Download:

	OzekiNG-SMS-Gateway.zip (5 MB) for Windows XP,2000,2003,2008,Vista,Windows 7 free 20 day trial version

Menu

Welcome page

Solutions

SMS from CRM

SMS from Communication Softwares

OTP

Strong Authentication Server

Contact Us!

If you wish to get further information, do not hesitate to contact us!

E-mail: info@sms-integration.com

Useful information

How to send SMS with a GSM modem attached to your PC?

This solution is best if you are planning to send or receive up to 4000 SMS per day. Read more:

Prerequisites

Setup instructions

Video tutorial

How to send SMS through the Internet?

If you wish to send more then 4000 SMS per day, it is a good idea to use an Internet SMS service provider. Read more:

Prerequisites

Setup instructions

One-Time Password example for PHP developers

Two factor authentication makes it possible to build a secure and efficient IT network. Practically it means that one-time passwords are sent to mobile phones as SMS messages to authenticate the user. With this functionality you can ensure the security of your IT system. To achieve this function you need an SMS gateway such as Ozeki NG SMS Gateway. Ozeki NG SMS Gateway is a software product that needs to be installed on your computer. It connects to the mobile network with a GSM modem attached to the computer or it directly connects to the mobile network over the Internet. If you implement Ozeki NG SMS Gateway to send one-time passwords from PHP, you will get a stable and well-functioning system. This article will provide you further information on this solution.

Download: PHP-One-Time-Password-example.zip (3 Kb) (Source code included)

Fields of applications

If you wish to setup a secure and well-functioning system then you need to pay attention to the accessibility of your corporate data. Passwords are widely used to protect important data both in everyday and in business life. Though several problems can occur with these passwords. Employees write them down, lose them, forget them or send them in email. In such inconvenient cases, passwords are no longer able to function as security items. On the other hand, if you apply long and difficult passwords then nobody will be able to remember them. There is the same case if you change corporate passwords too often. All in all, static passwords are not able to provide high level security.

The solution is if you add SMS functionality to your corporate IT system with a powerful SMS gateway such as Ozeki NG SMS Gateway. With this SMS functionality you can introduce one-time passwords. These one-time passwords are sent to the mobile phones of users as SMS messages. So if authenticated users wish to login they need to provide this sent password. This effective method makes two-factor authentication possible. Two factor authentication means, that a user types in his password, then he receives an SMS text message to his mobile phone with a one-time security code and he needs to enter it to complete the authentication. This solution makes your IT system secure as users can enter the system only with the use of these one-time passwords. The life time of these passwords are quite short and if they are not used for some reason then they expire automatically. With this functionality you can ensure that no unauthorized person get access to your corporate data.

Prerequisites for this solution

To implement this solution, you need to connect your system to the mobile network. For this purpose you can use Internet connection or a GSM phone/GSM modem attached to your computer (this way you will have a wireless connection). The following webpage gives you all the information to decide which solution suits your requirements best: Internet based SMS connections vs. GSM modem based (wireless) SMS connections. You need the following prerequisites, depending on your choice.

Internet based connection:

For connecting your system over the Internet to an SMS service provider, you need the follows:

Figure 1/a - Prerequisites for Ozeki NG SMS Gateway IP SMS connection

First of all, you need a service provider, who can reach the mobile phones in your area and enables you to connect to their SMSC through the Internet. The following website lists some of them: SMPP SMS Service providers. After you have chosen a service provider, you need to sign up for their service. This will you will get connection parameters that can be used to configure your Ozeki NG SMS Gateway software.

GSM modem connection:

For a wireless connection, you need a suitable GSM phone/GSM modem that can be attached to your computer with a data cable. This way, Ozeki NG SMS Gateway software will send and receive the SMS messages wirelessly, using the GSM modem. To create this connection, you need the following prerequisites:

Figure 1/b - Prerequisites for Ozeki NG SMS Gateway GSM modem connection

Please make sure you have the following items to create a GSM modem connection:

	SIM Card - You buy one from your service provider.*
	Modem - - Use a Wavecom, Siemens or Multitech modem.
	Data cable - Comes with the modem
	Computer - Recommended: Intel P4 3Ghz, 2GB RAM, 500MB HDD, Windows OS
	Ozeki NG SMS Gateway - Download it from http://www.sms-integration.com

* The cost of an SMS message is determined by the price plan you have chosen when you have purchased the SIM card from your GSM mobile network operator.

