If you’re running a Moodle-based e-learning platform and want to add an extra layer of security during user login or registration, integrating OTP (One-Time Password) verification is a smart move. And what better way to do it than with Message91—a reliable SMS API provider in India?
In this guide, we’ll walk you through creating a Message91 OTP plugin for Moodle. Don’t worry if you’re not a coding genius—we’ll keep it simple, clear, and beginner-friendly.
Why Use OTP Verification in Moodle?
Adding OTP (One-Time Password) verification is not just about better security—it’s also about building trust with your users. It reduces spam registrations, protects user data, and keeps your learning platform safe.
Prerequisites Before You Start
Before we dive into the code, here’s what you’ll need:
- A working Moodle installation
- Admin access to your Moodle site
- A Message91 account and your API key
- Basic knowledge of PHP and Moodle plugin structure
Step-by-Step Guide to Create Message91 OTP Plugin for Moodle
Step 1: Set Up a New Moodle Plugin
Create a new directory inside the auth folder in your Moodle installation. Let’s name it auth_message91otp.
cd /path-to-your-moodle/auth
mkdir auth_message91otp
Inside that folder, create the following essential files:
- version.php
- auth.php
- lang/en/auth_message91otp.php
- settings.php (optional but recommended)
Step 2: Define Plugin Details in version.php
defined('MOODLE_INTERNAL') || die();
$plugin->version = 2025040800;
$plugin->requires = 2022041900;
$plugin->component = 'auth_message91otp';
Step 3: Create the Core Logic in auth.php
Here you will add the logic to send OTP via Message91 and verify it.
require_once($CFG->libdir.'/authlib.php');
class auth_plugin_message91otp extends auth_plugin_base {
public function user_login($username, $password) {
global $DB;
$user = $DB->get_record('user', ['username' => $username]);
if (!$user) {
return false;
}
// Assume OTP was sent and received via frontend
$input_otp = required_param('otp', PARAM_RAW);
$session_otp = $_SESSION['otp'];
return ($input_otp === $session_otp);
}
public function pre_user_login_hook(&$user) {
$this->send_otp_via_message91($user->phone);
}
private function send_otp_via_message91($phone) {
$otp = rand(100000, 999999);
$_SESSION['otp'] = $otp;
$api_key = 'YOUR_MESSAGE91_API_KEY';
$template_id = 'YOUR_TEMPLATE_ID';
$url = "https://control.msg91.com/api/v5/otp?template_id=$template_id&mobile=$phone&authkey=$api_key&otp=$otp";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
}
}
Step 4: Add Language Support
Create lang/en/auth_message91otp.php and add:
$string['pluginname'] = 'Message91 OTP Authentication';
Step 5: Enable the Plugin in Moodle
- Go to Site Administration > Plugins > Authentication > Manage Authentication
- Enable “Message91 OTP Authentication”
- Enter the API key and template ID in the settings page (optional, if you’ve created a settings.php)
Tips for Testing the Plugin
- Use a test number from your Message91 dashboard
- Make sure your hosting environment allows outbound cURL requests
- Use browser dev tools or logs to debug OTP flows
Integrating OTP verification using Message91 adds a powerful layer of security to your Moodle platform. With just a few lines of code and the right API setup, you can ensure safer logins for your users while enhancing their trust in your platform.
If you’re looking for a team that can help you with custom plugin development, API integration, or full-stack Moodle solutions, CodeHunger can be a great partner to bring your ideas to life.
