- Fields of applications
- Prerequisites for this solution
- System architecture
- How to implement PHP OTP SMS solution
- Conclusion for PHP OTP SMS solution
- How to Implement OTP based Login in PHP
- Make Default Avatar In PHP After User Registration
- PHP Resend Email Verification Mail with OTP Number
- DynaPass is a one-time password solution that is easy to use, easy to implement, and easy to manage.
Fields of applications
If you wish to setup a secure and well-functioning system then you need to pay attention to the accessibility of your corporate data. Passwords are widely used to protect important data both in everyday and in business life. Though several problems can occur with these passwords. Employees write them down, lose them, forget them or send them in email. In such inconvenient cases, passwords are no longer able to function as security items. On the other hand, if you apply long and difficult passwords then nobody will be able to remember them. There is the same case if you change corporate passwords too often. All in all, static passwords are not able to provide high level security.
The solution is if you add SMS functionality to your corporate IT system with a powerful SMS gateway such as Ozeki NG SMS Gateway. With this SMS functionality you can introduce one-time passwords. These one-time passwords are sent to the mobile phones of users as SMS messages. So if authenticated users wish to login they need to provide this sent password. This effective method makes two-factor authentication possible. Two factor authentication means, that a user types in his password, then he receives an SMS text message to his mobile phone with a one-time security code and he needs to enter it to complete the authentication. This solution makes your IT system secure as users can enter the system only with the use of these one-time passwords. The life time of these passwords are quite short and if they are not used for some reason then they expire automatically. With this functionality you can ensure that no unauthorized person get access to your corporate data.
Prerequisites for this solution
To implement this solution, you need to connect your system to the mobile network. For this purpose you can use Internet connection or a GSM phone/GSM modem attached to your computer (this way you will have a wireless connection). The following webpage gives you all the information to decide which solution suits your requirements best: Internet based SMS connections vs. GSM modem based (wireless) SMS connections. You need the following prerequisites, depending on your choice.
Internet based connection:
For connecting your system over the Internet to an SMS service provider, you need the follows:
Figure 1/a - Prerequisites for Ozeki NG SMS Gateway IP SMS connection
First of all, you need a service provider, who can reach the mobile phones in your area and enables you to connect to their SMSC through the Internet. The following website lists some of them: SMPP SMS Service providers. After you have chosen a service provider, you need to sign up for their service. This will you will get connection parameters that can be used to configure your Ozeki NG SMS Gateway software.
GSM modem connection:
For a wireless connection, you need a suitable GSM phone/GSM modem that can be attached to your computer with a data cable. This way, Ozeki NG SMS Gateway software will send and receive the SMS messages wirelessly, using the GSM modem. To create this connection, you need the following prerequisites:
Figure 1/b - Prerequisites for Ozeki NG SMS Gateway GSM modem connection
Please make sure you have the following items to create a GSM modem connection:
* The cost of an SMS message is determined by the price plan you have chosen when you have purchased the SIM card from your GSM mobile network operator.
If you meet the above mentioned system requirements, you can start to setup your SMS system to send one-time passwords. It will work as follows: First you need to log into your PHP site with a username and password. After this login the PHP script sends your one-time password to the phone number that is assigned to your username through Ozeki NG SMS Gateway. A site will appear with a form in which you need to type in the sent one-time password. If you provide your password properly, you can enter the protected site. The SMS gateway forwards the one-time password to the mobile network with the help of a GSM modem attached to the computer or it connects directly to the SMS center of the mobile service provider. You can examine how to send one-time passwords with Ozeki NG SMS Gateway in Figure 1.
Figure 2 - Ozeki NG SMS Gateway - solution for how to send One-Time Passwords via PHP
Please note that it is more secure to send the one time passwords using a GSM modem through the airwaves to the recipient, than through an Internet based SMS service provider account, because it is significantly harder to intercept an SMS message traveling through the air, than it is to intercept internet traffic.
How to implement PHP OTP SMS solution
To send one-time passwords via PHP with Ozeki NG SMS Gateway, you need to do the follows. First download the PHP source code. Save it into your webserver and after you save it, you can use a browser (Internet Explorer or Firefox) to open it. A form will appear in which you need to provide your username and password. After the login a one-time password will be generated and sent to you. An other site is opened and here you need to provide the sent password.
Download: PHP-One-Time-Password-example.zip (3 Kb) (Source code included)
After you have provided your received one-time password, you will be redirected to the protected content with the help of the include () function. The following PHP code shows the protected PHP content.
Conclusion for PHP OTP SMS solution
To summarize the above mentioned, it is the best solution if you use Ozeki NG SMS Gateway to send one-time passwords from PHP. This functionality is based on two factor authentication which makes it possible to setup a high secure IT environment. Due to SMS technology, your one-time passwords are sent as SMS messages to further increase security as only the intended people will receive them. In this way no unauthorized person gain access to corporate data. You can still improve reliability and security of this SMS system if you apply a GSM modem attached to the computer with a data cable. This GSM modem connectivity is more secure than sending SMS messages over the Internet. If you decide to implement this solution you will get a stable, reliable and effective authentication system with the highest quality.
- If you have not downloaded Ozeki NG SMS Gateway, you can do it now if you go to our product pages.
- If you wish to learn more about connection possibilities, please go to GSM modem vs IP SMS connection page
- Please find how to benefit from implementing SMS solutions in your business on SMS solutions for businesses page
- Feature list of Ozeki NG SMS Gateway
- User Guide for Ozeki NG SMS Gateway
- Product manual
How to Implement OTP based Login in PHP
In this PHP Registration with email verification using OTP method tutorial, here we have add one more feature like Login using OTP. In this section you can get the solution of Login into system using OTP. We all know OTP means one time password and this OTP number will be generated randomly by using PHP function and that randomly generated OTP number will be stored in Mysql database. So when you have login into system then that OTP number will be expired.
Now we have describe you, how to Login using OTP works. So, when you have login into system, then first you have to enter your login credentials like email address and password details. Then If you have enter right login information then at backend it will generated OTP number and that OTP number will be send to your registered email address. So you have to go to your email address inbox and copy that OTP number and enter into system. Once you have enter valid OTP number then system will validate and you can login into system and that OTP number has been expired. So, in this tutorial, we will OTP based Login system in PHP and below you can find the source code of it.
Make Default Avatar In PHP After User Registration
In this PHP Login Registration tutorial, we have add one more feature like create register user dynamic initial avatar once user has complete their registration process. This type of initial avatar or profile image we can see, when we have create account in Google, then after login into Google account then we can see our name first character image in place of profile image. So when we have register into Google system then it has by default create our initial avatar by using our name first character. We can change that avatar or profile image later by uploading image. So, this type of creating initial avatar from register user name feature we have made in this Login Registration tutorial by using PHP script.
PHP Resend Email Verification Mail with OTP Number
In this PHP Login Registration system, we have add one more feature like How can we resend email with OTP number for email verification process. For some reason, If User have completed their registration process but user has not received verification email with OTP number. Then at that time how user can verify their email address and again they cannot register into system, this is because user email address has been inserted in our system. So for overcome this problem, we have add this resend email verification email with OTP number by using PHP script. In this feature, User has to enter his or her register email which is not verified yet, then User has to enter that email address and User can again received email verification email with OTP Number.
DynaPass is a one-time password solution that is easy to use, easy to implement, and easy to manage.
A One-time password (OTP) is a password that is only valid for one time use. One-time password systems can significantly reduce the risk of unauthorized users accessing restricted resources and are recognized as a stronger solution than a traditional static password. One time passwords are much more secure than traditional passwords because traditional static passwords can be easily guessed, forgotten and are more susceptible to fraud attacks. Unlike static passwords, one time password systems aren't susceptible to reply attacks because once a one-time password is used, it is no longer valid. One time passwords can either be sent to users via SMS text message or email and they can also be self generated using a physical or soft token.
DynaPass is the leading one time password token solution utilizing an out-of-band authentication method for identity protection. One time passwords are increasingly used in two factor authentication systems to improve system security as institutions have recognized that static username logins and passwords are not sufficient to protect against unauthorized access.
DynaPass offers a two factor authentication out of band method while generating a one-time password which can be utilized to prevent unauthorized access to restricted resources such as online bank accounts and electronic health records. One time passwords that are incorporated in two factor authentication systems can be very effective at reducing phishing attacks, malware, viruses and unauthorized access.
DynaPass provides strong two factor authentication which combines something you know (login credentials) and something you have (mobile phone) to verify a user's identity.