短信验证码接口安全校验设计介绍!
我们几乎每天都会用到短信验证码,新用户注册、身份验证、快速登录等等,短信验证码已经在各类APP以及网站中广泛使用,我们已经将短信验证码作为保护用户账户安全的重要手段。那么,APP是如何通过短信验证码接口实现安全校验的呢?下面我们以Mob SMSDK的验证码服务端校验接口为例,介绍一下安全校验的实现过程:
PHP样例:
<?php
// 配置项
$api = '接口地址(例:https://webapi.sms.mob.com);
$appkey = '您的appkey';
// 发送验证码
$response = postRequest( $api . '/sms/verify', array(
'appkey' => $appkey,
'phone' => '152xxxx4345',
'zone' => '86',
'code' => '1234',
) );
/**
* 发起一个post请求到指定接口
*
* @param string $api 请求的接口
* @param array $params post参数
* @param int $timeout 超时时间
* @return string 请求结果
*/
function postRequest( $api, array $params = array(), $timeout = 30 ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $api );
// 以返回的形式接收信息
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
// 设置为POST方式
curl_setopt( $ch, CURLOPT_POST, 1 );
curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params ) );
// 不验证https证书
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 0 );
curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded;charset=UTF-8',
'Accept: application/json',
) );
// 发送数据
$response = curl_exec( $ch );
// 不要忘记释放资源
curl_close( $ch );
return $response;
JAVA样例
public static void main(String[] args) throws Exception {
String result = requestData("https://webapi.sms.mob.com/sms/verify",
"appkey=xxxx&phone=xxx&zone=xx&&code=xx");
System.out.println(result);
}
/**
* 发起https 请求
* @param address
* @param m
* @return
*/
public static String requestData(String address ,String params){
HttpURLConnection conn = null;
try {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager(){
public X509Certificate[] getAcceptedIssuers(){return null;}
public void checkClientTrusted(X509Certificate[] certs, String authType){}
public void checkServerTrusted(X509Certificate[] certs, String authType){}
}};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
//ip host verify
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return urlHostName.equals(session.getPeerHost());
}
};
//set ip host verify
HttpsURLConnection.setDefaultHostnameVerifier(hv);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
URL url = new URL(address);
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");// POST
conn.setConnectTimeout(3000);
conn.setReadTimeout(3000);
// set params ;post params
if (params!=null) {
conn.setDoOutput(true);
DataOutputStream out = new DataOutputStream(conn.getOutputStream());
out.write(params.getBytes(Charset.forName("UTF-8")));
out.flush();
out.close();
}
conn.connect();
//get result
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
String result = parsRtn(conn.getInputStream());
return result;
} else {
System.out.println(conn.getResponseCode() + " "+ conn.getResponseMessage());
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (conn != null)
conn.disconnect();
}
return null;
}
除了PHP和JAVA开发之外,C#开发和python 开发可以登录Mob官网短信验证码SDK相关页面查看样例代码(链接:http://www.mob.com/product/sms)
- 2018-09-03 19:14:29
- 2018-09-04 14:54:58
- 2018-10-30 18:28:33
- 2018-11-15 11:10:53
- 2018-11-15 12:04:33
