Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Twilio Cookbook

You're reading from   Twilio Cookbook The Twilio cookbook will enable all kinds of telephone usage, including SMS, on your websites. It's a totally practical guide with a hands-on approach to help you dig deep into the enormous potential of telephone facilities on the Web.

Arrow left icon
Product type Paperback
Published in Sep 2013
Publisher Packt
ISBN-13 9781782166061
Length 266 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Roger Stringer Roger Stringer
Author Profile Icon Roger Stringer
Roger Stringer
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Twilio Cookbook
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
1. Into the Frying Pan FREE CHAPTER 2. Now We're Cooking 3. Conducting Surveys via SMS 4. Building a Conference Calling System 5. Combining Twilio with Other APIs 6. Sending and Receiving SMS Messages 7. Building a Reminder System 8. Building an IVR System 9. Building Your Own PBX 10. Digging into OpenVBX Index

Adding two-factor voice authentication to verify users


Being able to verify that the users are actual users, and being able to help them have better security, is an important factor for everyone, and that's where two-factor authentication comes in handy.

Two-factor authentication is a more secure way of logging in to a website. In addition to entering a password online, a user has to enter a random verification code generated at login time. This combination of passwords makes it easier to safeguard your applications.

Two-factor authentication is used in:

  • E-commerce sites

  • Sites that allow users to sign up

  • Recovering lost passwords (by sending the new code to a phone number already saved)

More and more big web services are starting to activate two-factor authentication as they realize how important it can be. Amazon, Google, and Apple are just some of the companies that have begun utilizing two-factor authentication for user protection.

Getting ready

The complete source code for this recipe can be found in at Chapter1/Recipe1.

How to do it...

We're going to build our first Twilio app, a two-factor voice authentication system. This can be plugged into websites to allow users to get called on a phone and verify whether they are who they say they are. Perform the following steps:

  1. Download the Twilio Helper Library (from https://github.com/twilio/twilio-php/zipball/master) and unzip it.

  2. Upload the Services/ folder to your website.

  3. Upload config.php to your website and make sure the following variables are set:

    <?php
      $accountsid = '';	//	YOUR TWILIO ACCOUNT SID
      $authtoken = '';	//	YOUR TWILIO AUTH TOKEN
      $fromNumber = '';	//	PHONE NUMBER CALLS WILL COME FROM
    ?>

    This file will let you configure your web app with your Twilio account information.

  4. We'll set up a file called two-factor-voice.php, which will sit on your web server. This file handles the two-factor authentication:

    <?php
      session_start();
      include 'Services/Twilio.php';
      include 'config.php';
      include 'functions.php';
      $username = cleanVar('username');
      $password = cleanVar('password');
      $phoneNum = cleanVar('phone_number');
      if( isset($_POST['action']) ){
        if( isset($_POST['username']) &&
          isset($_POST['phone_number'])
          ){
          $message = user_generate_token($username,
            $phoneNum,'calls');
        }else if( isset($_POST['username']) &&
          isset($_POST['password']) ){
          $message = user_login($username, $password);
        }
        header("Location: two-factor-voice.php?message=" .urlencode($message));
        exit;
      }
    ?>
    <html>
    <body>
      <p>Please enter a username, and a phone number you can bereached at, we will then call you with your one-timepassword</p>
      <span id="message">
      <?php
        echo cleanVar('message');
        $action = (isset($_SESSION['password'])) ? 'login' :'token';
      ?>
      </span>
      <form id="reset-form"  method="POST" class="center">
      <input type="hidden" name="action" value="<?php echo$action;?>" />
      <p>Username: <input type="text" name="username"id="username"value="<?php echo $_SESSION['username']; ?>" /></p>
      <?php if (isset($_SESSION['password'])) { ?>
      <p>Password: <input type="password" name="password"id="password" /></p>
      <?php } else { ?>
      <p>Phone Number: <input type="text" name="phone_number"id="phone_number" /></p>
      <input type="hidden" name="method" value="voice" />
      <?php } ?>
      <p><input type="submit" name="submit" id="submit"value="login!"/></p>
      <p>&nbsp;</p>
      </form>
    </body>
    </html>

    You may notice one of the functions we called is cleanVar(); this is a little function I like to use to make sure certain variables, specifically usernames, passwords, and phone numbers, follow a set rule.

  5. Finally, create a file called functions.php on your web server:

    <?php
      function cleanVar($key){
        $retVal = '';
        $retVal = isset( $_REQUEST[$key]) ?
          $_REQUEST[$key] : '';
        switch($key){
          case 'username':
          case 'password':
            $retVal = preg_replace("/[^A-Za-z0-9]/",
              "", $retVal);
            break;
          case 'phone_number':
            $retVal = preg_replace("/[^0-9]/", "", $retVal);
            break;
          case 'message':
            $retVal = urldecode($retVal);
            $retVal = preg_replace("/[^A-Za-z0-9 ,']/",
              "", $retVal);
    
        }
        return $retVal;
      }
    
      function user_generate_token($username, $phoneNum,
        $method='calls'){
        global $accountsid, $authtoken, $fromNumber;
        $password = substr(md5(time().rand(0, 10^10)), 0, 10);
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        $client = new Services_Twilio($accountsid, $authtoken);
        $content = "Your newly generated password
          is ".$password."To repeat that, your password
          is ".$password;
        $item = $client->account->$method->create(
          $fromNumber,
          $phoneNum,
          $content
        );
        $message = "A new password has been generated and sent
          to your phone number.";
        return $message;
      }
      function user_login($username, $submitted) {
        // Retrieve the stored password
        $stored = $_SESSION['password'];
        // Compare the retrieved vs the stored password
        if ($stored == $submitted) {
          $message = "Hello and welcome back $username";
        }else {
          $message = "Sorry, that's an invalid username and
            password combination.";
        }
        // Clean up after ourselves
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        return $message;
      }
    ?>

How it works...

In steps 1 and 2, we downloaded and installed the Twilio Helper Library for PHP; this library is the heart of your Twilio-powered apps.

In step 3, we uploaded config.php that contains our authentication information to talk to Twilio's API.

When your users go to two-factor-voice.php, they are presented with a form where they enter a username and their phone number. Once they submit the form, it generates a one-time usage password and sends it as a text message to the phone number they entered. They then enter this password in the form on the site to verify that they are who they say they are.

I've used this on several different types of websites; it's a feature that people always want in some way to help verify that your users are who they say they are.

You have been reading a chapter from
Twilio Cookbook
Published in: Sep 2013
Publisher: Packt
ISBN-13: 9781782166061
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image