\r\n\t * Returns the current Unix Timestamp devided by the keyRegeneration\r\n\t * period.\r\n\t * @return integer\r\n\t **\/\r\n\tpublic static function get_timestamp() {\r\n\t\treturn floor(microtime(true)\/self::keyRegeneration);\r\n\t}\r\n\r\n\t\/**\r\n\t * Decodes a base32 string into a binary string.\r\n\t **\/\r\n\tpublic static function base32_decode($b32) {\r\n\r\n\t\t$b32 \t= strtoupper($b32);\r\n\r\n\t\tif (!preg_match('\/^[ABCDEFGHIJKLMNOPQRSTUVWXYZ234567]+$\/', $b32, $match))\r\n\t\t\tthrow new Exception('Invalid characters in the base32 string.');\r\n\r\n\t\t$l \t= strlen($b32);\r\n\t\t$n\t= 0;\r\n\t\t$j\t= 0;\r\n\t\t$binary = &quot;&quot;;\r\n\r\n\t\tfor ($i = 0; $i &lt; $l; $i++) {\r\n\r\n\t\t\t$n = $n &lt;&lt; 5; \/\/ Move buffer left by 5 to make room $n = $n + self::$lut[$b32[$i]]; \/\/ Add value into buffer $j = $j + 5; \/\/ Keep track of number of bits in buffer if ($j &gt;= 8) {\r\n\t\t\t\t$j = $j - 8;\r\n\t\t\t\t$binary .= chr(($n &amp; (0xFF &lt;&lt; $j)) &gt;&gt; $j);\r\n\t\t\t}\r\n\t\t}\r\n\r\n\t\treturn $binary;\r\n\t}\r\n\r\n\t\/**\r\n\t * Takes the secret key and the timestamp and returns the one time\r\n\t * password.\r\n\t *\r\n\t * @param binary $key - Secret key in binary form.\r\n\t * @param integer $counter - Timestamp as returned by get_timestamp.\r\n\t * @return string\r\n\t **\/\r\n\tpublic static function oath_hotp($key, $counter)\r\n\t{\r\n\t    if (strlen($key) &lt; 8)\r\n\t\tthrow new Exception('Secret key is too short. Must be at least 16 base 32 characters');\r\n\r\n\t    $bin_counter = pack('N*', 0) . pack('N*', $counter);\t\t\/\/ Counter must be 64-bit int\r\n\t    $hash \t = hash_hmac ('sha1', $bin_counter, $key, true);\r\n\r\n\t    return str_pad(self::oath_truncate($hash), self::otpLength, '0', STR_PAD_LEFT);\r\n\t}\r\n\r\n\t\/**\r\n\t * Verifys a user inputted key against the current timestamp. Checks $window\r\n\t * keys either side of the timestamp.\r\n\t *\r\n\t * @param string $b32seed\r\n\t * @param string $key - User specified key\r\n\t * @param integer $window\r\n\t * @param boolean $useTimeStamp\r\n\t * @return boolean\r\n\t **\/\r\n\tpublic static function verify_key($b32seed, $key, $window = 4, $useTimeStamp = true) {\r\n\r\n\t\t$timeStamp = self::get_timestamp();\r\n\r\n\t\tif ($useTimeStamp !== true) $timeStamp = (int)$useTimeStamp;\r\n\r\n\t\t$binarySeed = self::base32_decode($b32seed);\r\n\r\n\t\tfor ($ts = $timeStamp - $window; $ts &lt;= $timeStamp + $window; $ts++)\r\n\t\t\tif (self::oath_hotp($binarySeed, $ts) == $key)\r\n\t\t\t\treturn true;\r\n\r\n\t\treturn false;\r\n\r\n\t}\r\n\r\n\t\/**\r\n\t * Extracts the OTP from the SHA1 hash.\r\n\t * @param binary $hash\r\n\t * @return integer\r\n\t **\/\r\n\tpublic static function oath_truncate($hash)\r\n\t{\r\n\t    $offset = ord($hash[19]) &amp; 0xf;\r\n\r\n\t    return (\r\n\t        ((ord($hash[$offset+0]) &amp; 0x7f) &lt;&lt; 24 ) |\r\n\t        ((ord($hash[$offset+1]) &amp; 0xff) &lt;&lt; 16 ) |\r\n\t        ((ord($hash[$offset+2]) &amp; 0xff) &lt;&lt; 8 ) |\r\n\t        (ord($hash[$offset+3]) &amp; 0xff)\r\n\t    ) % pow(10, self::otpLength);\r\n\t}\r\n\r\n\r\n\r\n}<\/pre>\n<p><strong>Step 2 :<\/strong> Create another file where you want to implement it , and on that file at the top include this file <strong>Google2FAClass.php<\/strong> and\u00a0Set The Initial Key for further use it should be unique for each project, It&#8217;s important key so make it private.<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\r\n$InitalizationKey = &quot;PEHMPSDNLXIOG65U&quot;;\r\n<\/pre>\n<p><strong>Step 3:\u00a0<\/strong>Get current time-stamp, it&#8217;s very useful to\u00a0generate one time tokens according to the current time-stamp.