Home > Back-end >  Put a question to the great god, registered a loophole to solve about the background
Put a question to the great god, registered a loophole to solve about the background

Time:10-05

Is registered in a front page, I if only one phone number box, a captcha box, and then I want to register, verification code verification with ali's interface, when I click to get verification code and then send me on my cell phone, I haven't registered at this moment, when I go to modify a phone number, then a security vulnerability, should specifically how to solve this problem, I'm a bit of a don't know where is the specific change, that is to say the phone number is then to validate code bound together, but I really don't know where is the judgement, determine where there are still a little fuzzy, have a great spirit to give directions

CodePudding user response:

Must be in the database for binding

CodePudding user response:

reference 1/f, 007 small bag response:
must be in the database for binding

Registration of time how to ensure that the mobile phone number and the verification code is binding, this is mainly to solve the problem, because the test time is as long as the authentication code is right, mobile phone number as long as through regular verification can literally lose

CodePudding user response:

First of all, the verification code for the first time, is also the background make calls, use your input the correct phone number to obtain, the verification code and the corresponding mobile number should be recorded,

CodePudding user response:

Then, the user registration, the second submitted a revised phone number at this time, and was able to send the correct verification code, you need and just saved your mobile phone number and verification code are compared, and match all consistent, can be registered, inconsistent suggests the corresponding prompt information,

CodePudding user response:

black and white apes reference 4 floor response:
then, user registration, the second submitted a revised phone number at this time, and was able to send the correct verification code, you need to be and you just keep the phone number and verification code are compared, and the matching all consistent, can be registered, inconsistent suggests the corresponding prompt information,

In the form of tags in the onsubmit=return method () this way, this method returns a Boolean value to decide whether to submit, it should be there to binding matching

CodePudding user response:

black and white apes reference 4 floor response:
then, user registration, the second submitted a revised phone number at this time, and was able to send the correct verification code, you need to be and you just keep the phone number and verification code are compared, and the matching all consistent, can be registered, inconsistent suggests the corresponding prompt information,

I should when users click to get verification code to bind mobile phone number and verification code to record down, and then click registration to verify a phone number, my judgment is all front desk with js judgment, as if the background only add functionality

CodePudding user response:

reference 6 floor UM. Response:
Quote: black and white apes reference 4 floor response:
then, user registration, the second submitted a revised phone number at this time, and was able to send the correct verification code, you need to be and you just keep the phone number and verification code are compared, and the matching all consistent, can be registered, inconsistent suggests the corresponding prompt information,

I should when users click to get verification code to bind mobile phone number and verification code to record down, and then click registration to verify a phone number, my judgment is all front desk with js judgment, as the function of background only add

Are front judgment, as you say, with a hole so I need to record and judgment to the server,

CodePudding user response:

Though you call ali verification code, but you can also write a proprietary interface, save the verification code for your mobile phone number + return verification code to save to the database, registration submitted, go first to your own database query authentication code + phone exists, exists to save operation,

CodePudding user response:

refer to the 7th floor and white apes response:
Quote: refer to the sixth floor. UM response:
Quote: black and white apes reference 4 floor response:
then, user registration, the second submitted a revised phone number at this time, and was able to send the correct verification code, you need to be and you just keep the phone number and verification code are compared, and the matching all consistent, can be registered, inconsistent suggests the corresponding prompt information,

I should when users click to get verification code to bind mobile phone number and verification code to record down, and then click registration to verify a phone number, my judgment is all front desk with js judgment, as the function of background only add

Are front judgment, as you say, with a hole to record and judgment, so I need to server

It seems I suddenly understand what you said, I can at the same time when sending the verification code is returned to the front a verification code and phone number, and then in the front-end submission in judging a phone number and verification code was set up to submit at the same time, otherwise the error information presented in the front

CodePudding user response:

Why do so complicated?
After the success of the text, code session. SetAttribute (phoneNumber, code), and is already phoneNumber as key code saved to the session, and at the same time the phoneNumber and the authentication code submitted to backend authentication, the session. The getAttribute (phoneNumber), and if the phoneNumber changed, natural out data is empty, natural verification is not successful,

CodePudding user response:

The
reference 11 floor zhoufei3813 response:
why get so complicated?
After the success of the text, code session. SetAttribute (phoneNumber, code), and is already phoneNumber as key code saved to the session, and at the same time the phoneNumber and the authentication code submitted to backend authentication, the session. The getAttribute (phoneNumber), and if the phoneNumber changed, natural out data is empty, natural verification is not successful,

If the HTML page, because I was the HTML page, can only be verified in js, send a verification code when using a post request access to the background, and then return to the mobile phone number and verification code to the front, but because it is a form, so I'm in the form tag with onsubmit: return the method name (), this method returns a Boolean value to determine not submit the form

CodePudding user response:

The
reference 11 floor zhoufei3813 response:
why get so complicated?
After the success of the text, code session. SetAttribute (phoneNumber, code), and is already phoneNumber as key code saved to the session, and at the same time the phoneNumber and the authentication code submitted to backend authentication, the session. The getAttribute (phoneNumber), and if the phoneNumber changed, natural out data is empty, natural verification is not successful,

But I found that can't use two common types of mobile phone number and verification code, registered for the second point of the second button it was submitted again, feeling can use an object to encapsulate and validation code, phone number and on a mobile phone number and verification code that should be ok, using ordinary type also not line,

CodePudding user response:

refer to 12th floor UM. Response:
Quote: refer to the 11 floor zhoufei3813 response:
why get so complicated?
After the success of the text, code session. SetAttribute (phoneNumber, code), and is already phoneNumber as key code saved to the session, and at the same time the phoneNumber and the authentication code submitted to backend authentication, the session. The getAttribute (phoneNumber), and if the phoneNumber changed, natural out data is empty, natural verification is not successful,

If the HTML page, because I was the HTML page, can only be verified in js, send a verification code when using a post request access to the background, and then return to the mobile phone number and verification code to the front, but because it is a form, so I'm in the form tag with onsubmit: return the method name (), this method returns a Boolean value determining could not submit the form
you said too vague, didn't understand what you mean,, but, also can need not the form submission, using ajax to submit, so that we can achieve common class mobile phone number and verification code, and don't know whether I understand what you said, and the approximate solution

CodePudding user response:

reference 2 floor UM. Response:
Quote: reference 1/f, 007 small bag response:
must be in the database for binding

Registration of time how to ensure that the mobile phone number and the verification code is binding, this is mainly to solve the problem, because the test time is as long as the authentication code is right, mobile phone number as long as through regular verification can literally lose

This scenario binding relationship mostly send SMS mobile phone number as the key authentication code as redis val to store or other DB, the next part is submitted captcha after his hand immediately regular followed by an if (! Redniss. Haskey (mobile)) return "illegal operation"; The judge can prevent the topic and the Lord said that sent a message after the change the phone number and then the else {under this position determine the condition of the mobile phone number is correct verification code} general train of thought is like thatnullnullnullnullnullnullnullnullnullnullnullnullnull

Page link:https//www.codepudding.com/Backend/51602.html

Prev:Pycharm wrong operation will be a folder by clicking on the Reloads the from disk, causing the whole
Next:Mysql old table data moved to the new table
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding