Core Boxx – One Time Password Module

This is a simple one-time password module for Core Boxx – With a predefined reactions table, library, and API. Simply plug this one into Core Boxx to add a new security measure.

 

TABLE OF CONTENTS

Download & Notes Quick Reference

 

 

DOWNLOAD & NOTES

First, here are the download links and a quick “setup guide” for the impatient folks who don’t want to read through everything.

 

LICENSE & DOWNLOAD

Core Boxx is released under the MIT License. You are free to use it for personal and commercial projects, modify as you see fit. On the condition that the software is provided “as-is”. There are no warranties provided and “no strings attached”. Code Boxx and the authors are not liable for any claims, damages, or liabilities.

Download Core Boxx OTP Module | GitHubSource Forge

 

INSTALLATION & REQUIREMENTS

 

 

QUICK REFERENCE

Let us now do a quick walkthrough of the OTP module.

 

ONE TIME PASSWORD TABLE

Field Description
user_email Primary key. The user that requested the OTP.
otp_pass The one-time password.
otp_timestamp Time at which the OTP request is made.
otp_tries A number of times the user has entered the wrong OTP.

 

OTP LIBRARY FUNCTIONS

generate($email)

Generates OTP and sends it to the user via email.

echo $_CORE->OTP->generate("jon@doe.com");
 ? "OTP sent to email" : $_CORE->error;
challenge($email, $pass)

Verifies the given OTP.

if ($_CORE->OTP->challenge("jon@doe.com", "123456") {
  // PROCEED TO DO YOUR SECURE STUFF
} else { echo $_CORE->error; }

 

 

OTP API FUNCTIONS

Accessible at http://yoursite.com/api/otp/REQUEST/. These are pretty much a replica of the above library functions, except in REST API format. Feel free to delete api/API-otp.php if you don’t intend to integrate an API.

api/otp/generate/

Verifies the given OTP.

Generate OTP and send it to the user via email.

  • $_POST["email"] – String, the user email.
api/otp/challenge/

Challenge OTP.

  • $_POST["email"] – String, the user email.
  • $_POST["pass"] – String, OTP.

 

QUICK DEVELOPMENT NOTES

  • There are 2 demo pages in this module –
    • PAGE-otp-one.php Step 1, generates and sends an OTP to the user’s email.
    • PAGE-otp-two.php Step 2, where the user enters the OTP for verification.
  • Please edit LIB-OTP.php – Set the email templates to your own, and also what happens when the user receives too many strikes.

Leave a Comment

Your email address will not be published. Required fields are marked *