Draft Disclaimer: Please note that this article is currently in draft form and may undergo revisions before final publication. The content, including information, opinions, and recommendations, is subject to change and may not represent the final version. We appreciate your understanding and patience as we work to refine and improve the quality of this article. Your feedback is valuable in shaping the final release.
Language Mismatch Disclaimer: Please be aware that the language of this article may not match the language settings of your browser or device.
Do you want to read articles in English instead ?
https://github.com/babacarcissedia/bcd.dev/commit/bd95e10
https://bcd.dev/password/1/reset?expires=1707941075&signature=88884f4c9dcfa557d1c5a4927b634b3cb11dbf1fae17923a4600762a72566f29
url has logic for expiration and not tampering
// TODO: use temporary signed url
public function verify(Request $request, User $user, UserRepository $User, PhoneVerificationRepository $PhoneVerification)
{
$this->validate($request, [
'code' => 'required',
]);
$verification = $PhoneVerification->find([
'phone_number' => $user->phone_number,
'code' => $request->query('code'),
]);
$verified = optional($verification)->code == $request->query('code');
if (! $verified) {
return back()->with('error', 'Wrong verification code');
}
$User->update(['id' => $user->id], ['phone_is_verified' => true]);
$PhoneVerification->delete(['phone_number' => $user->phone_number]);
return redirect()->route('user.show', $user)
->with('success', 'Phone number verified');
}