Single “User-Only” Page with SMS Verification?

I am building a relatively simple site for a client and am hitting a wall when it comes to what seemed like a deceivingly easy request.

He wants one page of the site with important info to be only accessible to users who have provided a valid phone number in a registration form for easy followup later on. I have a couple ideas for how to build that functionality, but neither cover every base.

  • Use basic wordpress login/registration functionality and only allow logged in users to see the page. I feel as though sms verification isn’t an option as phone numbers aren’t stored via WordPress’s registration system.
  • Use Orion SMS OTP verification on a basic form hosted on the site. When the user verifies their phone number and submits the form, the password for the password protected private page will be sent via SMS to their provided phone #. With this one, I’m confused as to where I could store the user’s information for easy lookup later on. Would Twilio be an option? or Mailchimp?

Thanks for any advice you can send my way. I’m relatively new when it comes to WordPress dev.

Email Verification – Create Emails…

If you click on your project, go to email verification and hit create emails, the list is very outdated. Most don’t work.

The ones that are valid though, it’s not capturing any emails. eg. (No emails are being sent there when actually testing).  Can you fix this @Sven

I was looking for a catchall solution and this doesn’t work sadly.

Use of pumping lemma for not regular languages. (Proof Verification)

$ L=\{w \in \{0,1,a\}^* | \#_0(w) = \#_1(w) \}$

We show that L is not regular by pumping lemma.

We choose w=$ 0^p 1^p a$

|w| = 2p+1

Now |xy| has to be $ \leq p$

So x and y could only contain zeros. And $ z=1^p a$

$ xy^iz= 0^p 1^p a$

Now let i = 0

$ xy^0z=0^{p-|y|} 1^p a$

Now hence $ p-|y| \neq p$ this choice of i would lead to a word that is not in L. So we can not pump y and stay in the language.

So L is not regular.

I’m trying to learn the usage of the pumping lemma. Is my proof correct?

Any suggestions are welcome. Thanks!

Is revealing phone number during OTP verification process consifered vulnerability?

One of the common way of implementing 2FA is using phone number Text message or Call with OTP. As I can see, usually web services show something like "OTP was sent to the number +*********34". Is is done because revealing the number is considered a vulnerability? If yes, then which one, is it described anywhere? I guess it has something to do with not wanting to show too much info about the user. This info might be used be social engineering, but maybe there is something else?

Having a link to a trusted location with the description would be great as well.