PHP Verification code to prevent direct access to the external network

Source: Internet
Author: User
2015-04-23 12:16:58
Today to view the project deployed on the SAE, suddenly see the SAE's log, found that there are several abnormal links in the request verification code, so suddenly germination to do a prevent verification code crawl function. This feature prevents the theft and decryption of verification codes and prevents unwanted malicious attacks and hacks.
Ideas are as follows:
Validating access Links before code generation class calls
1. Verify access from the page with that
2. Next verify the Access address
Steps to resolve:
1. The use of PHP features to determine whether access to the verification code from a page is basically unrealistic, PHP does not seem to have this function (I did not find), so we can only use PHP to achieve indirect judgment, here we use the session to verify whether from the page, Because the number of pages required for verification code is very small, the place where we set the session is not too much, it is relatively acceptable.

2. Verify the access address, this is relatively simple, we can use PHP provided by the $_server function, remove the access address.

3. Set the validation value in the session after the verification code is generated so that it can no longer be verified the next time.


The specific code (you can modify this to provide only one idea according to your needs):

For example
1. Set $_session[' Check ']=true on the page that needs to load the verification code (or in the Controller layer function);
2. Call validation before calling the verification code

   

Basically this two-step operation, you can limit the verification code, in this example, through the extranet access to the site when the verification code will be displayed, but through the external network directly access or crawl verification code will be denied, through the local access to the verification code is normal.


Native access

External network access

Extranet Access Login

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.