diff --git a/api.php b/api.php
index ddfc1a5..5fc55c8 100644
--- a/api.php
+++ b/api.php
@@ -288,6 +288,14 @@ switch ($VARS['action']) {
             exit(json_encode(["status" => "OK"]));
         }
         exit(json_encode(["status" => "ERROR", "msg" => $result]));
+    case "codelogin":
+        $database->delete("onetimekeys", ["expires[<]" => date("Y-m-d H:i:s")]); // cleanup
+        if ($database->has("onetimekeys", ["key" => $VARS['code'], "expires[>]" => date("Y-m-d H:i:s")])) {
+            $user = $database->get("onetimekeys", ["[>]accounts" => ["uid" => "uid"]], ["username", "realname", "accounts.uid"], ["key" => $VARS['code']]);
+            exit(json_encode(["status" => "OK", "user" => $user]));
+        } else {
+            exit(json_encode(["status" => "ERROR", "msg" => lang("no such code or code expired", false)]));
+        }
     default:
         http_response_code(404);
         die(json_encode("404 Not Found: the requested action is not available."));
diff --git a/database.mwb b/database.mwb
index 64bacb1..1b03860 100644
Binary files a/database.mwb and b/database.mwb differ
diff --git a/database.sql b/database.sql
index 38ec6b7..b6c140c 100644
--- a/database.sql
+++ b/database.sql
@@ -1,5 +1,5 @@
 -- MySQL Script generated by MySQL Workbench
--- Mon 20 Nov 2017 08:36:18 PM MST
+-- Mon 18 Dec 2017 12:56:23 AM MST
 -- Model: New Model    Version: 1.0
 -- MySQL Workbench Forward Engineering
 
@@ -275,6 +275,24 @@ CREATE TABLE IF NOT EXISTS `accounthub`.`rate_limit` (
 ENGINE = MEMORY;
 
 
+-- -----------------------------------------------------
+-- Table `accounthub`.`onetimekeys`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `accounthub`.`onetimekeys` (
+  `key` VARCHAR(10) NOT NULL,
+  `uid` INT NOT NULL,
+  `expires` DATETIME NOT NULL,
+  INDEX `fk_onetimekeys_accounts1_idx` (`uid` ASC),
+  PRIMARY KEY (`key`),
+  UNIQUE INDEX `key_UNIQUE` (`key` ASC),
+  CONSTRAINT `fk_onetimekeys_accounts1`
+    FOREIGN KEY (`uid`)
+    REFERENCES `accounthub`.`accounts` (`uid`)
+    ON DELETE NO ACTION
+    ON UPDATE NO ACTION)
+ENGINE = InnoDB;
+
+
 SET SQL_MODE=@OLD_SQL_MODE;
 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS;
 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS;
diff --git a/database_upgrade/1.0.1_1.1.sql b/database_upgrade/1.0.1_1.1.sql
new file mode 100644
index 0000000..5da1945
--- /dev/null
+++ b/database_upgrade/1.0.1_1.1.sql
@@ -0,0 +1,14 @@
+CREATE TABLE IF NOT EXISTS `onetimekeys` (
+  `key` VARCHAR(10) NOT NULL,
+  `uid` INT(11) NOT NULL,
+  `expires` DATETIME NOT NULL,
+  INDEX `fk_onetimekeys_accounts1_idx` (`uid` ASC),
+  PRIMARY KEY (`key`),
+  UNIQUE INDEX `key_UNIQUE` (`key` ASC),
+  CONSTRAINT `fk_onetimekeys_accounts1`
+    FOREIGN KEY (`uid`)
+    REFERENCES `accounthub`.`accounts` (`uid`)
+    ON DELETE NO ACTION
+    ON UPDATE NO ACTION)
+ENGINE = InnoDB
+DEFAULT CHARACTER SET = utf8
diff --git a/lang/en_us.php b/lang/en_us.php
index b81effd..e9a2687 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -95,4 +95,5 @@ $STRINGS = [
     "secret key" => "Secret key",
     "label" => "Label",
     "issuer" => "Issuer",
+    "no such code or code expired" => "That code is incorrect or expired."
 ];
diff --git a/mobile/index.php b/mobile/index.php
index dc2298d..63616a9 100644
--- a/mobile/index.php
+++ b/mobile/index.php
@@ -117,6 +117,18 @@ switch ($VARS['action']) {
             }
         }
         exit(json_encode(["status" => "OK", "apps" => $apps]));
+    case "gencode":
+        engageRateLimit();
+        $uid = $database->get("accounts", "uid", ["username" => $username]);
+        $code = "";
+        do {
+            $code = random_int(100000, 999999);
+        } while ($database->has("onetimekeys", ["key" => $code]));
+        
+        $database->insert("onetimekeys", ["key" => $code, "uid" => $uid, "expires" => date("Y-m-d H:i:s", strtotime("+1 minute"))]);
+        
+        $database->delete("onetimekeys", ["expires[<]" => date("Y-m-d H:i:s")]); // cleanup
+        exit(json_encode(["status" => "OK", "code" => $code]));
     default:
         http_response_code(404);
         die(json_encode(["status" => "ERROR", "msg" => "The requested action is not available."]));
diff --git a/nbproject/mplheader.txt b/nbproject/mplheader.txt
new file mode 100644
index 0000000..f7703e8
--- /dev/null
+++ b/nbproject/mplheader.txt
@@ -0,0 +1,9 @@
+<#if licenseFirst??>
+${licenseFirst}
+</#if>
+${licensePrefix}This Source Code Form is subject to the terms of the Mozilla Public
+${licensePrefix}License, v. 2.0. If a copy of the MPL was not distributed with this
+${licensePrefix}file, You can obtain one at http://mozilla.org/MPL/2.0/.
+<#if licenseLast??>
+${licenseLast}
+</#if>
\ No newline at end of file
diff --git a/nbproject/project.properties b/nbproject/project.properties
index 911a7b8..3215614 100644
--- a/nbproject/project.properties
+++ b/nbproject/project.properties
@@ -1,5 +1,6 @@
 include.path=${php.global.include.path}
 php.version=PHP_70
+project.licensePath=./nbproject/mplheader.txt
 source.encoding=UTF-8
 src.dir=.
 tags.asp=false