Android 安卓一次性密码(OTP)用户注册/开户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22400278/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Android one time password (OTP) user registration/opening account
提问by sachin110011
I want to implement OTP functionalityin my androidapplication. In this application, after signupuser will receive one time password key. After verifying OTP, user will be able to register/open account successfullyby using that OTP. What i need to do achieve this?
我想在我的android应用程序中实现OTP 功能。在此应用程序中,注册后用户将收到一次密码密钥。经过核实OTP,用户将能够成功注册/开立帐户通过使用OTP。我需要做什么来实现这一目标?
采纳答案by Sergey Pekar
Check google authenticator. https://code.google.com/p/google-authenticator/it is open source project with OTP functionality
检查谷歌身份验证器。https://code.google.com/p/google-authenticator/它是具有 OTP 功能的开源项目
Source code for android app https://code.google.com/p/google-authenticator/source/browse/?repo=android
Android 应用程序的源代码https://code.google.com/p/google-authenticator/source/browse/?repo=android
Here is source code for server side https://github.com/chregu/GoogleAuthenticator.php
这是服务器端的源代码https://github.com/chregu/GoogleAuthenticator.php
Wikipedia article http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
维基百科文章http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
回答by Vipin Sharma
I have implement a very simple method of OTP..
我已经实现了一个非常简单的 OTP 方法..
- Activity generates a random 5 digit number and send it to mobile number through SMS gateway.
- On recieving sms, SMS body read by Broadcast Reciever and copy the code from SMS body to OTP EditText.
- If random code generated by activity and code sent via sms are same then user should get further access.
- Activity 生成一个随机的 5 位数字并通过短信网关将其发送到手机号码。
- 收到短信时,广播接收器读取短信正文并将代码从短信正文复制到 OTP EditText。
- 如果活动生成的随机代码和通过短信发送的代码相同,则用户应该获得进一步的访问权限。
回答by Muhammed Refaat
As @Vipin mentioned, the best way would be implementing it your self:
正如@Vipin 提到的,最好的方法是自己实现它:
First, you have to generate a 4-digit(or whatever you want) pin code, for example:
首先,您必须生成一个 4 位(或任何您想要的)密码,例如:
int range = 9; // to generate a single number with this range, by default its 0..9
int length = 4; // by default length is 4
public int generateRandomNumber() {
int randomNumber;
SecureRandom secureRandom = new SecureRandom();
String s = "";
for (int i = 0; i < length; i++) {
int number = secureRandom.nextInt(range);
if (number == 0 && i == 0) { // to prevent the Zero to be the first number as then it will reduce the length of generated pin to three or even more if the second or third number came as zeros
i = -1;
continue;
}
s = s + number;
}
randomNumber = Integer.parseInt(s);
return randomNumber;
}
Then, you have to save this number somewhere save, for example in your preferences:
然后,您必须将此号码保存在某个地方,例如在您的首选项中:
SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(mContext);
SharedPreferences.Editor editor = preferences.edit();
editor.putInt("OTP_PIN", randomNumber);
editor.commit();
The next step, would be using a proper SMS gateway to send that OTP to the corresponding phone number, for me I'm using clickATellwith our php server to send the message, the api documentationis pretty clear. And if you want to send the message directly from the application, may be SMSgatewaycan help.
下一步,将使用适当的 SMS 网关将该 OTP 发送到相应的电话号码,对我来说,我使用clickATell和我们的 php 服务器来发送消息,api 文档非常清楚。如果您想直接从应用程序发送消息,可能SMSgateway可以提供帮助。
The final step, is to verify the code received by SMS is the one stored in device preferences, this is pretty easy and straight forward, all you have to do is to provide an EditTextfor the user allowing him to enter the code received by his phone, if the code matches the OTP saved in device preferences, make him go through the app, otherwise, display a proper error message.
最后一步,是验证 SMS 收到的代码是存储在设备首选项中的代码,这非常简单直接,您所要做的就是EditText为用户提供一个允许他输入手机收到的代码, 如果代码与设备首选项中保存的 OTP 匹配,则让他通过应用程序,否则,显示正确的错误消息。
a classy move:Not mandatory but preferably, as a lot of applications doing you can provide SMS listener to listen to the upcoming messages, getting the code from the received message, display it in the code verification editText, verify it, if true, go through the app.
一个优雅的举动:不是强制性的,但最好,因为很多应用程序都可以提供短信监听器来收听即将到来的消息,从收到的消息中获取代码,在代码验证中显示它editText,验证它,如果是真的,通过应用程序。
in manifest.xml:
在manifest.xml 中:
<receiver
android:name=".Services.SmsListener"
android:exported="true"
android:permission="android.permission.BROADCAST_SMS">
<intent-filter android:priority="999">
<action android:name="android.provider.Telephony.SMS_RECEIVED" />
</intent-filter>
</receiver>
the listener:
听众:
public class SmsListener extends BroadcastReceiver {
@TargetApi(Build.VERSION_CODES.KITKAT)
@Override
public void onReceive(Context context, Intent intent) {
Log.d("messageBody", intent.getAction());
if (intent.getAction().equals(Telephony.Sms.Intents.SMS_RECEIVED_ACTION)) {
try {
String messageBody = "";
for (SmsMessage smsMessage : Telephony.Sms.Intents.getMessagesFromIntent(intent)) {
messageBody = smsMessage.getMessageBody();
}
Intent messageReceived = new Intent(SVPreferences.SMS_RECEIVED);
messageReceived.putExtra("sms", messageBody);
context.sendBroadcast(messageReceived); // when receiving it somewhere in your app, subString the additional text and leave only the code, then place it in the editText and do your verification
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
}
the receiver:
收件人:
BroadcastReceiver receiveSMS = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
try {
String smsBody = intent.getStringExtra("sms");
String pin = smsBody.replace(getResources().getString(R.string.your_extra_text), "").trim();
editText_confirm_pin.setText(pin);
if (validatePin(pin))
// go through the app
} catch (Exception ex) {
ex.printStackTrace();
}
}
};
