Level 102
How does the user get to this page? My suggestion would be to either use ajax to trigger it, or do a post request to the trigger url and then redirect to this page.
Nov 27, 2021
5
Level 2
OTP is being sent twice
I use iTexMo to send my OTP through SMS. It's a local SMS API here in the Philippines that is integrated with a simple function definition. It works successfully when sending notifications, however, when trying to send OTP, it sends twice.
- I've checked my routes and controller, and only call the
itexmoLocal()function once. What could I be doing wrong? - Another question, my OTP is sent once the route
phone-verifyis opened, but of course, upon refresh of the page, the OTP will be sent again. Is there a way for me to avoid sending the OTP multiple times upon page refresh?
iTexmoLocal function definition and checkIfSent function in my helpers.php file so I can call the function from anywhere:
//##########################################################################
// ITEXMO SEND SMS API - PHP - CURL-LESS METHOD
// Visit www.itexmo.com/developers.php for more info about this API
//##########################################################################
function itexmoLocal($number,$message,$apicode = "#",$passwd = "#"){
$url = 'https://www.itexmo.com/php_api/api.php';
$itexmo = array('1' => $number, '2' => $message, '3' => $apicode, 'passwd' => $passwd);
$param = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($itexmo),
),
);
$context = stream_context_create($param);
return file_get_contents($url, false, $context);
}
// iTexMo checking
function checkIfSent($result){
if ($result == ""){
console_log("iTexMo: No response from server!!!
Please check the METHOD used (CURL or CURL-LESS). If you are using CURL then try CURL-LESS and vice versa.
Please CONTACT US for help. ");
}else if ($result == 0){
console_log("Message Sent!");
}
else{
console_log("Error Num ". $result . " was encountered!");
}
}
//##########################################################################
Routes:
Route::get('phone-verify/{jobseeker:id}',[RegistrationController::class,'verifyPhonePage']);
RegistrationController:
// Main Phone Verification Page
public function verifyPhonePage(Jobseeker $jobseeker) {
// Send Verification Message
$number = $jobseeker->contact_number;
$otp = Otp::generate($number);
$SMS = "Your OTP is: ".$otp;
$result = itexmoLocal($number,$SMS);
checkIfSent($result);
return view('verify.verify-phone',[
'jobseeker_number' => $number
]);
}
Note: I put # where the API key and password should be for security purposes
Level 122
Your two questions are related and probably due to your browser pre-fetching the page so that it can start loading related resources
Never do anything like this on a get route - always use post or an ajax request
https://developers.google.com/web/updates/2018/07/nostate-prefetch
you could avoid the double send if you checked for prefetch header in the request - but this would not prevent your problem with the user refreshing the page
Level 2
What triggers the system to send the text message? Since the two questions are related, I would suggest you us a Middleware to check if the user has an OTP.
This will ensure the OTP will be sent only when it meets some criteria in the Middleware.
Level 122
@pnjeru no, not a job for middleware
Level 2
@Snapey That depend's with @ellajhonm implementation and how the OTPs are managed.
Middleware is one way to ensure a user cannot proceed without an OTP and ensure it wont be sent twice as it is in this case.
Please or to participate in this conversation.