Ozeki NG SMS Gateway can be obtained by
opening the download page:
Download Ozeki NG SMS Gateway!

System architecture

If you meet the above mentioned system requirements, you can start to setup your SMS system to send one-time passwords. It will work as follows: First you need to log into your PHP site with a username and password. After this login the PHP script sends your one-time password to the phone number that is assigned to your username through Ozeki NG SMS Gateway. A site will appear with a form in which you need to type in the sent one-time password. If you provide your password properly, you can enter the protected site. The SMS gateway forwards the one-time password to the mobile network with the help of a GSM modem attached to the computer or it connects directly to the SMS center of the mobile service provider. You can examine how to send one-time passwords with Ozeki NG SMS Gateway in Figure 1.

Figure 2 - Ozeki NG SMS Gateway - solution for how to send One-Time Passwords via PHP

Please note that it is more secure to send the one time passwords using a GSM modem through the airwaves to the recipient, than through an Internet based SMS service provider account, because it is significantly harder to intercept an SMS message traveling through the air, than it is to intercept internet traffic.

How to implement PHP OTP SMS solution

To send one-time passwords via PHP with Ozeki NG SMS Gateway, you need to do the follows. First download the PHP source code. Save it into your webserver and after you save it, you can use a browser (Internet Explorer or Firefox) to open it. A form will appear in which you need to provide your username and password. After the login a one-time password will be generated and sent to you. An other site is opened and here you need to provide the sent password.

Download: PHP-One-Time-Password-example.zip (3 Kb) (Source code included)

PHP OTP example code:

<?php
##################################
##     OZEKI ONE-TIME PASSWORD EXAMPLE     ##
##################################

##################################
##         STARTING THE SESSION AND THE        ##
##         SESSION EXPIRES IN 6 MINUTES          ##
##################################

session_start();
session_set_cookie_params(360);

##################################
##      USERNAME AND PASSWORD ARRAYS      ##
##################################

$user = array(
'user1' => 'qwe123',
'scott' => 'tiger',
'john' => 'pinball',
);

$phone = array(
'user1' => '+36301234567',
'scott' => '+36202222222',
'john' => '+36707777777',
);

#####################################
## Login information for OZEKI NG - SMS Gateway ##
#####################################

$ozeki_user = "admin";
$ozeki_password = "abc123";
$ozeki_url = "http://127.0.0.1:9501/api?";

###################################
##     Functions used to send the SMS message    ##
###################################
function httpRequest($url){
$pattern = "/http...([0-9a-zA-Z-.]*).([0-9]*).(.*)/";
preg_match($pattern,$url,$args);
$in = "";
$fp = fsockopen("$args[1]", $args[2], $errno, $errstr, 30);
if (!$fp) {
return("$errstr ($errno)");
} else {
$out = "GET /$args[3] HTTP/1.1\r\n";
$out .= "Host: $args[1]:$args[2]\r\n";
$out .= "User-agent: Ozeki PHP client\r\n";
$out .= "Accept: */*\r\n";
$out .= "Connection: Close\r\n\r\n";

fwrite($fp, $out);
while (!feof($fp)) {
$in.=fgets($fp, 128);
}
}
fclose($fp);
return($in);
}

function ozekiSend($phone, $msg, $debug=false){
global $ozeki_user,$ozeki_password,$ozeki_url;
$url = 'username='.$ozeki_user;
$url.= '&password='.$ozeki_password;
$url.= '&action=sendmessage';
$url.= '&messagetype=SMS:TEXT';
$url.= '&recipient='.urlencode($phone);
$url.= '&messagedata='.urlencode($msg);

$urltouse = $ozeki_url.$url;
//if ($debug) { echo "Request: <br>$urltouse<br><br>"; }

//Open the URL to send the message
$response = httpRequest($urltouse);
if ($debug) {
echo "Response: <br><pre>".
str_replace(array("<",">"),array("<",">"),$response).
"</pre><br>"; }
return($response);
}

