短信防刷办法

短信防刷办法

短信接口在业务中是必然会有的，那么怎么保证接口被刷呢？
我简单总结一下我的想法

1. 首先可以考虑在页面上加上 验证码。可以减少人为的刷票
2. 大量的被刷还应该是直接对接口的调用，这里面应该怎样防止被刷呢
3. 可以考虑业务端 和 借口段 对应 token 识别表单令牌是否合法，但是这个令牌必须要一直变。不变的话就没有意义了。（时间，其他的变化的参数都可以成为token的元素）
4. 还可以考虑对IP的限制。每个IP不可以调用太多的接口
5. 每个手机号每天的调用次数也要限制
6. 这些都有可能被攻克，做好预警监控机制。一段时间短信变化明显，或者超过预期的数量，要及时查看系统是否正常运行，

/*** 手机登录验证码* @author marain* @time  2017-06-27* */public function get_code(){$phone  =   $_REQUEST['tel'];$token_key =   $_REQUEST['token_key'];$key='marain';$now=date('Y-m-d');$signkey=md5($key.$now.$phone.'marain'); //根据手机号和时间产生 tokenif ($token_key !== $signkey){$result = array();$result['code']     =400;$result['msg']      ='4001:令牌错误';$result['info']     = '';echo json_encode($result);exit();}if ($phone==''){$result = array();$result['code']     =400;$result['msg']      ='4002:电话不能为空';$result['info']     = '';echo json_encode($result);exit();}if (!preg_match("/^1[34578]d{9}$/", $phone)){$result = array();$result['code']     =400;$result['msg']      ='4003:电话格式不正确';$result['info']     = '';echo json_encode($result);exit();}$ip=get_client_ip();$where_ip['create_ip']=$ip;//ip控制$sms_data = M('App_sms')->where($where_ip)->select();$today_date = date('Y-m-d');$total_onoip_count=0;foreach ($sms_data as $k1=>$v1){if(substr($v1['create_time'],0,10) == $today_date){$total_onoip_count++;}}if (count($sms_data) > 500){//ip 大于500报警}if ($total_onoip_count> 100){//单日ip 大于100报警}$where_who['tel_number']=$phone;$sms_data = M('App_sms')->where($where_who)->order("id desc")->select();//这个手机号没有注册if(empty($sms_data)){$code = $this->_create_code();$this->send_sms($phone, $code, $ip);$result = array();$result['code']    =200;$result['msg']    ='获取成功';$result['info']     = $code;echo json_encode($result);exit();}$total_send_count = 0;foreach($sms_data as $key1=>$row1){if(empty($key1)){$last_send_time = $row1['create_time'];}if(substr($row1['create_time'],0,10) == $today_date){$total_send_count++;$code = $row1['code'];}}if(empty($code)) $code = $this->_create_code();if((strtotime($last_send_time) + 60) > time()){$result['code']    =400;$result['msg']    ='4004:获取失败，请不要频繁获取';$result['info']     = '';}else{if($total_send_count < 30){$this->send_sms($phone, $code, $ip);$result['code']     =200;$result['msg']      ='获取成功';$result['info']     = $code;}else{$result['code']    =400;$result['msg']    ='4005:获取失败,每人每天只能获取三十次验证码';$result['info']     = '';}}echo json_encode($result);exit();}/*** 产生验证码*/public function _create_code($length=4,$type="number"){$array = array('number' => '0123456789','string' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ','mixed' => '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ',);$string = $array[$type];$count = strlen($string)-1;$rand = '';for ($i = 0; $i < $length; $i++) {$rand .= $string[mt_rand(0, $count)];}return $rand;}
private function send_sms($mobile, $code, $ip){if(empty($mobile) || empty($code) || empty($ip)) return false;$content = '您的注册验证码是'.$code;$url='发送短信接口'//$send_result = file_get_contents($url);$data = array();$data['tel_number'] = $mobile;$data['content'] = $content;$data['code'] = $code;$data['create_time'] = date('Y-m-d H:i:s');$data['create_ip'] = get_client_ip();$data['send_result'] = $send_result;$insertid = M('App_sms')->add($data);if($insertid) return true;return false;}