bgervan
commented
3 years ago Take note it will cause some bug, if you don't change the token creation a bit. I remove all the previous token to the same user, because it's likely to be the same with 4 digit, especially when the user logins often (with testing phase the dev for example). I think no need to keep the old digits anyway, to keep it secure, we would need a time limit instead, until it is valid.
The sent token was 6 digits long with a fixed value. This commit contains the necessary changes to be able to configure as we want.
credit @bgervan