Secure Download with Email OTP
</body>
</html>
🛠2. PHP Backend (index.php continued)
Use PHP's mail() (configure SMTP) or PHPMailer to send OTP.
php
Copy
Edit
<?php
session_start();
function send_email_otp($email, $otp) {
$subject = "Your OTP Code";
$body = "Your OTP is: $otp";
$headers = "From: no-reply@yourdomain.com\r\n";
return mail($email, $subject, $body, $headers);
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['send_otp'])) {
$email = $_POST['email'];
$otp = rand(100000, 999999);
$_SESSION['email'] = $email;
$_SESSION['otp'] = $otp;
$_SESSION['otp_time'] = time();
if (send_email_otp($email, $otp)) {
$msg = "OTP sent to $email.";
echo "<script>document.getElementById('otp-section').style.display='block';</script>";
} else {
$msg = "Error sending OTP.";
}
}
if (isset($_POST['verify_otp'])) {
if (!isset($_SESSION['otp'])) {
$msg = "Please request OTP first.";
} else if (time() - $_SESSION['otp_time'] > 300) {
$msg = "OTP expired. Please request again.";
} else if ($_SESSION['otp'] == $_POST['otp']) {
unset($_SESSION['otp']);
// Serve download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="yourfile.pdf"');
readfile('yourfile.pdf');
exit;
} else {
$msg = "Invalid OTP.";
}
}
}
?>
