Level 63
Can you share the code you have tested for the moment ?
Jan 26, 2024
3
Level 1
SMS authentication
Hello, best regards I want to deploy user verification theory by mobile phone (without password) in Laravel by using the Fortify package. In fact, after entering his mobile number, the user receives a code via SMS; if the code is correct, the user will be logged in or the user is registered on the website. Now I want the login/register to run in one function. I don't want login and register to be separate. I have come across a problem in deploying this. I will be thankful if you help me in this.
Level 1
In fact, I haven't succeeded in deploying the login/register in one function. I was able to send code after registration process via SMS using middleware, but the main problem is how to run login/register using fortify in one function. Is this possible at all to do this using fortify or any other package? The reason that I don't do this without using packages is that I want to use the security contained in the packages and if can use this with any method which is secure, I would be happy to do it.
1 like
Level 63
@matin_noei Fortify is designed to work with a password. You can all the way modify the Fortify actions so that it becomes like you need.
Furthermore Fortify is based on the Laravel native authentication code.
But if you just need to authenticate a user via SMS, it's very simple to use this native authentication code.
From the login page, the user has a form to type his username or his email address.
Then a code is sent by SMS and you save the code in the database (for example in the users table or in another appropriate table binded to the users one).
And the user is redirected to another page to type the code he received by SMS.
public function create(Request $request)
{
$user = User::where('code', $request->code)->first();
if (!$user) {
return redirect('home');
}
Auth::login($user);
$request->session()->regenerate();
return redirect()->route('admin.dashboard');
}
https://laravel.com/docs/10.x/authentication#authenticating-users
And sure you can secure this connexion for example by invalidating the code after 5 minutes or by adding throttling.
Please or to participate in this conversation.