Navigation

    APPDRAG Community

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Popular

    REMINDER

    Please be respectful of all AppDragers! Keep it really civil so that we can make the AppDrag community of builders as embracing, positive and inspiring as possible.

    Instruction on additional authentication features

    Features requests
    2
    3
    229
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Dick Honing
      Dick Honing last edited by

      I've managed to built a user authentication system with the help of video's 2 through 4. Now I'm looking for information on how to built the verification mail for after registration as well as an extra authentication layer, i.e. sending an email with a verification code.

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • Dick Honing
        Dick Honing last edited by

        Or perhaps provide a full user authentication system as a template 🙂

        1 Reply Last reply Reply Quote 0
        • Daniel Mulroy
          Daniel Mulroy last edited by

          Hi Dick,

          I have a 2FA system set up for my backend.

          The way I've done it is: IF you have a table for Users already, when they attempt to first log in, generate a random 2FA code and UPDATE their User record by adding that newly generated token to a column dedicated to it.

          Bonus points if you add a timestamp.

          Then, email/SMS them the 2FA code.

          When they submit it again as part of the second authentication step, you do a SQL SELECT

          like

          SELECT * FROM Users where email = (their email address they submitted) AND 2FAtoken = (2FAtoken they're submitting)
          

          If you implemented the timestamping, you can also modify your SQL query to include only results within the last 5 minutes or whatever you choose.

          If that SELECT statement returns empty, the code is incorrect or expired. If it returns an object, you're good, and you can authenticate the user, set their token, whatever.

          Good luck!

          1 Reply Last reply Reply Quote 2
          • First post
            Last post