payfrit/payfrit-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
payfrit-api/api/auth/verifyLoginOTP.php
John Mizerek 1f81d98c52 Initial PHP API migration from CFML 
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3.
Shared helpers in api/helpers.php (DB, auth, request/response, security).
PDO prepared statements throughout. Same JSON response shapes as CFML.
2026-03-14 14:26:59 -07:00

49 lines
1.3 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/../helpers.php';
runAuth();
/*
Verify OTP for LOGIN (existing verified accounts only)
POST: { "uuid": "...", "otp": "123456" }
Returns: { OK: true, UserID: 123, Token: "...", FirstName: "..." }
*/
$data = readJsonBody();
$userUUID = trim($data['uuid'] ?? '');
$otp = trim($data['otp'] ?? '');
if (empty($userUUID) || empty($otp)) {
apiAbort(['OK' => false, 'ERROR' => 'missing_fields', 'MESSAGE' => 'UUID and OTP are required']);
}
$user = queryOne(
"SELECT ID, FirstName, LastName, MobileVerifyCode
FROM Users
WHERE UUID = ? AND IsContactVerified = 1
LIMIT 1",
[$userUUID]
);
if (!$user) {
apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Session expired. Please request a new code.']);
}
if ((string) $user['MobileVerifyCode'] !== (string) $otp) {
apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid code. Please try again.']);
}
// Clear OTP (one-time use)
queryTimed("UPDATE Users SET MobileVerifyCode = '' WHERE ID = ?", [$user['ID']]);
$token = generateSecureToken();
queryTimed(
"INSERT INTO UserTokens (UserID, Token) VALUES (?, ?)",
[$user['ID'], $token]
);
jsonResponse([
'OK' => true,
'UserID' => (int) $user['ID'],
'Token' => $token,
'FirstName' => $user['FirstName'] ?? '',
]);
Reference in a new issue View git blame Copy permalink