Core Boxx – One Time Password Module

This is a simple one-time password module for Core Boxx – With a predefined reactions table, library, and API. Simply plug this one into Core Boxx to add a new security measure.

 

TABLE OF CONTENTS

Download & Notes Quick Reference

 

 

DOWNLOAD & NOTES

First, here are the download links and a quick “setup guide” for the impatient folks who don’t have the patience to read through everything.

 

DOWNLOAD LINKS

Download Core Boxx OTP Module | GitHubSource Forge

 

LICENSE

Core Boxx is released under the MIT License. You are free to use it for your own personal and commercial projects, modify it as you see fit. On the condition that there the software is provided “as-is”. There are no warranties provided and “no strings attached”. Code Boxx and the authors are not liable for any claims, damages, or liabilities.

 

 

INSTALLATION & REQUIREMENTS

 

MORE DEVELOPMENT NOTES

  • There are 2 demo pages to get you started – otp-demo-send.php and otp-demo-challenge.php. Remember to delete these afterward or modify them to use in your own project.
  • But wait, there’s more. Open LIB-OTP.php and do a search for @TODO, there are plenty of blanks and decisions you need to make.

 

QUICK REFERENCE

This section is a quick walkthrough of the general module structures.

 

ONE TIME PASSWORD TABLE

Field Description
user_email Primary key. The user that requested the OTP.
otp_pass The one-time password.
otp_timestamp Time at which the OTP request is made.
otp_tries A number of times the user has entered the wrong OTP.

 

OTP LIBRARY FUNCTIONS

generate($email)

Generates OTP and sends it to the user via email.

echo $_CORE->OTP->generate("jon@doe.com");
 ? "OTP sent to email" : $_CORE->error;
challenge($email, $pass)

Verifies the given OTP.

if ($_CORE->OTP->challenge("jon@doe.com", "123456") {
  // PROCEED TO DO YOUR SECURE STUFF
} else { echo $_CORE->error; }

 

 

OTP API FUNCTIONS

Accessible at http://yoursite.com/api/otp/REQUEST/. These are pretty much a replica of the above library functions, except in REST API format. Feel free to delete api/API-otp.php if you don’t intend to integrate an API.

api/otp/generate/

Verifies the given OTP.

Generate OTP and send it to the user via email.

  • $_POST['email'] – String, the user email.
api/otp/challenge/

Challenge OTP.

  • $_POST['email'] – String, the user email.
  • $_POST['pass'] – String, OTP.

Leave a Comment

Your email address will not be published. Required fields are marked *