From 5b1e253ebad943c6b6fea5f1515ff1d79edc00e0 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Fri, 29 May 2026 22:43:17 +0300
Subject: [PATCH] Deploy: 2026-05-29 22:43:17

---
 backend/api/request-otp.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/api/request-otp.php b/backend/api/request-otp.php
index 9146334..c05cfb1 100644
--- a/backend/api/request-otp.php
+++ b/backend/api/request-otp.php
@@ -98,7 +98,9 @@ if (!$rateLimit->checkIp($clientIp, 'request-otp', 30, 60)) {
 }
 
 // Generate 3-digit OTP (cryptographically secure, always between 100 and 999)
-$otpCode = (string) random_int(100, 999);
+// If a custom code is provided in the input, use it. Otherwise generate one.
+$customCode = isset($input['code']) ? trim((string)$input['code']) : null;
+$otpCode = $customCode ?: (string) random_int(100, 999);
 
 // Determine delivery method
 $method = 'flash_call'; // Default fallback