输入问题答案查看内容如何做比较安全？-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

输入问题答案查看内容如何做比较安全？

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:24 PM

phpSafety

输入问题答案查看内容如何做比较安全？

如图，有这样一个表单，需求就是回答问题正确才能查看内容，在一定时间如1天内再次访问不用回答问题，请教各位一般通常可行的办法是什么？

目前的做法是：回答正确了，写一个cookie值为1，下次来判断这个cookie值是否为1，否则需要重新回答问题，这样做明显不安全，伪造一个cookie访问不就可以查看到受保护的内容了。

回复内容：

输入问题答案查看内容如何做比较安全？

如图，有这样一个表单，需求就是回答问题正确才能查看内容，在一定时间如1天内再次访问不用回答问题，请教各位一般通常可行的办法是什么？

你的做法接近了，但不够安全，更安全的做法是生成一个随机的Token，并设置有效期。这个token由于是随机的而且位数较多，不容易被伪造。

1.可以按楼上说的，你可以这样做啊，值是随机生成的，那么你是不是想问你怎么知道用户传过来的时候这个TOKEN是不是你随机生成的？我觉得可以放在缓存里如REDIS，并给一个有效期，他要是提交时我们查看没有这个值我们就认为他自己伪造的或者说是过期了已经。
2.如果这个页是用户登入的，你可以根据他的用户ID，在用DES加密生成一个COOKIE啊直接在COOKIE里给有效期。然后这样你就不怕他是不是伪造了，因为有人想伪造时，他不知道你的DES加密时的KEY是多少，只有你自己知道。

这样是否可行？
回答问题正确，存一个cookie，值是md5(今天日期+salt)，下次访问校验的时候，计算md5(今天日期+salt)是否和存的cookie相同，就可以了。但是这样做，只能不用再次回答问题的有效时间是隔天就失效。

大家有更好的办法吗？

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Beyond the Hype: Assessing PHP's Role TodayApr 12, 2025 am 12:17 AM

PHP remains a powerful and widely used tool in modern programming, especially in the field of web development. 1) PHP is easy to use and seamlessly integrated with databases, and is the first choice for many developers. 2) It supports dynamic content generation and object-oriented programming, suitable for quickly creating and maintaining websites. 3) PHP's performance can be improved by caching and optimizing database queries, and its extensive community and rich ecosystem make it still important in today's technology stack.

What are Weak References in PHP and when are they useful?Apr 12, 2025 am 12:13 AM

In PHP, weak references are implemented through the WeakReference class and will not prevent the garbage collector from reclaiming objects. Weak references are suitable for scenarios such as caching systems and event listeners. It should be noted that it cannot guarantee the survival of objects and that garbage collection may be delayed.

Explain the __invoke magic method in PHP.Apr 12, 2025 am 12:07 AM

The \_\_invoke method allows objects to be called like functions. 1. Define the \_\_invoke method so that the object can be called. 2. When using the $obj(...) syntax, PHP will execute the \_\_invoke method. 3. Suitable for scenarios such as logging and calculator, improving code flexibility and readability.

Explain Fibers in PHP 8.1 for concurrency.Apr 12, 2025 am 12:05 AM

Fibers was introduced in PHP8.1, improving concurrent processing capabilities. 1) Fibers is a lightweight concurrency model similar to coroutines. 2) They allow developers to manually control the execution flow of tasks and are suitable for handling I/O-intensive tasks. 3) Using Fibers can write more efficient and responsive code.

The PHP Community: Resources, Support, and DevelopmentApr 12, 2025 am 12:04 AM

The PHP community provides rich resources and support to help developers grow. 1) Resources include official documentation, tutorials, blogs and open source projects such as Laravel and Symfony. 2) Support can be obtained through StackOverflow, Reddit and Slack channels. 3) Development trends can be learned by following RFC. 4) Integration into the community can be achieved through active participation, contribution to code and learning sharing.

PHP vs. Python: Understanding the DifferencesApr 11, 2025 am 12:15 AM

PHP and Python each have their own advantages, and the choice should be based on project requirements. 1.PHP is suitable for web development, with simple syntax and high execution efficiency. 2. Python is suitable for data science and machine learning, with concise syntax and rich libraries.

PHP: Is It Dying or Simply Adapting?Apr 11, 2025 am 12:13 AM

PHP is not dying, but constantly adapting and evolving. 1) PHP has undergone multiple version iterations since 1994 to adapt to new technology trends. 2) It is currently widely used in e-commerce, content management systems and other fields. 3) PHP8 introduces JIT compiler and other functions to improve performance and modernization. 4) Use OPcache and follow PSR-12 standards to optimize performance and code quality.

The Future of PHP: Adaptations and InnovationsApr 11, 2025 am 12:01 AM

The future of PHP will be achieved by adapting to new technology trends and introducing innovative features: 1) Adapting to cloud computing, containerization and microservice architectures, supporting Docker and Kubernetes; 2) introducing JIT compilers and enumeration types to improve performance and data processing efficiency; 3) Continuously optimize performance and promote best practices.

See all articles