HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Help with phone number verification on signup / login with phone number

Hi team,

Looking for OTP verification addon, but after so much populartity of vanilla forums, there is no addon or module.

Even no article how to achieve that 😥.

Please help me with this, using vanilla forums since 2012.


  • Options
    R_JR_J Ex-Fanboy Munich Admin

    This is an edge case. You know that you will have to pay for the verification? Twilio is a service that comes to my mind because they do a lot of marketing, not because I have experience and can judge their quality.

    I would approach a plugin like that:

    1. Require the admin to use Profile Extender and add a phone number field which is a requirement on the registration screen

    2. The name of that field must be passed to the new plugin.

    3. Vanillas User table has a column called "Verified" which I would use as a marker but you can also use any other way (entry in UserMeta, entry in User.Attributes)

    4. In discussions_render_before I would add some code to check if session user has verified flag set or not and display a nagging message

    5. In profile you need an additional page where user can enter the code sent by SMS and has the option to resend the SMS code. There should be a check if the phone number is already provided and if that field is blank, only show a short note that phone number needs to be provided first

    6. After registration/button "send code again" press, call a method in the plugin which creates a random code and stores that in the UserMeta table together with a timestamp. Then call the SDK of the SMS API provider to send a SMS to the phone number given.

    7. When the code number is entered in the profile page of step 5, there must be comparison of the code provided and the code in UserMeta. If timestamp is older than 5 minutes, give that as a feedback to the user and maybe automatically send a new code. If the code matches and timestamp is not older than 5 inutes, set Verified = true in user table

    Since sending SMS is causing costs to you, I would think about a way to keep users from hammering the "Resend code" button, but I do not have an idea how to do that without disturbing the UX for idiots who simply need that function.

    Oh yes, you certainly need to register by some SMS API service and the key you most probablywill get to access the service should be entered in a simple settings page.

    I do not have any interest in creating such a plugin, but if you want to try it by yourself, I will surely assist you.

  • Options

    R_J I am using msg 91 api.

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    Okay. But as I said before: I do not have any interest in creating such a plugin, but if you want to try it by yourself, I will surely assist you.

Sign In or Register to comment.