Backend DevelopmentPHP TutorialHow to deal with the verification code being bypassed_PHP tutorial
Let’s first analyze the process of issuing verification codes
1. Display form
2. Display the verification code (use a program to generate the verification code), encrypt the verification code and put it into session or cookie
3. User submits the form
4. Check that the verification code is correct and the data is legal. The tutorial on writing to the database is completed
If the user posts another one, under normal circumstances, he will visit the form page again, the verification code image will be passively updated, and the session and cookie will also change accordingly
However, the operation of the water filling machine does not necessarily require the use of a form page. It can directly simulate a post to send data to the server program; in this way, the verification code program is not called. Of course, the encrypted verification code stored in the session and cookie is the last value, so there is no Update, so that data can be sent directly through post unlimited times in the future, regardless of the verification code, which is useless!
So, after checking the verification code, first clear the session and cookie values, then make a judgment on the validity of the data, and then store it in the database!
In this way, a loophole has been closed!
if ( md5($_post['vcode']) == $_session['vcode'] ) {
$_session['vcode']='';//This sentence is very important
} else {
exit 'The verification code is incorrect! ';
}
//Next processing
......
?>
A program to generate verification code images
session_start();
......
$v = new authcode();
$vcode = $v->getauthcode();
$_session['vcode'] = md5($vcode );
........
?>
Form page
How the verification code is bypassed
golang中如何验证输入是否为大写字母Jun 24, 2023 am 09:06 AMGolang是一门高性能、现代化的编程语言,在日常开发中经常涉及到字符串的处理。其中,验证输入是否为大写字母是一个常见的需求。本文将介绍在Golang中如何验证输入是否为大写字母。方法一:使用unicode包Golang中的unicode包提供了一系列函数来判断字符的编码类型。对于大写字母,其对应的编码范围为65-90(十进制),因此我们可以使用unicod
golang中如何验证输入是否为全角字符Jun 25, 2023 pm 02:03 PM在golang中,验证输入是否为全角字符需要用到Unicode编码和rune类型。Unicode编码是一种将字符集中的每个字符分配一个唯一的数字码位的字符编码标准,其中包含了全角字符和半角字符。而rune类型是golang中用于表示Unicode字符的类型。第一步,需要将输入转换为rune类型的切片。这可以通过使用golang的[]rune类型进行转换,例如
PHP正则表达式验证特定字符串开头结尾的方法Jun 24, 2023 am 11:20 AMPHP是一种非常流行的编程语言,常用于Web开发。在PHP开发中,我们经常会遇到需要验证字符串的情况。其中,正则表达式是一种非常常用的方法。在对字符串进行验证时,我们经常需要验证字符串是否以特定字符或字符串开头或结尾。本文将介绍如何使用PHP正则表达式来验证字符串的开头或结尾。验证字符串开头在PHP中,通过正则表达式验证字符串开头,我们可以使用"^"符号来表
golang中如何验证输入是否全部为中文字符Jun 24, 2023 am 09:16 AM随着时代的发展,我们越来越注重对数据的校验,特别是对用户输入的校验。对于语言类的校验,如何准确判定输入是否全部为中文字符成为了一个重要问题。而在golang中,我们可以借助unicode包和regexp包来实现这一需求。一、unicode包unicode包提供了一系列对于unicode的核心支持。我们可以使用这个包中的函数来准确地判断一个字符是否为中文字符。
在PHP中使用Google reCAPTCHA进行验证Jun 19, 2023 pm 05:38 PM在现代网络世界中,网站的安全性以及用户隐私的保护越来越成为重要话题。其中,人机验证这一技术方法已经成为防范恶意攻击行为的不可或缺的方式之一。GooglereCAPTCHA,是一个被广泛应用于人机验证的工具,其概念已经深入人心,甚至在我们每天使用的许多网站上都能够看到其存在的身影。在本文中,我们将探讨如何在PHP中使用GooglereCAPTCHA进行验证
PHP正则表达式验证正整数的方法Jun 24, 2023 am 08:55 AM在PHP中,正则表达式可以用于验证和处理字符串。验证正整数的正则表达式如下所示:$pattern="/^[1-9]d*$/";其中,^表示开头,$表示结尾,[1-9]表示第一个字符必须是1-9之间的数字,d表示其他字符必须是数字,*表示0个或多个。因此,这个正则表达式可以匹配任意一个正整数。下面是一个完整的例子,演示如何使用正则表达式
手机号码验证登录注册的PHP实现指南Aug 17, 2023 pm 03:18 PM手机号码验证登录注册的PHP实现指南一、概述手机号码验证是现代互联网应用中常见的功能之一,它不仅可以用于用户注册和登录验证,还可以用于短信验证码发送等场景。本文将介绍如何使用PHP语言实现手机号码验证登录注册功能。二、环境要求在开始编写代码之前,我们需要确保以下环境已经准备就绪:PHP环境:PHP的版本需达到5.6或以上。数据库:本文使用MySQL数据库作为
golang中如何验证输入是否为有效的Html标签Jun 24, 2023 am 08:11 AMGo语言是一种快速、高效和强类型的编程语言,被广泛应用于网络服务开发、云计算、数据科学、互联网金融等领域。在Web应用开发中,输入验证是一个非常重要的问题,其中验证输入中的HTML标签是否有效是一个常见的需求。下面我们将介绍如何在Go语言中实现这一需求。HTML标签在Web页面中扮演着重要角色,它们定义了页面的结构、样式和交互行为。但在处理用户输入时,我们需
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
WebStorm Mac version
Useful JavaScript development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
