Answer the question
In order to leave comments, you need to log in
User authorization by phone number and SMS code?
Good afternoon
Task:
Make authorization by phone number without a password, that is, the user enters a password, a code is sent to his phone, if the code is correct, then we authorize him in the system, if not, then the error
is currently implemented like this, but is it right?
public function login(Request $request)
{
$sms = SmsCode::where('code', '=', $request->code)->where('is_check', '=', 0)->first();
if (!$sms) return response()->json(['error' => false, 'message' => 'Неверный код']);
$user = User::where('phone', '=', $sms->phone)->first();
if (empty($user)) {
if (!$sms) return response()->json(['error' => false, 'message' => 'Пользователь отсутствует']);
}
if(! $token = Auth::login($user)){
return response()->json(['error' => 'Unauthorized'], 401);
}
$sms->is_check = 1;
$sms->updated_at = Carbon::now();
$sms->save();
return $this->createNewToken($token);
}
Answer the question
In order to leave comments, you need to log in
Such things are usually done through Middleware. There is also an example verified.
1. A person in the first registration form enters only his name and phone number
2. The controller checks if such a phone number is in the database, if not, then move on
3. We generate a 6-digit code to confirm the phone, send an SMS to the phone via a third-party API , and also save this code to the user's session.
4. At the front, we show him the following screen, i.e. confirmation code entry form.
5. A person enters the code, he is registered (then all actions are clear
Create a LoginRequest to prescribe the specified sms and user checks (custom rule, exists depends on logic) and messages .
Why is this needed
if(! $token = Auth::login($user)){
return response()->json(['error' => 'Unauthorized'], 401);
}
There is a bomb option, but it requires a little skill, I did a firebase phone login on several sites
. They have an SDK for PHP, as well as a ready-made implementation on the front. All you need to do is to authenticate on the front by phone, then a token arrives from firebase, send the token to the back, using the PHP SDK from the back you send a request to get a user by token, the user and his phone come back, look for the user in the database by number and log it in. As a bonus, you get 10 thousand free entries per month to all numbers and another 10 thousand to numbers from the USA
That is, save 20-30 thousand per month on SMS
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question