<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\r\n$TimeStamp\t  = Google2FA::get_timestamp();\r\n<\/pre>\n<p><strong>Step 4:\u00a0<\/strong>Decode into binary<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\r\n$secretkey \t  = Google2FA::base32_decode($InitalizationKey);\r\n<\/pre>\n<p><strong>Step 5:\u00a0<\/strong>Get OTP \/ Current Token<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\r\n$otp = Google2FA::oath_hotp($secretkey, $TimeStamp);\r\n<\/pre>\n<p><strong>Step 6: <\/strong>Verify Current Token ,\u00a0Use this code to verify a key as it allows for some time drift.<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\r\n$result = Google2FA::verify_key($InitalizationKey, &quot;123456&quot;);\r\n<\/pre>\n<h3><span id=\"Save_OTP_To_Database_as_Temporary_Value_Data\">Save OTP To Database as Temporary Value \/ Data<\/span><\/h3>\n<p>Now we have OTP Pin Code, It&#8217;s time to save this code over our database. If you have an wordpress site and you are using this api for any user authentication or user session \/ transaction management you can save it with :<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">update_user_meta($user_ID, 'otp_payment','$otp_code'); \/\/ For wordpress user's OTP management\r\n\r\n$query = mysql_query(&quot;UPDATE otp_table SET otp_code='&quot;.$otp_code.&quot;' WHERE user_id= '$user_ID' &quot;);\/\/ For PHP USER's OTP MANAGEMENT\r\n\r\n<\/pre>\n<h3><span id=\"Send_OTP_to_Users_Using_Email\"><strong>Send OTP to Users Using Email<\/strong><\/span><\/h3>\n<p>After creating otp pin code and saving it to database it&#8217;s time to notify your customer \/ website user. So send email to their email id by using below code:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">$customer_email = &quot;customer_name@example.com&quot;;\r\n\r\n$emailSubject = &quot;Hello, We received an Authentication Request.&quot;\r\n\r\n$emailContent = &quot;Thanks to request an OTP, Your OTP Code for this transaction is $otp_code&quot;;\r\nmail($customer_email ,$emailSubject ,$emailContent); \/\/ Using mail() Function to send otp pin via email<\/pre>\n<h3><span id=\"SMS_Api_Integration_to_Send_OTPto_Users_Mobile\">SMS Api Integration to Send OTP\u00a0to Users Mobile<\/span><\/h3>\n<p>Here we read how to create otp pin and then we saved that otp pin to database, now it&#8217;s time to send otp code via SMS to user&#8217;s mobile no. To send otp code via mobile we have to integrate sms api first, so below you can see &#8220;<strong>How to Integrate SMS Api Using PHP<\/strong>&#8220;:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">function sendSMS($mobile=null, $subject=null)\r\n{\r\n$SMSapiKey = 'XYZ';\r\n$url = 'http:\/\/example.com\/api_2.0\/SendSMS.php?APIKEY='.$SMSapiKey.'&amp;MobileNo='.urlencode($mobile).'&amp;SenderID=SAMPLE_MSG&amp;Message='.urlencode($subject).'&amp;ServiceName=TEMPLATE_BASED';\r\n$ch = curl_init();\r\ncurl_setopt($ch, CURLOPT_URL, $url);\r\ncurl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\r\n$returndata = curl_exec($ch);\r\ncurl_close($ch);\r\nreturn &quot;A SMS SENT SUCCESSFULLY TO $mobile&quot;;\r\n}\r\n<\/pre>\n<p>You have to call this function\u00a0sendSMS(), to send SMS using php code. You can easily send an otp code to user\/customers via this function, but\u00a0you must have an working sms api with a bulk sms service. You can change $url variable with your sms provider&#8217;s api url.<\/p>\n<p>Now here is an example how can you use this function :<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">sendSMS(123456789, &quot;Hello, Your OTP (One Time Password) for this transaction is $otp_code&quot;);<\/pre>\n<p>So here you can use this whole code to create a best otp system in your website.<\/p>\n<h3><span id=\"Conclusion_and_Final_Code\">Conclusion and Final Code:<\/span><\/h3>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\/\/OTP SYSTEM CODE\r\n\r\nfunction sendSMS($mobile=null, $subject=null)\r\n{\r\n$SMSapiKey = 'XYZ';\r\n$url = 'http:\/\/example.com\/api_2.0\/SendSMS.php?APIKEY='.$SMSapiKey.'&amp;MobileNo='.urlencode($mobile).'&amp;SenderID=SAMPLE_MSG&amp;Message='.urlencode($subject).'