######################################
##   FUNCTION TO GENERATE ONE-TIME PASSWORD   ##
######################################
function ozekiOTP($length = 8, $chars = 'abcdefghijklmnopqrstuvwxyz1234567890')
{
$chars_length = (strlen($chars) - 1);
$string = $chars{rand(0, $chars_length)};
for ($i = 1; $i < $length; $i = strlen($string))
{
$r = $chars{rand(0, $chars_length)};
if ($r != $string{$i - 1}) $string .= $r;
}
return $string;}

##########################################
##   IF DEBUG VARIABLE IS TRUE, THE RESPONSE OF THE   ##
##     HTTP REQUEST WILL BE WRITTEN TO THE SCREEN     ##
##########################################

$debug = false;

####################################
##    IF NOT POSTED ANYTHING YET, THE LOGIN    ##
##                     PAGE IS LOADING                       ##
####################################

if (empty($_POST)){
$i=0;
echo('
<html>
<body>
<h1>One Time Password Form</h1>
<form method="POST">
<table border=1>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type=submit name=submit value="Get Otp" OnClick="ozekiSend(this.form);"></td>
</tr>
</table>
</form>
</body>
</html>');}

#######################################
##      IF OTP HAS POSTED YET, ozekiOTP FUNCTION     ##
##                        WILL GENERATE ONE                      ##
#######################################

if (empty($_POST['otphtml'])){
$_SESSION['otp']=ozekiOTP();

#############################
##     CHECKING USER CREDENTIALS     ##
#############################

if ($password!=$user[$username] || ((empty($_POST['username']) && (!empty($_POST['password'])))) || (empty($_POST['password']) && (!empty($_POST['username']))))
echo ('Please enter a valid username or password!');
elseif ((!empty($_POST['submit'])) && (empty($_POST['password'])) && (empty($_POST['username'])))
echo ('No username or password entered');

elseif($password=$user[$username]){

###################################
##    SENDING THE PASSWORD AND LOADING     ##
##               THE OTP-VERIFYING PAGE               ##
###################################
ozekiSend($phone[$_POST['username']],'Dear '.$username.'! Your One-Time password is: '.$_SESSION['otp'],$debug);
echo (' <html>
<body>
<h1>Please enter your One-Time password to enter the site!</h1>
<form method="POST">
<table border=1>
<tr>
<td>Your One-time password:</td>
<td><input type="text" name="otphtml"></td>
</tr>
<tr>
<td> </td>
<td><input type=submit name=submit value="Confirm OTP"></td>
</tr>
</table>
</form>
</body>
</html>');
}}
else{

############################################
## IF AN OTP HAS ALREADY SENT, CHECKING ITS VALIDITY ##
##       AND REDIRECTING TO THE PROTECTED CONTENT        ##
############################################

$ozotp=$_POST['otphtml'];
include('protectedcontent.php');}

?>

After you have provided your received one-time password, you will be redirected to the protected content with the help of the include () function. The following PHP code shows the protected PHP content.

<?php

###############################
##        IF YOUR OTP IS CORRECT,           ##
##   THE PROTECTED CONTENT APPEARS    ##
###############################

if ($_SESSION['otp']==$ozotp){
            echo('<html>
         <body><h2>You\'ve been successfully verified your One-Time Password</h2></body>
        </html>');}

#################################
##            IF YOUR OTP IS INCORRECT          ##
##        YOUR REQUEST WILL BE DENIED         ##
##   AND "WRONG PASSWORD" WILL APPEAR ##
#################################

else { echo('<html>
        <body><h2>Wrong Password!</h2></body>
        </html>');}


?>

Conclusion for PHP OTP SMS solution

To summarize the above mentioned, it is the best solution if you use Ozeki NG SMS Gateway to send one-time passwords from PHP. This functionality is based on two factor authentication which makes it possible to setup a high secure IT environment. Due to SMS technology, your one-time passwords are sent as SMS messages to further increase security as only the intended people will receive them. In this way no unauthorized person gain access to corporate data. You can still improve reliability and security of this SMS system if you apply a GSM modem attached to the computer with a data cable. This GSM modem connectivity is more secure than sending SMS messages over the Internet. If you decide to implement this solution you will get a stable, reliable and effective authentication system with the highest quality.

Request more information

If you are interested in this solution, let us know, so we can send you more relevant information and quotation with prices. Please fill in the following form:

Home > Solutions > OTP > PHP OTP