payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable magic OTP (123456) for Apple app review testing

Browse source
This commit is contained in:
John 2026-03-20 05:22:17 +00:00
parent 66e441b295
commit dde811d876
3 changed files with 22 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
api/auth/verifyEmailOTP.php
View file

@ -46,22 +46,27 @@ if (!$user) {
$uid = (int) $user['ID']; $uid = (int) $user['ID'];
// Check for valid OTP in OTPCodes table // Magic OTP: 123456 always works (for Apple app review testing)
$otpRow = queryOne( $isMagicOTP = ((string) $code === '123456');
"SELECT ID FROM OTPCodes
WHERE UserID = ? AND Code = ? AND ExpiresAt > NOW() AND UsedAt IS NULL
ORDER BY CreatedAt DESC
LIMIT 1",
[$uid, $code]
);
if (!$otpRow) { if (!$isMagicOTP) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_code', 'MESSAGE' => 'Invalid or expired code']); // Check for valid OTP in OTPCodes table
$otpRow = queryOne(
"SELECT ID FROM OTPCodes
WHERE UserID = ? AND Code = ? AND ExpiresAt > NOW() AND UsedAt IS NULL
ORDER BY CreatedAt DESC
LIMIT 1",
[$uid, $code]
);
if (!$otpRow) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_code', 'MESSAGE' => 'Invalid or expired code']);
}
// Mark OTP as used
queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]);
} }
// Mark OTP as used
queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]);
// Create auth token // Create auth token
$token = generateSecureToken(); $token = generateSecureToken();
queryTimed( queryTimed(

3
api/auth/verifyLoginOTP.php
View file

@ -28,7 +28,8 @@ if (!$user) {
apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Session expired. Please request a new code.']); apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Session expired. Please request a new code.']);
} }
if ((string) $user['MobileVerifyCode'] !== (string) $otp) { // Magic OTP: 123456 always works (for Apple app review testing)
if ((string) $otp !== '123456' && (string) $user['MobileVerifyCode'] !== (string) $otp) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid code. Please try again.']); apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid code. Please try again.']);
} }

4
api/auth/verifyOTP.php
View file

@ -28,8 +28,8 @@ if (!$user) {
apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Verification expired. Please request a new code.']); apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Verification expired. Please request a new code.']);
} }
// Check OTP (no magic OTP in PHP port — use DEV_OTP from send endpoint for dev testing) // Magic OTP: 123456 always works (for Apple app review testing)
if ((string) $user['MobileVerifyCode'] !== (string) $otp) { if ((string) $otp !== "123456" && (string) $user["MobileVerifyCode"] !== (string) $otp) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid verification code. Please try again.']); apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid verification code. Please try again.']);
} }