📱 OTP Verification System

A simple and secure OTP (One-Time Password) Verification System built using core PHP. This project demonstrates how to generate, send, and verify OTPs using session management.

---

🚀 Features

• Generate 6-digit OTP
• Email-based OTP (mock implementation)
• OTP verification system
• Session-based storage
• OTP expiry handling (5 minutes)
• Simple and clean structure (beginner-friendly)

---

📁 Project Structure

otp-system/
│── index.php          # Enter email
│── send_otp.php       # Generate & send OTP
│── verify.php         # OTP input page
│── check_otp.php      # OTP verification logic
│── success.php        # Success page
│── config.php         # Configuration & session

---

⚙️ How It Works

1. User enters email on index.php
2. OTP is generated in send_otp.php
3. OTP is stored in session
4. User enters OTP in verify.php
5. OTP is validated in check_otp.php
6. If correct → redirected to success page

---

🛠️ Installation

1. Clone the repository:

git clone https://github.com/yogeshkumarsaini/otp-system.git

2. Move project to your server directory:

• XAMPP → htdocs
• WAMP → www

3. Start Apache server

4. Open in browser:

http://localhost/otp-system/

---

⚠️ Important Notes

• OTP is currently displayed on screen (for testing)
• No real email is sent in this version
• Session is used instead of database

---

🔐 Security Improvements (Recommended)

• Hash OTP before storing (password_hash)
• Limit OTP attempts (e.g., max 3 tries)
• Add CSRF protection
• Use HTTPS
• Store OTP in database instead of session

---

📧 Email Integration (Upgrade)

To send real OTP emails, use:

• PHPMailer (SMTP-based email sending)

---

📱 SMS Integration (Upgrade)

You can integrate:

• Fast2SMS API
• Twilio API

---

💾 Database Version (Advanced)

Store OTP details in MySQL:

email | otp | expiry | attempts

---

🎯 Use Cases

• User registration
• Login verification
• Password reset
• Two-factor authentication (2FA)