Hoiio Open API logo Hoiio Open API

This example shows you how to make use of sms/send to create a login page with 2-factor authentication. After verifying that the username and password is correct, the user would receive a one-time token via SMS that they have to enter before they are allowed access.

Requirements

<?php

/* Hoiio developer credentials */
$hoiioAppId = "YOUR_APP_ID_HERE";
$hoiioAccessToken = "YOUR_ACCESS_TOKEN_HERE";
$sendSmsURL = "https://secure.hoiio.com/open/sms/send";

// User information: Query these from the db
$username = "test";
$password = "password";
$userMobileNumber = "+6511111111";

session_start();

/* print HTML for page headers */
echo <<<HEADER
<html>
    <head>
        <title>2 Factor-Authentication using SMS Example</title>
    </head>
    <body>
HEADER;
        
if($_POST == null) {
    // no form submission, show login page
    show_login_page();
} else {
    // process login page
    if(isset($_POST['login'])) {
        // Check username and password of user
        $form_username = $_POST['user'];
        $form_password = $_POST['password'];
        
        if(($form_username == $username) && ($form_password == $password)) {            
            // username and password match, generate token for 2FA
            $token = rand(100, 999);
            $message = "Your 2FA verification token is: $token";
            
            // store token in session for verification later
            $_SESSION['token'] = $token;
            
            /* send SMS containing token */
            /* prepare HTTP POST variables */
            $fields = array(
                        'app_id' => urlencode($hoiioAppId),
                        'access_token' => urlencode($hoiioAccessToken),
                        'dest' => urlencode($userMobileNumber),     // send SMS to this phone
                        'msg' => urlencode($message)                // message content in SMS
                );
            
            // form up variables in the correct format for HTTP POST
            $fields_string = "";
            foreach($fields as $key => $value) 
                $fields_string .= $key . '=' . $value . '&';

            $fields_string = rtrim($fields_string,'&');

            /* initialize cURL */
            $ch = curl_init();
            
            /* set options for cURL */
            curl_setopt($ch, CURLOPT_URL, $sendSmsURL);
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);           
            
            /* execute HTTP POST request */
            $raw_result = curl_exec($ch);
            $result = json_decode($raw_result);     // parse JSON formatted result
            
            /* close connection */
            curl_close($ch);

            if($result->status == "success_ok") {
                // 2FA sent successfully, move on to next step
                show_2fa_page();
            } else {
                // error sending 2FA
                echo $result->status;
                show_login_page();
            }
        } else {
            // wrong username and/or password
            echo "Wrong username and/or password.";
            show_login_page();
        }
    } elseif(isset($_POST['verify'])) {     // process 2FA
        // check token
        $tokenInput = $_POST['token'];
        $token = $_SESSION['token'];
        
        if($tokenInput != $token) {
            echo "Invalid token.";
        } else { 
            echo "Login successful.";
            session_destroy();
        }
    }
}

/* print HTML for page footers */
echo <<<FOOTER
    </body>
</html>
FOOTER;

/* function to print HTML for login form */
function show_login_page() {
    echo <<<LOGIN
<h2>2 Factor-Authentication using SMS Example</h2>
<form id="login" action="" method="post">
    Use test/password to login.
    <table>
        <tr>
            <td>Username:</td>
            <td><input type="text" name="user" value=""/></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type="password" name="password" value=""/></td>
        </tr>
        <tr>
            <td colspan="2"><input type="submit" value="Login" name="login"/></td>
        </tr>
    </table>
</form>
LOGIN;
}

/* function to print HTML for 2FA form */
function show_2fa_page() {
    echo <<<TOKENVERIFY
<h2>2FA Token Verification</h2>
<form id="verify" action="" method="post">
    <table>
        <tr>
            <td colspan="2">Enter your 2FA token here:</td>
        </tr>
        <tr>
            <td>Token:</td>
            <td><input type="text" name="token" value=""/></td>
        </tr>
        <tr>
            <td colspan="2"><input type="submit" value="Submit" name="verify"/></td>
        </tr>
    </table>
</form>
TOKENVERIFY;
}

?>

Download the source code.