php 验证码
做验证码的时候,我用ajax将用户生成的验证码提交到php进行判断
有人说这样做是不对,别人可以绕过js
我不解的是他绕过了js 验证验证码会失效,但我表单也不会提交,因为我表单是写在ajax返回成功状态里的
回复讨论(解决方案)
ajax将用户生成的验证码提交到php进行判断 这边的“用户生成的验证码”是个什么意思?
ajax将用户生成的验证码提交到php进行判断 这边的“用户生成的验证码”是个什么意思?
用户填写的验证码
不明白你的不解是什么
如果是质疑人家的说法,那就大可不必了
我懂了,你是把验证码在js端提取出来单独验证了
这样确实会有安全性问题,要一起验证才能实现限制的效果
为什么呢,他可以看到你成功后执行的代码吧
浏览器有个执行js代码的功能,直接把成功后的代码拿去执行一下不就绕过了吗。。。
除非你验证码提交后返回了什么关键数据,没有这个数据他无法成功提交
这样验证码还是有用的,但你得保证每次关键的数据不太一样,不然别人手动输入一次就把你内容获取到了
类似返回一个新的验证码,然后提交的接口再做判定。
验证码不能用单独的程序验证,必须和用户名密码一起,否则别人不用浏览器直接发数据包就跳过了
ajax验证一次,然后post提交时再验证一次。

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

Alipay PHP...

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

Session hijacking can be achieved through the following steps: 1. Obtain the session ID, 2. Use the session ID, 3. Keep the session active. The methods to prevent session hijacking in PHP include: 1. Use the session_regenerate_id() function to regenerate the session ID, 2. Store session data through the database, 3. Ensure that all session data is transmitted through HTTPS.

The application of SOLID principle in PHP development includes: 1. Single responsibility principle (SRP): Each class is responsible for only one function. 2. Open and close principle (OCP): Changes are achieved through extension rather than modification. 3. Lisch's Substitution Principle (LSP): Subclasses can replace base classes without affecting program accuracy. 4. Interface isolation principle (ISP): Use fine-grained interfaces to avoid dependencies and unused methods. 5. Dependency inversion principle (DIP): High and low-level modules rely on abstraction and are implemented through dependency injection.

How to debug CLI mode in PHPStorm? When developing with PHPStorm, sometimes we need to debug PHP in command line interface (CLI) mode...

How to automatically set the permissions of unixsocket after the system restarts. Every time the system restarts, we need to execute the following command to modify the permissions of unixsocket: sudo...

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

Sending JSON data using PHP's cURL library In PHP development, it is often necessary to interact with external APIs. One of the common ways is to use cURL library to send POST�...
