REMINDER
Instruction on additional authentication features
-
I've managed to built a user authentication system with the help of video's 2 through 4. Now I'm looking for information on how to built the verification mail for after registration as well as an extra authentication layer, i.e. sending an email with a verification code.
Thanks in advance!
-
Or perhaps provide a full user authentication system as a template
-
Hi Dick,
I have a 2FA system set up for my backend.
The way I've done it is: IF you have a table for Users already, when they attempt to first log in, generate a random 2FA code and UPDATE their User record by adding that newly generated token to a column dedicated to it.
Bonus points if you add a timestamp.
Then, email/SMS them the 2FA code.
When they submit it again as part of the second authentication step, you do a SQL SELECT
like
SELECT * FROM Users where email = (their email address they submitted) AND 2FAtoken = (2FAtoken they're submitting)If you implemented the timestamping, you can also modify your SQL query to include only results within the last 5 minutes or whatever you choose.
If that SELECT statement returns empty, the code is incorrect or expired. If it returns an object, you're good, and you can authenticate the user, set their token, whatever.
Good luck!
