payfrit-api/api/auth/sendOTP.php

<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

/*
  Unified OTP: Send OTP to any phone number (login or signup)
  POST: { "phone": "5551234567" }
  Returns: { OK: true, UUID: "..." }
*/

$data = readJsonBody();
$phone = normalizePhone($data['phone'] ?? '');

if (strlen($phone) !== 10) {
    apiAbort(['OK' => false, 'ERROR' => 'invalid_phone', 'MESSAGE' => 'Please enter a valid 10-digit phone number']);
}

$otp = random_int(100000, 999999);

$existing = queryOne(
    "SELECT ID, UUID, FirstName, IsContactVerified, IsActive
     FROM Users
     WHERE ContactNumber = ?
     LIMIT 1",
    [$phone]
);

$userUUID = '';

if ($existing) {
    $userUUID = $existing['UUID'] ?? '';
    if (empty(trim($userUUID))) {
        $userUUID = str_replace('-', '', generateUUID());
    }
    queryTimed(
        "UPDATE Users SET MobileVerifyCode = ?, UUID = ? WHERE ID = ?",
        [$otp, $userUUID, $existing['ID']]
    );
} else {
    $userUUID = str_replace('-', '', generateUUID());
    queryTimed(
        "INSERT INTO Users (ContactNumber, UUID, MobileVerifyCode, IsContactVerified, IsEmailVerified, IsActive, AddedOn, Password, PromoCode)
         VALUES (?, ?, ?, 0, 0, 0, ?, '', ?)",
        [$phone, $userUUID, $otp, gmdate('Y-m-d H:i:s'), (string) random_int(1000000, 9999999)]
    );
}

// Send OTP via Twilio (skip on dev)
$dev = isDev();
$smsResult = sendSMS("+1{$phone}", "Your Payfrit code is: {$otp}");
$smsMessage = $smsResult['success'] ? 'Code sent' : ('SMS failed - ' . $smsResult['message']);

$resp = [
    'OK'      => true,
    'UUID'    => $userUUID,
    'MESSAGE' => $smsMessage,
];
if ($dev) {
    $resp['DEV_OTP'] = $otp;
}
jsonResponse($resp);