Hamza/flash-call-otp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deploy: 2026-05-23 18:23:34

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-23 18:23:34 +03:00
parent ffe04146f5
commit 354e60a99e
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/api/request-otp.php
View File

@@ -97,8 +97,8 @@ if (!$rateLimit->checkIp($clientIp, 'request-otp', 30, 60)) {
exit;
}
// Generate 3-digit OTP (cryptographically secure)
$otpCode = str_pad((string) random_int(0, 999), 3, '0', STR_PAD_LEFT);
// Generate 3-digit OTP (cryptographically secure, always between 100 and 999)
$otpCode = (string) random_int(100, 999);
// Determine delivery method
$method = 'flash_call'; // Default fallback

4
backend/api/verify-otp.php
View File

@@ -57,8 +57,8 @@ if (!preg_match('/^\+[1-9]\d{6,14}$/', $phone)) {
exit;
}
// Validate OTP format (4 digits)
if (!preg_match('/^\d{4}$/', $otp)) {
// Validate OTP format (3 or 4 digits)
if (!preg_match('/^\d{3,4}$/', $otp)) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'invalid_otp_format']);
RequestLogger::log('verify-otp', 'POST', $input, 400, 'invalid_otp_format');