Building a Secure 2FA Voting Gateway with PHP & Twilio

During the development of the parlementdesexiles.eu platform, I faced a critical architectural challenge: How do you build a public voting system that is entirely accessible, completely anonymous, yet strictly protected against duplicate votes and bot manipulation?

The solution required bypassing standard out-of-the-box tools and engineering a custom PHP/MySQL backend integrated with a Two-Factor Authentication (2FA) gateway via the Twilio API.

The Architectural Flow: To ensure data integrity, the process was broken down into isolated, secure steps. When a user submits their phone number to vote, the system generates a secure, time-sensitive cryptographic token.

Twilio dispatches an SMS containing an OTP (One-Time Password). Upon successful verification by the user, the vote is securely cast into the MySQL database.

Privacy by Design: To comply with strict European privacy laws (GDPR), the database never stores plain-text phone numbers post-verification. The numbers are hashed using advanced cryptographic algorithms (like bcrypt or Argon2). This ensures that while the system can verify if a user has already voted, it is mathematically impossible to extract the original phone numbers from the database.