Reset by SMS

Configuration file: self-service-password/conf/

How it works?

First, the user will enter his login. With this login, SSP will try to get information, like name and mobile phone number.

If information is found, the user can check it and confirm the sent of reset code trough SMS.

A mail is sent to a Email to SMS gateway. This gateway will then send the message to the mobile phone. The user should then enter the code on SSP page, and can then change its password.

SMS provider

You first have to choose a Email to SMS provider. Search the web to find one, many have a free trial so you can test the feature. You can try for example


You can enable or disable this feature with $use_sms:

$use_sms = true;

Mobile attribute

Set here which LDAP attribute hold the user mobile phone:

$sms_attribute = "mobile";

You can also partially hide the value when it is displayed on the confirmation page:

$sms_partially_hide_number = true;


The values set here depend on the Email to SMS provider. Some require a specific string in mail subject, other use a specific mail body. Just adapt the configuration to these requirements.

# Send SMS mail to address
$smsmailto = "{sms_attribute}";
# Subject when sending email to SMTP to SMS provider
$smsmail_subject = "Provider code";
# Message
$sms_message = "{smsresetmessage} {smstoken}";


You can set the token length:

$sms_token_length = 6;

You can also configure the allowed attempts:

$max_attempts = 3;

After these attempts, the sent token is no more valid.