That is a more specific problem.
If I understood correctly, the code is the same for eeveryone? The authentication code should be unique (or at least random) for any specific user.
You can create a new entity to stores the code of each user (and time of creation so you can invalidate them after x minutes).