PHP简单的手机验证码验证过程
做过一个需求:广告主后台发起调查活动,普通用户参加此调查后跳转值某个网址领取1Q点(1角钱);上线一段时间以后,广告主反馈得到的很多手机号都是伪造的(我们开始只用正则匹配判断手机号正确与否),然后产品让我们加上手机短信验证,就变成了下面的样子.
刚开始的思路应该很正常的那种,用rand生成随机码,然后存在redis里边,设置expire为60秒;后来考虑考虑,用户为了1角钱不至于如此,需要验证码的时候也不会瞎填写,系统还限制某ID用户明天每天只能参加5次这种活动,也为了不浪费系统资源的原则,公司发的短信已经需要2分钱一条,决定不用redis,用下面的思路:
用用户帐号+活动ID+手机号进行处理生成一个固定的数字,然后驾驶时间戳进行干扰生成4位数的数字,干扰以后只保证4位数对应的二进制的1、5、6、7、8、9位不被干扰,这样对应会生出pow(2,6)个不一样的4位数字,随机发送给用户一个。
用户验证验证码时候也只验证验证码的1、5、6、7、8、9位是否正确,为用户帐号+活动ID+手机号进行处理生成,这样就不用存储验证码,达到验证手机号的号码。
具体的测试例子在下面,为啥说是测试例子呢,因为最后还没有用,我就去封闭开发其他项目去了,下面代码也是偶尔翻到,看代码竟然是我工作一周年的时候写的
,测试的代码生成的验证码散列的不是很好,也没有时间进行改善,主要介绍一下上面的思路。
<?php/** * * User: shikiliu * Date: 13-7-11 */class TelephoneCheck{ /** * 取得某个用户某次活动的手机验证码 * @param $uin 用户ID 小于10000系统保留 * @param $actId 活动ID 小于1000系统保留 * @param $telephone 用户手机号 * @return bool|int 4位数的验证码 */ public function getTelephoneCode($uin, $actId, $telephone) { if ($uin < 10000 || $actId < 1000 || empty($telephone)) { return false; } $time = time(); $timeFeature = hexdec(substr(md5($time), 0, 3)) & 0x1F1; $telephoneFeature = hexdec(substr(md5($telephone), 8, 4)); $actIdFeature = hexdec(substr(md5($actId), 16, 4)); $uinFeature = hexdec(substr(md5($uin), 24, 4)); $sumFeature = $telephoneFeature + $actIdFeature + $uinFeature; $sumFeature = $sumFeature % 10000; if ($sumFeature < 1000) { $sumFeature = 5145; } $result = $sumFeature | $timeFeature; return $result; } /** * 验证用户的手机验证码 * @param $uin 用户ID 小于10000系统保留 * @param $actId 活动ID 小于1000系统保留 * @param $telephone 用户手机号 * @param $code getTelephoneCode生成的验证码 * @return bool 是否正确 */ public function checkTelephoneCode($uin, $actId, $telephone, $code) { if ($uin < 10000 || $actId < 1000 || empty($telephone) || empty($code)) { return false; } $telephoneFeature = hexdec(substr(md5($telephone), 8, 4)); $actIdFeature = hexdec(substr(md5($actId), 16, 4)); $uinFeature = hexdec(substr(md5($uin), 24, 4)); $sumFeature = $telephoneFeature + $actIdFeature + $uinFeature; $sumFeature = $sumFeature % 10000; if ($sumFeature < 1000) { $sumFeature = 5145; } $sumFeature = $sumFeature & 0xE0E; $code = $code & 0xE0E; if ($sumFeature == $code) { return true; } return false; }}$actId = 10001;$telephone = 13797025562;$uin = 514540767;$telCode = new TelephoneCheck();$code = $telCode->getTelephoneCode($uin, $actId, $telephone);var_dump($code);var_dump($telCode->checkTelephoneCode($uin, $actId, $telephone, $code));var_dump($telCode->checkTelephoneCode($uin, $actId, $telephone, $code+10));
What is the difference between unset() and session_destroy()?May 04, 2025 am 12:19 AMThedifferencebetweenunset()andsession_destroy()isthatunset()clearsspecificsessionvariableswhilekeepingthesessionactive,whereassession_destroy()terminatestheentiresession.1)Useunset()toremovespecificsessionvariableswithoutaffectingthesession'soveralls
What is sticky sessions (session affinity) in the context of load balancing?May 04, 2025 am 12:16 AMStickysessionsensureuserrequestsareroutedtothesameserverforsessiondataconsistency.1)SessionIdentificationassignsuserstoserversusingcookiesorURLmodifications.2)ConsistentRoutingdirectssubsequentrequeststothesameserver.3)LoadBalancingdistributesnewuser
What are the different session save handlers available in PHP?May 04, 2025 am 12:14 AMPHPoffersvarioussessionsavehandlers:1)Files:Default,simplebutmaybottleneckonhigh-trafficsites.2)Memcached:High-performance,idealforspeed-criticalapplications.3)Redis:SimilartoMemcached,withaddedpersistence.4)Databases:Offerscontrol,usefulforintegrati
What is a session in PHP, and why are they used?May 04, 2025 am 12:12 AMSession in PHP is a mechanism for saving user data on the server side to maintain state between multiple requests. Specifically, 1) the session is started by the session_start() function, and data is stored and read through the $_SESSION super global array; 2) the session data is stored in the server's temporary files by default, but can be optimized through database or memory storage; 3) the session can be used to realize user login status tracking and shopping cart management functions; 4) Pay attention to the secure transmission and performance optimization of the session to ensure the security and efficiency of the application.
Explain the lifecycle of a PHP session.May 04, 2025 am 12:04 AMPHPsessionsstartwithsession_start(),whichgeneratesauniqueIDandcreatesaserverfile;theypersistacrossrequestsandcanbemanuallyendedwithsession_destroy().1)Sessionsbeginwhensession_start()iscalled,creatingauniqueIDandserverfile.2)Theycontinueasdataisloade
What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AMAbsolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.
What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AMThe server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.
What is the significance of the session_start() function?May 03, 2025 am 12:18 AMsession_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Zend Studio 13.0.1
Powerful PHP integrated development environment
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
