I need a compact PHP module that can be dropped into both my web and mobile back-ends. When a user triggers an OTP request, the script should: • check our MySQL user table to confirm the sender is registered and active • create a time-bound, cryptographically secure numeric OTP • log the request (user ID, channel, timestamp, IP) • send the code simultaneously by SMS and Email, using gateways I can configure (Twilio and Mailgun are what I use today, but leave the classes abstract so I can swap providers later) Please expose one clean function—requestOtp($usernameOrPhone)—that returns a JSON response with success / failure messages the apps can consume. OTP validity, retry limits, and error handling should be configurable at the top of the script. Acceptance criteria 1. Verified users receive the same code via both channels within two seconds in my staging environment. 2. Invalid or unregistered requests return a descriptive error and are logged. 3. All sensitive data is parameterised (no credentials hard-coded). 4. Code passes a quick security scan (no SQL injection, proper prepared statements, rate-limit to thwart brute force). Hand over the PHP file(s), a README with setup steps, and a Postman collection for quick testing.