English
English
With the rapid development of the internet, SMS verification codes have become a common security measure for websites and apps. Setting an expiry time for these codes is an essential step to protect user privacy and account security. This article introduces how to use PHP to implement automatic expiry verification for SMS codes, ensuring that the codes are valid within a specific time frame.
First, we need to design a database table to store the SMS code information, such as phone number, verification code, generation time, and expiry time. Below is a simple table design example:
CREATE TABLE sms_verification (<br> id int(11) NOT NULL AUTO_INCREMENT,<br> phone varchar(20) NOT NULL,<br> code varchar(6) NOT NULL,<br> generate_time int(11) NOT NULL,<br> expiry_time int(11) NOT NULL,<br> PRIMARY KEY (id)<br>) ENGINE=InnoDB DEFAULT CHARSET=utf8;
When a user requests to send an SMS verification code, we need to generate a random code, store it in the database, and record the generation and expiry time. Here’s an example of the PHP function:
function sendSMSVerificationCode($phone) {<br> // Generate a random verification code<br> $code = rand(100000, 999999);<br> $generateTime = time();<br> $expiryTime = $generateTime + 600; // The code is valid for 10 minutes<br><br> // Insert the verification code into the database<br> $sql = "INSERT INTO sms_verification (phone, code, generate_time, expiry_time) VALUES ('$phone', '$code', '$generateTime', '$expiryTime')";<br> // Execute the insert query (use PDO to prevent SQL injection)<br> // ...<br><br> // Send the SMS verification code<br> // ...<br><br> return $code;<br>}When the user submits the code for verification, we need to ensure that the code is both correct and has not expired. Below is an example of how to implement this:
function verifySMSVerificationCode($phone, $code) {<br> // Query the database for the verification code information<br> $sql = "SELECT * FROM sms_verification WHERE phone='$phone' ORDER BY generate_time DESC LIMIT 1";<br> // Execute the query (use PDO to prevent SQL injection)<br> // ...<br><br> // Get the query result<br> $verificationInfo = $stmt->fetch(PDO::FETCH_ASSOC);<br><br> // If no code was found, it's invalid<br> if (!$verificationInfo) {<br> return false;<br> }<br><br> // Check if the code has expired<br> if (time() > $verificationInfo['expiry_time']) {<br> return false;<br> }<br><br> // Check if the code matches<br> if ($code != $verificationInfo['code']) {<br> return false;<br> }<br><br> // If valid, delete the code from the database<br> $sql = "DELETE FROM sms_verification WHERE id={$verificationInfo['id']}";<br> // Execute the delete query<br> // ...<br><br> return true;<br>}In real-world applications, there are other edge cases to consider, such as database errors or SMS sending failures. Additionally, to improve security, you can implement mechanisms like limiting the frequency of SMS sending or limiting the number of incorrect attempts to enter the code.
Implementing automatic expiry verification for SMS codes in PHP is an effective way to enhance application security. By designing a proper database table structure and using appropriate PHP logic, we can ensure that the codes are verified within their validity period, reducing misuse. This will help improve the security of user accounts and protect their privacy.
