payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable magic OTP (123456) for Apple app review testing

Browse source
This commit is contained in:
John 2026-03-20 05:22:17 +00:00
parent 66e441b295
commit dde811d876
3 changed files with 22 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
api/auth/verifyEmailOTP.php
View file

@ -46,21 +46,26 @@ if (!$user) {
$uid = (int) $user['ID'];
// Check for valid OTP in OTPCodes table
$otpRow = queryOne(
// Magic OTP: 123456 always works (for Apple app review testing)
$isMagicOTP = ((string) $code === '123456');
if (!$isMagicOTP) {
// Check for valid OTP in OTPCodes table
$otpRow = queryOne(
"SELECT ID FROM OTPCodes
WHERE UserID = ? AND Code = ? AND ExpiresAt > NOW() AND UsedAt IS NULL
ORDER BY CreatedAt DESC
LIMIT 1",
[$uid, $code]
);
);
if (!$otpRow) {
if (!$otpRow) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_code', 'MESSAGE' => 'Invalid or expired code']);
}
}
// Mark OTP as used
queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]);
// Mark OTP as used
queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]);
}
// Create auth token
$token = generateSecureToken();

3
api/auth/verifyLoginOTP.php
View file

@ -28,7 +28,8 @@ if (!$user) {
apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Session expired. Please request a new code.']);
}
if ((string) $user['MobileVerifyCode'] !== (string) $otp) {
// Magic OTP: 123456 always works (for Apple app review testing)
if ((string) $otp !== '123456' && (string) $user['MobileVerifyCode'] !== (string) $otp) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid code. Please try again.']);
}

4
api/auth/verifyOTP.php
View file

@ -28,8 +28,8 @@ if (!$user) {
apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Verification expired. Please request a new code.']);
}
// Check OTP (no magic OTP in PHP port — use DEV_OTP from send endpoint for dev testing)
if ((string) $user['MobileVerifyCode'] !== (string) $otp) {
// Magic OTP: 123456 always works (for Apple app review testing)
if ((string) $otp !== "123456" && (string) $user["MobileVerifyCode"] !== (string) $otp) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid verification code. Please try again.']);
}