600) {
// Clear OTP session data
unset($_SESSION['otp_user_id'], $_SESSION['temp_username'], $_SESSION['temp_email'], $_SESSION['otp_timestamp']);
header("Location: login.php?error=otp_expired");
exit;
}
$user_id = $_SESSION['otp_user_id'];
$username = $_SESSION['temp_username'];
$email = $_SESSION['temp_email'];
// Check if OTP has expired
try {
$stmt = $conn->prepare("SELECT otp_expiry FROM users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();
$user_data = $result->fetch_assoc();
$stmt->close();
if ($user_data) {
// Check if OTP has expired
if (strtotime($user_data['otp_expiry']) < time()) {
$error_message = "OTP has expired. Please request a new one.";
}
}
} catch (Exception $e) {
error_log("Error retrieving OTP expiry: " . $e->getMessage());
$error_message = "System error (fetch expiry): " . $e->getMessage();
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Sanitize and validate OTP input
$input_otp = filter_var(trim($_POST['otp']), FILTER_SANITIZE_NUMBER_INT);
// Validate OTP format
if (!$input_otp || !preg_match('/^\d{6}$/', $input_otp)) {
$error_message = "Please enter a valid 6-digit OTP.";
} else {
try {
// Check OTP with prepared statement
$stmt = $conn->prepare("SELECT id FROM users WHERE id = ? AND otp = ? AND otp_expiry > NOW()");
$stmt->bind_param("is", $user_id, $input_otp);
$stmt->execute();
$result = $stmt->get_result();
if ($user = $result->fetch_assoc()) {
// OTP is valid - Complete login process
// Clear OTP data
$clearStmt = $conn->prepare("UPDATE users SET otp = NULL, otp_expiry = NULL WHERE id = ?");
$clearStmt->bind_param("i", $user_id);
$clearStmt->execute();
$clearStmt->close();
// Set proper session variables
session_regenerate_id(true); // Prevent session fixation
$_SESSION['loggedin'] = true;
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['login_time'] = time();
// Clear temporary OTP session data
unset($_SESSION['otp_user_id'], $_SESSION['temp_username'], $_SESSION['temp_email'], $_SESSION['otp_timestamp']);
$success_message = "OTP verified successfully! Redirecting...";
// Add JavaScript redirect with delay
echo "";
} else {
$error_message = "Invalid OTP. Please try again.";
}
$stmt->close();
} catch (Exception $e) {
error_log("Error validating OTP: " . $e->getMessage());
$error_message = "System error (validate OTP): " . $e->getMessage();
}
}
}
?>
Verify OTP - ECOGENIX
Verify OTP
Enter the 6-digit code sent to your email