Use the registered mobile number or e-mail saved in your system. First we try mobile OTP, if that fails we fall back to e-mail, and resend sends OTP on both channels.
First send tries mobile OTP. If SMS fails, the same OTP automatically falls back to the saved e-mail.
Every send, verify, and logout action is protected with CSRF and session-safe handling.
Both active and pending staff or user records can access the staff login panel through OTP verification.
If 3 OTP attempts fail, the whole verification flow resets cleanly and asks for a fresh OTP.