OTP / 2FA in Survey

More
1 week 3 days ago #186497 by theendeavorist
Hey peeps,

I have searched the forum for an answer but couldn't find anything directly related:

The challenge for today: Is it possible to set up a 2FA/OTP (email/sms etc) in a Survey?

What I want to do is to have a survey with X questions, ending with a button which will send an One Time Password to the email address the specific survey has been sent out to. This OTP can then be entered in a field, the user click send/finish survey, the code gets validated and if correct, the Survey is finished. If the OTP is entered incorrect, the survey is not submitted.

What this solves in practice is that the person who owns the emailaddress/mailbox, needs to have access to this box. If the email/survey has been forwarded to someone else, they can't enter the OTP since it's going to the original email address for the specific survey.

Looking forward to your ideas and thanks for the feedback!

Please Log in or Create an account to join the conversation.

LimeSurvey Partners
More
1 week 3 days ago #186503 by DenisChenu
Replied by DenisChenu on topic OTP / 2FA in Survey
Hi,

You must do a plugin for this

1. manual.limesurvey.org/AfterSurveyComplete to create the OTP and send the email
2. manual.limesurvey.org/NewDirectRequest to validate and show a page

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .
The following user(s) said Thank You: cdorin, theendeavorist

Please Log in or Create an account to join the conversation.

More
1 week 3 days ago #186513 by Joffm
Replied by Joffm on topic OTP / 2FA in Survey
To understand correctly:
After answering the questions - but before submitting - a password is created and sent to the respondent.
On the next page the respondent has to enter this password.
If correct he is able to submit.

I did this by an ajax call like this:
<script type="text/javascript" charset="utf-8">
$(document).on('ready pjax:scriptcomplete',function(){
  $.post('https://www.myServer.de/sendCode.php' , { pw: "{e1PW}", email: "{email}" },function(data) {
 
                   $('#question{QID} input[type="text"]').val(data)
 
			});
 $('#question{QID}').hide();
	});
</script>

sendCode.php is a very simple script that only sends the code to the email address.
Like this:
$Code=$_POST['pw'];
$email=$_POST['email'];
 
$mail             = new PHPMailer();
$mail->From       = 'example@ls.org';
$mail->FromName   = 'FromName';
$mail->Subject    = 'Your Code';
$mail->MsgHTML($Code);
$mail->AddAddress( $email);
$mail->Send();

And on the next page you can do something like that:




Volunteers are not paid.
Not because they are worthless, but because they are priceless
Attachments:
The following user(s) said Thank You: theendeavorist

Please Log in or Create an account to join the conversation.

More
18 hours 15 minutes ago #186872 by theendeavorist
Replied by theendeavorist on topic OTP / 2FA in Survey
Excellent explanations. I will have look, thanks for all the input!

Please Log in or Create an account to join the conversation.

More
18 hours 15 minutes ago #186873 by theendeavorist
Replied by theendeavorist on topic OTP / 2FA in Survey
Thanks! I will have a look at these links for sure to see if I can get it up and running.

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!