如图,有这样一个表单,需求就是回答问题正确才能查看内容,在一定时间如1天内再次访问不用回答问题,请教各位一般通常可行的办法是什么?
目前的做法是:回答正确了,写一个cookie值为1,下次来判断这个cookie值是否为1,否则需要重新回答问题,这样做明显不安全,伪造一个cookie访问不就可以查看到受保护的内容了。
回复内容:
如图,有这样一个表单,需求就是回答问题正确才能查看内容,在一定时间如1天内再次访问不用回答问题,请教各位一般通常可行的办法是什么?
目前的做法是:回答正确了,写一个cookie值为1,下次来判断这个cookie值是否为1,否则需要重新回答问题,这样做明显不安全,伪造一个cookie访问不就可以查看到受保护的内容了。
你的做法接近了,但不够安全,更安全的做法是生成一个随机的Token,并设置有效期。这个token由于是随机的而且位数较多,不容易被伪造。
1.可以按楼上说的,你可以这样做啊,值是随机生成的,那么你是不是想问你怎么知道用户传过来的时候这个TOKEN是不是你随机生成的?我觉得可以放在缓存里如REDIS,并给一个有效期,他要是提交时我们查看没有这个值我们就认为他自己伪造的或者说是过期了已经。
2.如果这个页是用户登入的,你可以根据他的用户ID,在用DES加密生成一个COOKIE啊直接在COOKIE里给有效期。然后这样你就不怕他是不是伪造了,因为有人想伪造时,他不知道你的DES加密时的KEY是多少,只有你自己知道。
这样是否可行?
回答问题正确,存一个cookie,值是md5(今天日期+salt),下次访问校验的时候,计算md5(今天日期+salt)是否和存的cookie相同,就可以了。但是这样做,只能不用再次回答问题的有效时间是隔天就失效。
大家有更好的办法吗?
PHP Performance Tuning for High Traffic WebsitesMay 14, 2025 am 12:13 AMThesecrettokeepingaPHP-poweredwebsiterunningsmoothlyunderheavyloadinvolvesseveralkeystrategies:1)ImplementopcodecachingwithOPcachetoreducescriptexecutiontime,2)UsedatabasequerycachingwithRedistolessendatabaseload,3)LeverageCDNslikeCloudflareforservin
Dependency Injection in PHP: Code Examples for BeginnersMay 14, 2025 am 12:08 AMYou should care about DependencyInjection(DI) because it makes your code clearer and easier to maintain. 1) DI makes it more modular by decoupling classes, 2) improves the convenience of testing and code flexibility, 3) Use DI containers to manage complex dependencies, but pay attention to performance impact and circular dependencies, 4) The best practice is to rely on abstract interfaces to achieve loose coupling.
PHP Performance: is it possible to optimize the application?May 14, 2025 am 12:04 AMYes,optimizingaPHPapplicationispossibleandessential.1)ImplementcachingusingAPCutoreducedatabaseload.2)Optimizedatabaseswithindexing,efficientqueries,andconnectionpooling.3)Enhancecodewithbuilt-infunctions,avoidingglobalvariables,andusingopcodecaching
PHP Performance Optimization: The Ultimate GuideMay 14, 2025 am 12:02 AMThekeystrategiestosignificantlyboostPHPapplicationperformanceare:1)UseopcodecachinglikeOPcachetoreduceexecutiontime,2)Optimizedatabaseinteractionswithpreparedstatementsandproperindexing,3)ConfigurewebserverslikeNginxwithPHP-FPMforbetterperformance,4)
PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AMAPHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.
Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AMSelect DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.
PHP performance optimization strategies.May 13, 2025 am 12:06 AMPHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi
PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AMPHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
Notepad++7.3.1
Easy-to-use and free code editor
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
