Build a Simple Email OTP Verification System in PHP (No PHPMailer Required)

Muji Nov 4, 2025
Build a Simple Email OTP Verification System in PHP (No PHPMailer Required)

Want to verify users’ email addresses using OTP without complicated libraries?

In this tutorial, you’ll learn how to create a clean and functional Email OTP verification system in PHP using only the built-in mail() function, no PHPMailer, no external dependencies.

This approach is ideal for lightweight or static sites hosted on shared servers where you may not have full access to SMTP configurations.

What You’ll Learn

By the end of this guide, you’ll be able to:

  • Generate a one-time password (OTP) and send it to an email.
  • Verify the OTP entered by the user.
  • Use PHP sessions to persist verification data between pages.
  • Redirect users to a success page after successful verification.

Folder Structure

Here’s how your project files will look:

otp-verification/

├── index.php # Main form page (email + OTP entry)
├── send_otp.php # Generates and emails OTP
├── verify_otp.php # Verifies the OTP entered by user
└── success_page.php # Shown after successful verification

Step 1: Create the Main Page (index.php)

This page allows users to enter their email ID and receive an OTP.

<?php
session_start();
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Email OTP Verification</title>
</head>
<body>
    <h2>Enter Your Email to Receive OTP</h2>
    <form method="POST" action="send_otp.php">
        <label for="email">Email ID:</label>
        <input type="email" name="email" required>
        <button type="submit">Send OTP</button>
    </form>

    <?php if (isset($_SESSION['otp_sent']) && $_SESSION['otp_sent'] == true): ?>
        <h2>Verify OTP</h2>
        <form method="POST" action="verify_otp.php">
            <label for="otp">Enter OTP:</label>
            <input type="text" name="otp" required>
            <button type="submit">Verify OTP</button>
        </form>
    <?php endif; ?>
</body>
</html>

What happens here

  • Users enter their email ID and click Send OTP.
  • After submitting, they’re redirected to send_otp.php where the OTP is generated and emailed.
  • If OTP is sent successfully, the OTP verification form is shown on the same page.

Step 2: Send the OTP (send_otp.php)

This script generates a random 6-digit OTP, stores it in a session, and sends it to the user’s email using PHP’s mail() function.

<?php
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $email = $_POST['email'];
    $otp = rand(100000, 999999); // Generate random OTP

    // Store details in session
    $_SESSION['otp'] = $otp;
    $_SESSION['email'] = $email;
    $_SESSION['otp_sent'] = true;

    // Email setup
    $subject = "Your OTP Code";
    $message = "Your OTP code is: <b>$otp</b>";
    $headers = "From: no-reply@example.com\r\n";
    $headers .= "Reply-To: no-reply@example.com\r\n";
    $headers .= "Content-Type: text/html; charset=UTF-8\r\n";

    // Send email
    if (mail($email, $subject, $message, $headers)) {
        echo "OTP sent to $email.";
    } else {
        echo "Error: Unable to send OTP.";
    }

    // Redirect back to index
    header('Location: index.php');
}
?>

How it works

  • A random 6-digit OTP is generated using rand(100000, 999999).
  • The OTP and email are stored in the PHP session for verification.
  • PHP’s mail() function sends the OTP email.

Tip: If the email is not received, check your server’s mail configuration or use an SMTP setup (via PHPMailer).

Step 3: Verify the OTP (verify_otp.php)

This page compares the OTP entered by the user with the one stored in the session.

<?php
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $entered_otp = $_POST['otp'];

    if ($entered_otp == $_SESSION['otp']) {
        echo "OTP Verified Successfully! Redirecting...";
        header('Location: success_page.php');
        exit;
    } else {
        echo "Invalid OTP. Please try again.";
        header('Location: index.php');
        exit;
    }
}
?>

How it works

  • The entered OTP is compared to the one in the session.
  • If they match, the user is redirected to a success page.
  • If not, the user is asked to try again.

Step 4: Create the Success Page (success_page.php)

Once the OTP is verified, the user lands on this confirmation page.

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>OTP Verified</title>
</head>
<body>
    <h2>OTP Verified Successfully!</h2>
    <p>Thank you for verifying your email. You can now proceed to the next step.</p>
</body>
</html>

Conclusion

You’ve just built a fully functional Email OTP Verification System in PHP, from scratch, without any external libraries.

See you in the next article.

Leave a Reply

Your email address will not be published. Required fields are marked *