短信验证码接口安全校验设计介绍!
2019-03-24 10:30:25 来源:沈阳软件公司 作者:沈阳软件开发
我们险些天天都市用到短信验证码,新用户注册、身份验证、快速登录等等,短信验证码已经在各种APP以及网站中普遍使用,我们已经将短信验证码作为掩护用户账户宁静的主要手段。那么,APP是怎样通过短信验证码接口实现宁静校验的呢?下面我们以Mob SMSDK的验证码服务端校验接口为例,先容一下宁静校验的实现历程:
PHP样例:
<?php
// 设置项
$api = '接口地址(例:http://www.hvihi.com
$appkey = '您的appkey';
// 发送验证码
$response = postRequest( $api . '/sms/verify', array(
'appkey' => $appkey,
'phone' => '152xxxx4345',
'zone' => '86',
'code' => '1234',
) );
/**
* 提倡一个post请求到指定接口
*
* @param string $api 请求的接口
* @param array $params post参数
* @param int $timeout 超时时间
* @return string 请求效果
*/
function postRequest( $api, array $params = array(), $timeout = 30 ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $api );
// 以返回的形式吸收信息
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
// 设置为POST方式
curl_setopt( $ch, CURLOPT_POST, 1 );
curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params ) );
// 不验证https证书
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 0 );
curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www.hvihi.com/sms/verify",
"appkey=xxxx&phone=xxx&zone=xx&&code=xx");
System.out.println(result);
}
/**
* 提倡https 请求
* @param address
* @param m
* @return
*/
public static String requestData(String address ,String params){
HttpURLConnection conn = null;
try {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate[] certs, String authType){}
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
//ip host verify
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return urlHostName.equals(session.getPeerHost());
}
};
//set ip host verify
HttpsURLConnection.setDefaultHostnameVerifier(hv);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
URL url = new URL(address);
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");// POST
conn.setConnectTimeout(3000);
conn.setReadTimeout(3000);
// set params ;post params
if (params!=null) {
conn.setDoOutput(true);
DataOutputStream out = new DataOutputStream(conn.getOutputStream());
out.write(params.getBytes(Charset.forName("UTF-8")));
out.flush();
out.close();
}
conn.connect();
//get result
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
String result = parsRtn(conn.getInputStream());
return result;
} else {
System.out.println(conn.getResponseCode() + " "+ conn.getResponseMessage());
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (conn != null)
conn.disconnect();
}
return null;
}
除了PHP和JAVA开发之外,C#开发和python 开发可以登录Mob官网短信验证码SDK相关页面检察样例代码(链接:http://www.hvihi.com
“沈阳软件公司”的新闻页面文章、图片、音频、视频等稿件均为自媒体人、第三方机构发布或转载。如稿件涉及版权等问题,请与
我们联系删除或处理,客服QQ:55506560,稿件内容仅为传递更多信息之目的,不代表本网观点,亦不代表本网站赞同
其观点或证实其内容的真实性。
热门文章
使用“扫一扫”即可将网页分享至朋友圈。
