diff --git a/www/tiqr/index.php b/www/tiqr/index.php
index 53cecee5..054966ba 100644
--- a/www/tiqr/index.php
+++ b/www/tiqr/index.php
@@ -12,39 +12,6 @@
 
 date_default_timezone_set('Europe/Amsterdam');
 
-function login( $sessionKey, $userId, $response )
-{
-    global $options;
-    global $userStorage;
-    $userSecret = $userStorage->getSecret($userId);
-    $tiqr = new Tiqr_Service($options);
-
-    // $tiqr->authenticate is not resilient for incorrect userId!!
-    $result = $tiqr->authenticate($userId, $userSecret, $sessionKey, $response);
-    
-    //Note that actually blocking the user and keeping track of login attempts is a responsibility of your application,
-    switch( $result ) {
-        case Tiqr_Service::AUTH_RESULT_AUTHENTICATED:
-            //echo 'AUTHENTICATED';
-            return "OK";
-            break;
-        case Tiqr_Service::AUTH_RESULT_INVALID_CHALLENGE:
-            return 'INVALID_CHALLENGE';
-            break;
-        case Tiqr_Service::AUTH_RESULT_INVALID_REQUEST:
-            return 'INVALID_REQUEST';
-            break;
-        case Tiqr_Service::AUTH_RESULT_INVALID_RESPONSE:
-            return 'INVALID_RESPONSE';
-//        echo “INVALID_RESPONSE:3”;  // 3 attempts left
-//        echo “INVALID_RESPONSE:0”;  // blocked
-            break;
-        case Tiqr_Service::AUTH_RESULT_INVALID_USERID:
-            return 'INVALID_USERID';
-            break;
-    }
-}
-
 $app = new Silex\Application();
 $app['debug'] = $options['debug'];
 
@@ -83,28 +50,6 @@ function login( $sessionKey, $userId, $response )
 
 ### tiqr Authentication ###
 
-$app->post('/login', function (Request $request) use ($app, $tiqr, $options) {
-    $sessionKey = $app['session']->get('sessionKey');
-    $userId = $request->get('userID');
-    $otp = $request->get('otp');
-
-    $result = login($sessionKey, $userId, $otp);
-    
-    $sid = $app['session']->getId();
-    $userdata = $tiqr->getAuthenticatedUser($sid);
-    if( $result === "OK" ) {
-        $app['session']->set('authn', array('username' => $userdata));
-        $tiqr->logout($sid);
-        $app['session']->remove('sessionKey');
-        $app['monolog']->addInfo(sprintf("[%s] verified authenticated user '%s'", $sid, $userdata));
-        $return = $request->getUriForPath('/');
-    } else {
-        $app['session']->set('keepSessionKey', true);
-        $return = $request->getUriForPath('/login');
-    }
-    return $app->redirect($return);
-});
-
 $app->get('/login', function (Request $request) use ($app, $tiqr, $options) {
     $locale = $app['translator']->getLocale();
     $locales = array_keys($options['translation']);
@@ -133,14 +78,16 @@ function login( $sessionKey, $userId, $response )
         $app['session']->set('sessionKey', $sessionKey);
     }
     $app['monolog']->addInfo(sprintf("[%s] started new login session, session key = '%s", $sid, $sessionKey));
-    
-    $authUrl = $tiqr->generateAuthURL($sessionKey).'?return='.urlencode($return);
+
+    $authUrl = $tiqr->generateAuthURL($sessionKey);
+//    $authUrl = $tiqr->generateAuthURL($sessionKey).'?return='.urlencode($return);
 
     return $app['twig']->render('index.html', array(
         'self' => $base,
         'return_url' => $return,
         'id' => $id,
         'authUrl' => $authUrl,
+        'sessionKey' => $sessionKey,
         'here' => $here,
         'locale' => $locale,
         'locales' => $locales,
diff --git a/www/tiqr/views/index.html b/www/tiqr/views/index.html
index 3a0e07cd..0ebb0c7e 100644
--- a/www/tiqr/views/index.html
+++ b/www/tiqr/views/index.html
@@ -58,23 +58,27 @@ <h2>{{ 'login.title' | trans }}</h2>
 {% endif %}
 
     <br/>
-    <a href="{{authUrl}}">
-        <img class="qr" src='qr' style="{{ id ? 'display:none;' : '' }} cursor: none;" />
-    </a>
 
-    <p>
-        {{ 'login.qr.manual.message' | trans({'%link_start%': '<a href="#" onClick="javascript:jQuery(\'#otpform\').slideToggle();">', '%link_end%': '</a>'}) | raw }}
-    </p>
+    <div class="qr" style="{{ id ? 'display:none;' : '' }}">
+        <a href="{{authUrl}}">
+            <img src='qr' style="cursor: none;" />
+        </a>
+        <p>
+            {{ 'login.qr.manual.message' | trans({'%link_start%': '<a href="#" onClick="javascript:jQuery(\'#otpform\').slideToggle();">', '%link_end%': '</a>'}) | raw }}
+        </p>
+    </div>
+
     <div id="otpform" style="display:none">
-        <form method=POST>
+        <form method="POST">
             <p>
                 {% if not id %}
                 {{ 'login.qr.manual.userid' | trans }}: <input type="text" tabindex="2" name="userID"/>
                 {% else %}
                                                         <input type="hidden" value="{{ id }}" name="userID"/>
                 {% endif %}
-                {{ 'login.qr.manual.otp' | trans }}: <input type="text" name="otp" tabindex="3"/>
+                {{ 'login.qr.manual.otp' | trans }}: <input type="text" name="otp" tabindex="3" placeholder="one time password..."/>
                 <input type="submit" value="{{ 'login.qr.manual.button' | trans }}"/>
+                <div id="result"></div>
             </p>
         </form>
     </div>
@@ -82,9 +86,34 @@ <h2>{{ 'login.title' | trans }}</h2>
     <script>
         $(function(){
             $('a.scan').click(function(){
-                $( "img.qr" ).show( "slow" );
+                $( "div.qr" ).show( "slow" );
             });
         });
+
+        // Attach a submit handler to the OTP form
+        $( "#otpform" ).submit(function( event ) {
+            // Stop form from submitting normally
+            event.preventDefault();
+            // Get otp value from the form:
+            var $form = $( this ),
+                    otp = $form.find( "input[name='otp']" ).val(),
+                    url = '/tiqr/tiqr.php';
+            request = {
+                operation: "login",
+                notificationType: "APNS",
+                notificationAddress: "123abc",
+                userId: "{{ id }}",
+                response: otp,
+                sessionKey: "{{ sessionKey }}"
+            }
+            //var s = JSON.stringify(request);
+            $.post(url, request,
+                    function(data){
+                        if( data != "OK" )
+                            $( "#result" ).empty().append( "Error: " + data );
+                    });
+        });
+
     </script>
 
     </div><!-- /content -->