PHP Verification code to prevent direct access to the external network

Source: Internet
Author: User

2015-04-23 12:16:58
Today to view the project deployed on the SAE, suddenly see the SAE's log, found that there are several abnormal links in the request verification code, so suddenly germination to do a prevent verification code crawl function. This feature prevents the theft and decryption of verification codes and prevents unwanted malicious attacks and hacks.
Ideas are as follows:
Validating access Links before code generation class calls
1. Verify access from the page with that
2. Next verify the Access address
Steps to resolve:
1. The use of PHP features to determine whether access to the verification code from a page is basically unrealistic, PHP does not seem to have this function (I did not find), so we can only use PHP to achieve indirect judgment, here we use the session to verify whether from the page, Because the number of pages required for verification code is very small, the place where we set the session is not too much, it is relatively acceptable.
2. Verify the access address, this is relatively simple, we can use PHP provided by the $_server function, remove the access address.
3. Set the validation value in the session after the verification code is generated so that it can no longer be verified the next time.

The specific code (you can modify this to provide only one idea according to your needs):

For example
1. Set $_session[' Check ']=true on the page that needs to load the verification code (or in the Controller layer function);
2. Call validation before calling the verification code

<?php/** * Created by Phpstorm. * User:wangyaofeng * date:15-4-23 * Time: 9:36 *//** * Detects if the IP that is accessed is the permitted IP * Enter description here ... *///ip addresses are verified by users based on    Your own needs change function check_ip () {$ALLOWED _ip=array (' 127.0.0.1 ');    $IP =getip (); $check _ip_arr= explode ('. ', $IP);//The IP to be detected is split into an array #限制IP if (!in_array ($IP, $ALLOWED _ip)) {foreach ($ALLOWED _ip as $val) {if (Strpos ($val, ' * ')!==false) {//found with an * number substitute $arr =array ();//$arr =explode ('. '),                $val); $BL =true;//is used to record if there is a successful match in the Loop detection for ($i =0; $i <4; $i + +) {if ($arr [$i]!= ' * ') {//Not equal to * will come in to detect if                            The * symbol alternates do not check if ($arr [$i]!= $check _ip_arr[$i]) {$BL =false;                break;//Terminate check this IP continue check next IP}}}//end for                    if ($BL) {///If it is true to find a match successfully returns return;                Die (' success ');   }            }     }//end foreach header (' http/1.1 403 Forbidden ');        echo "Access forbidden";    Die }}function GetIP () {return isset ($_server["http_x_forwarded_for"])? $_server["Http_x_forwarded_for":(isset ($_s erver["Http_client_ip"])? $_server["Http_client_ip"]: $_server["REMOTE_ADDR"]);} if (!$_session[' check ']) {check_ip ();} Reset the value of the Captcha $_session[' check ' = false;


Basically this two-step operation, you can limit the verification code, in this example, through the extranet access to the site when the verification code will be displayed, but through the external network directly access or crawl verification code will be denied, through the local access to the verification code is normal.

Native access

External network access

Extranet Access Login



PHP Verification code to prevent direct access to the external network

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.