Easy Signup with OTP verification and password reset

Write a short description

Hi All,

Sign Up and Sign In are the most useful blocks of any application. Wouldn’t it be nice to have a way to confirm the Sign Up with one-time password and also to be able to send OTP for changing the password?

It’s pretty much same as Firebase blocks for sign up and sign in but additional OTP functionality.

Try out the .apk file attached to see the blocks working.

If you want to build your own version of it, I am attaching .aia as well.

Add a picture of all the blocks

If you are wondering on how the application UI looks like, here it is:

Write instructions to use your extension

Okay so here are the steps.
Since the php code is hosted on some server outside.
First visit: https://otpmanager.schoolnxg.com

Create an admin account

You will get your Secret Key from here.

Create a new application

That’s all

Now come to the Kodular and don’t forget to mention your own secret_key and appName to get your own registered users.


SignUp_SignIn_with_OTP.aia (80.8 KB)

SignUp_SignIn_with_OTP.apk (5.2 MB)

Include a Download link here; can be direct or a link to your website/host

NOTE: Do not post a link to fishy websites.

13 Likes

You should change the category, because it’s not an extension.:blush:

3 Likes

Thanks for pointing out.

2 Likes

can i use this method for signup ??

Yeah Sure. Go ahead and try it out. Let me know if there is any issue or any scope of improvement.

1 Like

I will contact you soon again.

This post was flagged by the community and is temporarily hidden.

@themaayur thanks for pointing out. I have corrected apk and updated post.

You can try again.

Why @themaayur’s post flagged

I also don’t understood why my post was flagged.

Nope, the toast Appear message sent but no message is received.
I tried for 3 times.
I think you should check the whole project or maybe there would be updates in the service you are using.

Well as i can see from the logs, two times otp was sent to your email around 40 mins ago from current time.

Ohh, Sorry for that. Actually I saw logged in with another Mail ID. :zipper_mouth_face:

Your post contains your personal info email address

2 Likes

That’s really great. But is it a chargeable service and is it secure?

Well being the owner of this, there is no charge for using this and yes it is secured with https certificate.

1 Like

How can you guarantee us
that this system could not be put out of service and that our users cannot register?

All I can say is, i have done it for having common methods for my apps too. I’m running 10+ apps using the same service, if this goes down I have to work on to bring it back this way or another way.

From the guarantee perspective, since it’s not charged service so no terms involved.

1 Like

Then you need to improve your system then.

Looks like you just make a POST request to your PHP script, but the thing is password is sent as plain text. So does this mean you store the user passwords as plain text too?

Then, you might have helped the bad people who want to steal your users’ database. I won’t say how to do that here of course.

If I go to the scripts from browser’s developer tools, it can be clearly seen that fact is true.

$.ajax
(
      {
             url:'index.php',
             method: 'POST',
             data: 
             {
                    login: 1,
                    userIdInput: userName,
	                passwordInput: password
             }
...

It is not hard to find these scripts, as the website has been fetched by browser, anyone can see which data came.

Or just click the “(index):84” next to the console logs which prints your email and password as plain text.

image

Using and accessing the developer tools requires very less knowledge, and it can “show/leak” your website scripts. Because that’s how developer tools work. To debug something. So you should have secured your scripts before going on production.

I hope this helps!


P.S.
Of course, it is up to the members to trust and use your service or not, also my purpose is not decrease your members too. I just want to help people aware of these things. If a moderator thinks this post contains sensitive information, they can safely delete it.

1 Like

The credentials you are seeing in console are your own credentials. You can not see someone else’s details like this.

Regarding the saving password thing, it is being encrypted and decrypted on the server side so as an admin also you will only see the user emails registered for your application, even you won’t see the passwords for your user neither plain text nor encrypted.