Reset by SMS

How it works?

First, the user will enter his login. With this login, SSP will try to get information, like name and mobile phone number.

If information is found, the user can check it and confirm the sent of reset code trough SMS.

A message is sent either to an Email to SMS gateway, either trough an API (called with PHP code or by script).

SMS provider

You first have to choose SMS provider. Search the web to find one, many have a free trial so you can test the feature.

Some known providers:


You can enable or disable this feature with $use_sms:

$use_sms = true;


If you enable this option, you must change the default value of the security keyphrase.


Choose which method to use, mail or api:

$sms_method = "mail";


If you choose the mail method, the mail will be sent to SMS provider trough mail configuration (see Mail).

You can adjust some settings here, depending on provider guidelines:

To set SMS mail to address. Within smssmailto {sms_attribute} will be replaced by sms number.

$smsmailto = "{sms_attribute}";

Subject when sending email to SMTP to SMS provider

$smsmail_subject = "Provider code";


If you choose API, you need to define which library will be called:

$sms_api_lib = "lib/";

In this library, you must define the send_sms_by_api function:

function send_sms_by_api($mobile, $message) {

    # PHP code
    # ...

    # Or call to external script
    # $command = escapeshellcmd(/path/to/script).' '.escapeshellarg($mobile).' '.escapeshellarg($message);
    # exec($command);

    return 1;

Read the provider guidelines to know how to access its API.


An example is given in lib/ Copy this file to lib/ and start coding!

See also SMS API.

Mobile attribute

Set here which LDAP attributes hold the user mobile phone, first found will be used :

$sms_attributes = array( "mobile", "pager", "ipPhone", "homephone" );

You can also partially hide the value when it is displayed on the confirmation page:

$sms_partially_hide_number = true;

To remove any non digit character from SMS number;

$sms_sanitize_number = true;

To truncate SMS number:

$sms_truncate_number = true;
$sms_truncate_number_length = 10;


Set the message here, it uses by default the smsresetmessage message defined in lang files and the smstoken parameter:

# Message
$sms_message = "{smsresetmessage} {smstoken}";


You can set the token length:

$sms_token_length = 6;

You can also configure the allowed attempts:

$max_attempts = 3;

After these attempts, the sent token is no more valid.