输入问题答案查看内容如何做比较安全？-PHP Tutorial-php.cn

Table of Contents

回复内容：

Home

Backend Development

PHP Tutorial

输入问题答案查看内容如何做比较安全？

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:24 PM

php Safety

输入问题答案查看内容如何做比较安全？

如图，有这样一个表单，需求就是回答问题正确才能查看内容，在一定时间如1天内再次访问不用回答问题，请教各位一般通常可行的办法是什么？

目前的做法是：回答正确了，写一个cookie值为1，下次来判断这个cookie值是否为1，否则需要重新回答问题，这样做明显不安全，伪造一个cookie访问不就可以查看到受保护的内容了。

回复内容：

输入问题答案查看内容如何做比较安全？

如图，有这样一个表单，需求就是回答问题正确才能查看内容，在一定时间如1天内再次访问不用回答问题，请教各位一般通常可行的办法是什么？

你的做法接近了，但不够安全，更安全的做法是生成一个随机的Token，并设置有效期。这个token由于是随机的而且位数较多，不容易被伪造。

1.可以按楼上说的，你可以这样做啊，值是随机生成的，那么你是不是想问你怎么知道用户传过来的时候这个TOKEN是不是你随机生成的？我觉得可以放在缓存里如REDIS，并给一个有效期，他要是提交时我们查看没有这个值我们就认为他自己伪造的或者说是过期了已经。
2.如果这个页是用户登入的，你可以根据他的用户ID，在用DES加密生成一个COOKIE啊直接在COOKIE里给有效期。然后这样你就不怕他是不是伪造了，因为有人想伪造时，他不知道你的DES加密时的KEY是多少，只有你自己知道。

这样是否可行？
回答问题正确，存一个cookie，值是md5(今天日期+salt)，下次访问校验的时候，计算md5(今天日期+salt)是否和存的cookie相同，就可以了。但是这样做，只能不用再次回答问题的有效时间是隔天就失效。

大家有更好的办法吗？

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

1 months ago By DDD

R.E.P.O. Best Graphic Settings

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

1 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7386

Java Tutorial

1630

CakePHP Tutorial

1357

Laravel Tutorial

1267

PHP Tutorial

1216

Related knowledge

CakePHP Project Configuration Sep 10, 2024 pm 05:25 PM

In this chapter, we will understand the Environment Variables, General Configuration, Database Configuration and Email Configuration in CakePHP.

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

CakePHP Date and Time Sep 10, 2024 pm 05:27 PM

To work with date and time in cakephp4, we are going to make use of the available FrozenTime class.

CakePHP File upload Sep 10, 2024 pm 05:27 PM

To work on file upload we are going to use the form helper. Here, is an example for file upload.

CakePHP Routing Sep 10, 2024 pm 05:25 PM

In this chapter, we are going to learn the following topics related to routing ?

Discuss CakePHP Sep 10, 2024 pm 05:28 PM

CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu

CakePHP Working with Database Sep 10, 2024 pm 05:25 PM

Working with database in CakePHP is very easy. We will understand the CRUD (Create, Read, Update, Delete) operations in this chapter.

CakePHP Creating Validators Sep 10, 2024 pm 05:26 PM

Validator can be created by adding the following two lines in the controller.

See all articles