­­­­­­­­­­­­­­­­­­
<!DOCTYPE html>
<html>
<?php
session_start();
header("Content-Type: application/json");

if (!isset($_POST['mobile']) || !isset($_POST['otp'])) {
    echo json_encode(["success" => false, "message" => "Invalid request."]);
    exit;
}

function convert_persian_numbers ($string) {
    $newNumbers = range(0, 9);
    // 1. Persian HTML decimal
    $persianDecimal = array('&#1776;', '&#1777;', '&#1778;', '&#1779;', '&#1780;', '&#1781;', '&#1782;', '&#1783;', '&#1784;', '&#1785;');
    // 2. Arabic HTML decimal
    $arabicDecimal = array('&#1632;', '&#1633;', '&#1634;', '&#1635;', '&#1636;', '&#1637;', '&#1638;', '&#1639;', '&#1640;', '&#1641;');
    // 3. Arabic Numeric
    $arabic = array('٠', '١', '٢', '٣', '٤', '٥', '٦', '٧', '٨', '٩');
    // 4. Persian Numeric
    $persian = array('۰', '۱', '۲', '۳', '۴', '۵', '۶', '۷', '۸', '۹');

    $string =  str_replace($persianDecimal, $newNumbers, $string);
    $string =  str_replace($arabicDecimal, $newNumbers, $string);
    $string =  str_replace($arabic, $newNumbers, $string);
    return str_replace($persian, $newNumbers, $string);
}

$otpEntered = convert_persian_numbers($_POST['otp']);
$otpSession = $_SESSION['otp'] ?? null;
$otpAttempts = $_SESSION['otp_attempts'] ?? 0;

if ($otpAttempts <= 0) {
    echo json_encode(["success" => false, "message" => "Max attempts reached."]);
    exit;
}

if ($otpEntered == $otpSession) {
    $_SESSION['otp_verified'] = true;
    echo json_encode(["success" => true, "message" => "OTP verified."]);
} else {
    $_SESSION['otp_attempts']--;
    echo json_encode(["success" => false, "message" => "Incorrect OTP. Attempts left: " . $_SESSION['otp_attempts']]);
}
?>