Send an SMS with the PIN, and get a hash to verification:
Verify the correct PIN:
Verify an incorrect PIN:
- Copy source to a web root.
- Add Nexmo credentials through environment variables, or
- Route all requests to
index.php(in many cases this will happen by default; if not,
index.phpcan be prepended to the
This is a simplistic example, and the method used to generate/verify the code is not at all random. If the server side key is known, it's reativly easy to brute force the pin. This method works well only as an example that avoids any storage of the pin. You should not use this in production without replacing the pin generation/verification.