Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Twilio Cookbook: Second Edition

You're reading from   Twilio Cookbook: Second Edition Over 70 easy-to-follow recipes, from exploring the key features of Twilio to building advanced telephony apps

Arrow left icon
Product type Paperback
Published in Mar 2014
Publisher
ISBN-13 9781783550654
Length 334 pages
Edition Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Roger Stringer Roger Stringer
Author Profile Icon Roger Stringer
Roger Stringer
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Twilio Cookbook Second Edition
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. Into the Frying Pan 2. Now We're Cooking FREE CHAPTER 3. Conducting Surveys via SMS 4. Building a Conference Calling System 5. Combining Twilio with Other APIs 6. Sending and Receiving SMS Messages 7. Building a Reminder System 8. Building an IVR System 9. Building Your Own PBX 10. Digging into OpenVBX 11. Sending and Receiving Picture Messages 12. Call Queuing 13. Working with Twilio Client Index

Using Twilio SMS to set up two-factor authentication for secure websites


This recipe is similar to the two-factor voice authentication recipe but uses SMS instead and texts the user their one-time password.

Again, two-factor authentication is an important tool to verify your users for various purposes and should be used on sites if you care at all about user security.

Forcing a user to verify their identity using two-factor authentication, in order to do something as simple as changing their password, can help promote trust between both you and your users.

Getting ready

The complete source code for this recipe can be found at Chapter1 /Recipe2.

How to do it...

We're going to build our first Twilio app, a two-factor SMS authentication system. This can be plugged into websites to allow users to get called on a phone and verify that they are who they say they are.

  1. Download the Twilio Helper Library (from https://github.com/twilio/twilio-php/zipball/master) and unzip it.

  2. Upload the Services/ folder to your website.

  3. Upload config.php to your website and make sure the following variables are set:

    <?php
      $accountsid = '';  //  YOUR TWILIO ACCOUNT SID
      $authtoken = '';  //	  YOUR TWILIO AUTH TOKEN
      $fromNumber = '';  //  PHONE NUMBER CALLS WILL COME FROM
    ?>
  4. We'll set up a file called two-factor-sms.php, which will sit on your web server; this file handles the two-factor authentication.

    <?php
      session_start();
      include 'Services/Twilio.php';
      include 'config.php';
      include 'functions.php';
      $username = cleanVar('username');
      $password = cleanVar('password');
      $phoneNum = cleanVar('phone_number');
      if( isset($_POST['action']) ){
        if( isset($_POST['username']) &&isset($_POST['phone_number'])){
          $message = user_generate_token($username, $phoneNum,'sms');
      }else if( isset($_POST['username']) &&isset($_POST['password'])){
        $message = user_login($username, $password);
      }
      header("Location: two-factor-sms.php?message=" .urlencode($message));
      exit;
    }
    ?>
    <html>
    <body>
    <p>Please enter a username, and a phone number you can be reached at, we will then send you your one-time password via SMS.</p>
    <span id="message">
    <?php
      echo cleanVar('message');
      $action = (isset($_SESSION['password'])) ? 'login' : 'token';
    ?>
    </span>
    <form id="reset-form"  method="POST" class="center">
    <input type="hidden" name="action" value="<?php echo$action; ?>"/>
    <p>Username: <input type="text" name="username"id="username" value="<?php echo $_SESSION['username'];?>" /></p>
    <?php if (isset($_SESSION['password'])) { ?>
      <p>Password: <input type="password" name="password"id="password" /></p>
    <?php } else { ?>
      <p>Phone Number: <input type="text" name="phone_number"id="phone_number" /></p>
      <input type="hidden" name="method" value="sms" checked="checked"/>
    <?php } ?>
    <p><input type="submit" name="submit" id="submit"value="login!"/></p>
    <p>&nbsp;</p>
    </form>
    </body>
    </html>
  5. Finally, we're going to include the same functions.php file we used in the Adding two-factor voice authentication to verify users recipe.

How it works...

In steps 1 and 2, we downloaded and installed the Twilio Helper Library for PHP; this library is the heart of your Twilio-powered apps.

In step 3, we uploaded config.php that contains our authentication information to talk to Twilio's API.

Your user is presented with a form where they enter a username and their phone number. Once they submit the form, it generates a one-time usage password and sends it as a text message to the phone number they entered. They then enter this password in the form on the site to verify that they are who they say they are.

What's the big difference between recipes 1 and 2? Really, it's that one does voice and one does SMS. You could combine these as options if you wanted to so that people can choose between voice or SMS. The biggest key is when you call the function user_generate_token; you specify the method as either calls or sms.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime