Today in the user registration and Personal Center security management, I realized the use of third-party SMS platform in the Laravel framework for mobile phone authentication settings;
As I do is to provide customers with medical advice and health care products website, so we are the protection of personal privacy of customers is particularly important, so in the customer login after entering the personal center, the use of the form of the middle page through the mobile phone verification of whether it is their own judgment, In order to reduce the risk of personal information leakage due to loss of account password;
According to the user Login ID query database table in the customer fill in the mobile phone number, and displayed in the middle page of the mobile phone number, by the user confirmation and click to send a text message, if the server returned a status code of 2 (note: The Interoperability wireless platform to send a success status code of 2), then send a successful, And the random generated verification code into the session, by the user input verification code information, according to the session of the Verification Code information and the user input information to do the comparison, compared to the success of entering the Personal center page, than the failure to return to the middle page;
If the user because of the loss of mobile phone and other reasons, and can not complete the text message Verification Code modification, we in the user registration, has done the mailbox and secret protection problem injection, so users in the middle page click on the phone is lost, you can jump into the mailbox verification and Security Issue verification page, the same access to the Personal Center page for relevant data modification
[Mr. Mak] Laravel framework for sending SMS verification