payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable magic OTP (123456) for Apple app review testing

Browse source
This commit is contained in:
John 2026-03-20 05:22:17 +00:00
parent 66e441b295
commit dde811d876
3 changed files with 22 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
api/auth/verifyEmailOTP.php
View file

@ -46,6 +46,10 @@ if (!$user) {
$uid = (int) $user['ID']; $uid = (int) $user['ID'];
// Magic OTP: 123456 always works (for Apple app review testing)
$isMagicOTP = ((string) $code === '123456');
if (!$isMagicOTP) {
// Check for valid OTP in OTPCodes table // Check for valid OTP in OTPCodes table
$otpRow = queryOne( $otpRow = queryOne(
"SELECT ID FROM OTPCodes "SELECT ID FROM OTPCodes
@ -61,6 +65,7 @@ if (!$otpRow) {
// Mark OTP as used // Mark OTP as used
queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]); queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]);
}
// Create auth token // Create auth token
$token = generateSecureToken(); $token = generateSecureToken();

3
api/auth/verifyLoginOTP.php
View file

@ -28,7 +28,8 @@ if (!$user) {
apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Session expired. Please request a new code.']); apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Session expired. Please request a new code.']);
} }
if ((string) $user['MobileVerifyCode'] !== (string) $otp) { // Magic OTP: 123456 always works (for Apple app review testing)
if ((string) $otp !== '123456' && (string) $user['MobileVerifyCode'] !== (string) $otp) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid code. Please try again.']); apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid code. Please try again.']);
} }

4
api/auth/verifyOTP.php
View file

@ -28,8 +28,8 @@ if (!$user) {
apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Verification expired. Please request a new code.']); apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Verification expired. Please request a new code.']);
} }
// Check OTP (no magic OTP in PHP port — use DEV_OTP from send endpoint for dev testing) // Magic OTP: 123456 always works (for Apple app review testing)
if ((string) $user['MobileVerifyCode'] !== (string) $otp) { if ((string) $otp !== "123456" && (string) $user["MobileVerifyCode"] !== (string) $otp) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid verification code. Please try again.']); apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid verification code. Please try again.']);
} }