Core Boxx – One Time Password Module

INTRODUCTION

This is a simple one-time password module for Core Boxx – With a predefined reactions table, library, and API. Plug this one into Core Boxx if you need more security measures.

 

LICENSE & DOWNLOAD

Core Boxx is released under the MIT License. You are free to use it for personal and commercial projects, and modify it as you see fit. On the condition that the software is provided “as-is”. There are no warranties provided and “no strings attached”. Code Boxx and the authors are not liable for any claims, damages, or liabilities.

Download Core Boxx OTP Module | GitHubSource Forge

 

INSTALLATION & REQUIREMENTS

  • The user module must be installed first.
  • Import lib/SQL-Otp.sql into your database.

 

FILES LIST

  • lib/LIB-Otp.php The OTP library.
  • lib/API-otp.php OTP API endpoint.
  • pages/MAIL-otp.php The OTP email template.
  • pages/PAGE-otp-one.php “Step 1” of the OTP process, request for an OTP.
  • pages/PAGE-otp-two.php “Step 2” of the OTP process, enter the OTP for verification.

 

 

OTP REFERENCE

OTP TABLE

Field Description
user_email Primary key. The user that requested the OTP.
otp_pass The one-time password.
otp_timestamp Time at which the OTP request is made.
otp_tries A number of times the user has entered the wrong OTP.

 

OTP LIBRARY FUNCTIONS

generate($email)

Generates OTP and sends it to the user via email.

echo $_CORE->OTP->generate("jon@doe.com");
 ? "OTP sent to email" : $_CORE->error;
challenge($email, $pass)

Verifies the given OTP.

if ($_CORE->OTP->challenge("jon@doe.com", "123456") {
  // PROCEED TO DO YOUR SECURE STUFF
} else { echo $_CORE->error; }

 

OTP API FUNCTIONS

Accessible at http://yoursite.com/api/otp/REQUEST/. These are pretty much a replica of the above library functions, except in REST API format. Feel free to delete api/API-otp.php if you don’t intend to integrate an API.

api/otp/generate/

Verifies the given OTP.

Generate OTP and send it to the user via email.

  • $_POST["email"] – String, the user email.
api/otp/challenge/

Challenge OTP.

  • $_POST["email"] – String, the user email.
  • $_POST["pass"] – String, OTP.

 

Leave a Comment

Your email address will not be published.