PHP realizes the automatic anti-swiping function of SMS verification code

PHP implements the automatic anti-swiping function of SMS verification code, which requires specific code examples

In modern Internet applications, SMS verification code is one of the common identity verification methods. . However, due to the existence of malicious users, SMS verification codes are often vulnerable to automated attacks, which is the so-called SMS verification code anti-swiping problem. In order to protect the user's account security and system stability, we need to implement the automatic anti-swipe function of SMS verification codes in PHP. This article will introduce a simple method based on IP address and time interval, and provide specific PHP code examples.

1. Method Overview

We know that each user device will be assigned a unique IP address when accessing the network. Based on this feature, we can realize the automatic anti-swiping function of SMS verification codes by recording and limiting the IP address and sending time. Specifically, we can save the number of sending times and the last sending time of each IP address in the database, and check and update each time before sending the SMS verification code.

2. Implementation ideas

1. First, we need to create a MySQL database table to save the number of times the IP address is sent and the last time it was sent. You can create a table named "sms_verification" using the following SQL statement:

CREATE TABLE sms_verification (
ip varchar(15) NOT NULL ,
send_count int(11) NOT NULL,
last_send_time datetime NOT NULL,
PRIMARY KEY (ip)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

2. Before sending the SMS verification code, we need to do the following:

   • Get the IP address of the current user, you can Use $_SERVER['REMOTE_ADDR'] to obtain.
   • Query whether there is a record of the IP address in the database. If it exists, get the number of sending times and the last sending time.
   • Check whether the number of sending exceeds the threshold. If it exceeds, refuse to send the verification code.
   • Check whether the interval between the last sending time and the current time is less than the set time interval. If it is less than the set time interval, refuse to send the verification code.

3. If the verification code is sent successfully, we need to update the record in the database:

   • If there is no record for the IP address in the database, then Insert a new record.
   • If a record exists, update the number of sending times and the last sending time.

3. Code Example

The following is a simple PHP function example to implement the automatic anti-swipe function of SMS verification code:

function sendSmsVerification($phoneNumber, $verificationCode) {
    $ip = $_SERVER['REMOTE_ADDR'];
    $threshold = 3; // 设置发送次数阈值
    $interval = 60; // 设置时间间隔为60秒

    // 连接数据库
    $conn = new mysqli('localhost', 'username', 'password', 'database');

    // 检查数据库连接是否成功
    if ($conn->connect_error) {
        die("数据库连接失败: " . $conn->connect_error);
    }

    // 查询数据库中的记录
    $sql = "SELECT * FROM sms_verification WHERE ip = '$ip'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        // 存在记录，获取发送次数和最后发送时间
        $row = $result->fetch_assoc();
        $sendCount = $row['send_count'];
        $lastSendTime = strtotime($row['last_send_time']);

        // 检查发送次数是否超过阈值
        if ($sendCount >= $threshold) {
            die("发送短信频率超过限制");
        }

        // 检查时间间隔是否小于设定值
        if (time() - $lastSendTime < $interval) {
            die("发送短信过于频繁，请稍后再试");
        }

        // 更新数据库中的记录
        $updateSql = "UPDATE sms_verification SET send_count = send_count + 1, last_send_time = NOW() WHERE ip = '$ip'";
        $conn->query($updateSql);
    } else {
        // 不存在记录，插入新记录
        $insertSql = "INSERT INTO sms_verification (ip, send_count, last_send_time) VALUES ('$ip', 1, NOW())";
        $conn->query($insertSql);
    }

    // 发送短信验证码
    // ...
}

By using the above sample code, we can implement a simple automatic anti-swipe function when sending SMS verification codes. Of course, this is just a basic example. For different application scenarios, you can make further modifications and optimizations according to actual needs.

Summary

This article introduces a simple method based on IP address and time interval to implement the automatic anti-swiping function of SMS verification code, and provides specific PHP code examples. In order to protect user account security and system stability, we should adopt appropriate anti-brush strategies in specific applications and continue to monitor and optimize them. Hope this article can be helpful to you.

The above is the detailed content of PHP realizes the automatic anti-swiping function of SMS verification code. For more information, please follow other related articles on the PHP Chinese website!