1. 越权访问
2. 短信轰炸
前端
function sendVerifyCode(){
var mobile = $("#mobile").val();
$.ajax({
url : "${path}/app/user/sendVerifyCode",
method : "post",
data : {
mobile : mobile,
},
success : function(data) {
if(data && data.code){
if(data.code=="1"){
limited = 60;
timedCount();
$.dialog.info("验证码已发送");
$("#validate_verificationCode").text("");
} else {
$("#sendButton").attr("disabled",false);
if(data.value){
for(var i in data.value){
$("label#"+i).text(data.value[i]);
}
}else{
$.dialog.info(data.note);
}
}
}
}
});
}
function timedCount() {
var t;
if(limited == 0) {
$("#sendButton").val("获取短信验证码");
$("#sendButton").attr("disabled",false);
return ;
} else {
$("#sendButton").attr("disabled",true);
var buttonText = "获取短信验证码(" + limited-- + ")";
$("#sendButton").val(buttonText);
t=setTimeout("timedCount()",1000);
}
}
后台:
public void sendVerifyCode(){
Res res = new Res();
String mobile = getPara( "mobile" );
// 校验短信发送时间差
Object lastTime = getSessionAttr("msgValidateCode_time");
if(lastTime != null) {
long lastTimeL = Long.parseLong(lastTime.toString());
long currentTimeL = System.currentTimeMillis();
long timeDiff = currentTimeL - lastTimeL;
String interval = PropKit.get( "sms.interval_time" );
int intervalInt = 1;
try {
if( !StringUtil.isBlank(interval) ) {
intervalInt = Integer.parseInt(interval);
}
} catch (NumberFormatException e) {
}
if(timeDiff < 1000*60*intervalInt) {
res.setCode( OpResult.FAILED.getOrdinalStr() );
res.setNote( "请勿频繁获取短信验证码" );
renderJson( res );
return;
}
}
// 获取短信验证码
String verifyCode = SmsUtil.generateCode();
// 调用第三方接口发送短信
setSessionAttr("msgValidateCode", verifyCode);
String time = System.currentTimeMillis()+"";
setSessionAttr("msgValidateCode_time", time);
setSessionAttr("verifiedMobile", mobile);
renderJson( res );
}
3. Sql注入
扫一扫
2887
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
