Backend DevelopmentPHP TutorialHow to match the value of the backend verification code with the frontend?How to match the value of the backend verification code with the frontend?
The front-end user fills in the value of the verification code image when registering, and then matches it with the back-end.
But because the user has not registered, there is no way to tie an identity to him, so my temporary design is as follows:
When generating a verification code image, store the value of the verification code in the cache (redis). The cache sets the expiration time. Then when the front-end submits the verification code, read the value from the cache to see if there is one. If there is a match, delete it successfully. Article cache.
Such a problem is that it is possible to successfully match even if you input incorrectly, but the probability is not particularly high.
Is there any better idea?
Reply content:
The front-end user fills in the value of the verification code image when registering, and then matches it with the back-end.
But because the user has not registered, there is no way to tie an identity to him, so my temporary design is as follows:
When generating a verification code image, store the value of the verification code in the cache (redis). The cache sets the expiration time. Then when the front-end submits the verification code, read the value from the cache to see if there is one. If there is a match, delete it successfully. Article cache.
Such a problem is that it is possible to successfully match even if you input incorrectly, but the probability is not particularly high.
Is there any better idea?
If the front-end and back-end are not separated, the verification code can be stored in the session for verification.
If the front-end and back-end are separated, then every request from the front-end is stateless. Then, you need to assign a token to the front-end when it makes the first request. Then, every time the front-end makes a request, it will bring this token with it. token. You can use this token as the key value of redis and put the verification code in the corresponding value position.
One session and one verification code, even if you don’t register, you still have a session
As long as you control it well, there should be no chance of successful matching even if you make a mistake.
1. Generate verification code in the background. And put it in the session.
2. The verification code obtained by the front desk is also synchronized with the one just placed in the session.
3. If the front desk input is wrong, or the user clicks to switch the verification code. Then change the verification code in the background, and also change the one in the session
In fact, as long as the verification code displayed in the front desk is always synchronized with the session, there will be no problem.
PS: If each request is multi-threaded, there should be no chance of successful matching even if the input is incorrect.
When the verification code is generated when the user registers, the verification code is written into the session. After the user submits it, the verification code is read from the session and compared.
Please refer to this article http://netsecurity.51cto.com/art/ 201402/428721.htm
Front-end:<img src="/static/imghwm/default1.png" data-src="checkcode.php" class="lazy" id="code" onclick="JavaScript:this.+Math.random()" alt="How to match the value of the backend verification code with the frontend?" >
Back-end :
<code>$showing=strtoupper($_POST['checkcode']); //检测提交过来的验证码
if($_SESSION['checkcode']!=$showing||empty($showing)){
unset($_SESSION['checkcode']);
die('验证码错误');
}
</code>
Verification code generation:
session: In computers, especially in network applications, it is called "session control". Regardless of whether you are a registered user or not, as long as you access, the server will generate a unique session ID. Just store the verification code data in the session.
How does PHP identify a user's session?May 01, 2025 am 12:23 AMPHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.
What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AMThe security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.
Where are PHP session files stored by default?May 01, 2025 am 12:15 AMPHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita
How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AMToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si
How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AMThe steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.
How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PMThe article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.
What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PMThe article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.
How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PMArticle discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Dreamweaver CS6
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