&amp;ServiceName=TEMPLATE_BASED';\r\n$ch = curl_init();\r\ncurl_setopt($ch, CURLOPT_URL, $url);\r\ncurl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\r\n$returndata = curl_exec($ch);\r\ncurl_close($ch);\r\nreturn &quot;A SMS SENT SUCCESSFULLY TO $mobile&quot;;\r\n}\r\n$otp_code = strtoupper(bin2hex(openssl_random_pseudo_bytes(3)));  \/\/ A smart code to generate OTP PIN.\r\n\r\n\/\/update_user_meta($user_ID, 'otp_payment','$otp_code'); \/\/ For wordpress user's OTP management\r\n$query = mysql_query(&quot;UPDATE otp_table SET otp_code='&quot;.$otp_code.&quot;' WHERE user_id= '$user_ID' &quot;);\/\/ For PHP USER's OTP MANAGEMENT\r\n\r\n$otp_query_fetch = mysql_query($query);\r\n\r\n\/\/Send OTP Via Email\r\n\r\n$customer_email = &quot;customer_name@example.com&quot;;\r\n\r\n$emailSubject = &quot;Hello, We received an Authentication Request.&quot;\r\n\r\n$emailContent = &quot;Thanks to request an OTP, Your OTP Code for this transaction is $otp_code&quot;;\r\nmail($customer_email ,$emailSubject ,$emailContent); \/\/ Using mail() Function to send otp pin via email\r\n\r\n\/\/ Send OTP Via SMS\r\n\r\nsendSMS(123456789, &quot;Hello, Your OTP (One Time Password) for this transaction is $otp_code&quot;);\r\n\r\necho &quot;An OTP has been sent to your mobile and email.&quot;;<\/pre>\n<p style=\"background: #fff494;\">In this entire article we have learned about <strong>how to make otp in php<\/strong> since last 1 year lot&#8217;s of users tried my code to create their awesome and secured one time password system. But as i told you guys to very soon i will be back with plugins for otp code development so before working on production of this new product i want your suggestion. Please keep in mind your suggestion is too much important for me here. I love to support for further and want your awesome feedback on this entire content.<\/p>\n<p>So as we studied here how we can create an OTP System using php by just few simple steps, generate otp pin, save otp as a temporary data in database and send it to user via sms or email. So here it was a simple way to make an otp system by php. Hope you liked this post and it was helpful for you, so if you really liked\u00a0this post , so don&#8217;t forget to share it with your friends over facebook, google+ and your website. Here you can see demo of <strong>otp login system using php<\/strong>. As I shared a basic code apart from Google TOTP 2FA implementation, is a basic program, don&#8217;t use it for production, use it on your own risk, because it&#8217;s just a basic otp system, you can use it with Google 2FA implementation just replace $otp_code with Google TOTP 2FA&#8217;s token\u00a0value.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Create OTP System In PHP with Simple Mobile\u00a0SMS Integration:\u00a0Today I am here to introduce you to OTP system and how to make OTP (One Time [&hellip;] <span class=\"read-more-link\"><a class=\"read-more\" href=\"https:\/\/infotheme.net\/blog\/make-otp-system-in-php\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":787,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[135,138,132],"tags":[136,137],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/posts\/200"}],"collection":[{"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/comments?post=200"}],"version-history":[{"count":8,"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/posts\/200\/revisions"}],"predecessor-version":[{"id":747,"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/posts\/200\/revisions\/747"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/media\/787"}],"wp:attachment":[{"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/media?parent=200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/categories?post=200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infotheme.net\/blog\/wp-json\/wp\/v2\/tags?post=200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}