Week 029 — QR Codes, OTP, and Three Weddings

"Last week launch? What was I thinking?!" — from the plan notes, Monday morning.

Week of June 2, 2025

Progress

QR code assignment reached completion on Monday — assigning to an existing item, adding a QR code to a new item, placeholder images for items and avatars, routing cleanup, and a badge on the items page showing QR code status. The routing engine also got login checks added throughout.

The sign-up flow was in a broken state from the user class refactor — it had never been fully tested since the DTO changes. Fixing it surfaced a chicken-and-egg problem: creating an address record requires a user ID, but the user ID isn't available until after the user is created. Solved by creating the address record in a second step after user creation.

OTP authentication started midweek. Twilio and Mailgun accounts were created. Dotenv was installed to manage environment variables properly across dev and production. By Thursday, the OTP send and verify endpoints were both working.

The sign-in page was redesigned around OTP — a single page for both sign-in and sign-up, similar to how AirBnB handles it: enter a phone number or email, if the account exists it's a sign-in flow, if not it's account creation. No separate pages to maintain.

By Saturday, the OTP sign-in flow was implemented. Sunday brought more wedding prep than code.

The Hard Part

The user sign-up flow turned out to be a multi-day debugging session. A password hash failure came from accidentally using parentheses instead of square brackets when accessing the POST array — $_POST['field'] written as $_POST('field'). A fatal error with a misleading message. The timestampFound field still wasn't loading into the item page despite being in the database — a function name typo, and even after fixing it the value wasn't displaying. Some bugs require two separate fixes for the same symptom.

Grok was used extensively during the OTP implementation — "Friggen Grok, it's scary how human it seems" had been the note when DTOs were introduced in March, and the pattern has only continued. Knowing when to use it for orientation versus when to write the code yourself is still being calibrated.

Decision Made

One sign-in/sign-up page. If the provided phone or email exists in the database, the auth flow treats it as a sign-in. If not, it presents the account creation fields. No separate pages, no ambiguity for the user about which flow they should be in.

Separate CSS file for form styling (form.css), applied across the sign-in page and user profile page. The visual consistency makes it feel like a coherent product rather than pages that happened to be built at different times.

Next Week

OTP is working in test. Production deployment is the next major hurdle — getting the application actually running on a real server and available to real users.