security - Firebase auth with PHP,我用对了吗?它安全吗?
问题描述
所以我有一个表格,在表格中我要求用户输入他的电话号码进行验证,然后他的信息将通过 PHP 查询插入到数据库中。
我使用了这段代码:
var firebaseConfig = {
apiKey: "******",
authDomain: "*****",
databaseURL: "https://****",
projectId: "*****",
storageBucket: "",
messagingSenderId: "*****",
appId: "1:****:*****"
};
firebase.initializeApp(firebaseConfig);
// Create a Recaptcha verifier instance globally
// Calls submitPhoneNumberAuth() when the captcha is verified
window.recaptchaVerifier = new firebase.auth.RecaptchaVerifier(
"recaptcha-container",
{
size: "normal",
callback: function(response) {
submitPhoneNumberAuth();
}
}
);
// This function runs when the 'sign-in-button' is clicked
// Takes the value from the 'phoneNumber' input and sends SMS to that phone number
function submitPhoneNumberAuth() {
var phoneNumber = document.getElementById("phoneNumber").value;
var appVerifier = window.recaptchaVerifier;
firebase
.auth()
.signInWithPhoneNumber(phoneNumber, appVerifier)
.then(function(confirmationResult) {
window.confirmationResult = confirmationResult;
})
.catch(function(error) {
console.log(error);
});
}
// This function runs when the 'confirm-code' button is clicked
// Takes the value from the 'code' input and submits the code to verify the phone number
// Return a user object if the authentication was successful, and auth is complete
function submitPhoneNumberAuthCode() {
var code = document.getElementById("code").value;
confirmationResult
.confirm(code)
.then(function(result) {
var user = result.user;
console.log(user);
})
.catch(function(error) {
console.log(error);
});
}
//This function runs everytime the auth state changes. Use to verify if the user is logged in
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
console.log("USER LOGGED IN");
} else {
// No user is signed in.
console.log("USER NOT LOGGED IN");
}
});
验证用户的电话号码。并以我使用的形式:
<div class="verifyCon">
<div class="SMSBox Padding2">
<div>
<span class="Text3"> phone number </span>
</div>
<div>
<input class="InptText" type="tel" id="phoneNumber" maxlength="10" minlength="10" name="uphone" required>
</div>
<div>
<button type="button" class="SMSBut" onclick="submitPhoneNumberAuth()">
<h2 id="sign-in-button" class="Text2"> send </h2>
</button>
</div>
</div>
<div class="SMSBox Padding2">
<div>
<span class="Text3"> code </span>
</div>
<div>
<input class="InptText" type="text" id="code" name="code" maxlength="6" minlength="6" required>
</div>
<div>
<button type="button" class="SMSBut" onclick="submitPhoneNumberAuthCode()">
<h2 id="check-in-button" class="Text2"> check </h2>
</button>
</div>
</div>
</div>
我的问题:
- 它安全吗?用户可以从文件中获取配置信息吗?如果是这样如何保护它?
- 有没有办法确保用户不会在不验证电话号码的情况下提交表单?
- 我是否需要在表单页面中添加 ReCaptcha,或者带有 auth 的就足够了?
- 我不擅长 JavaScript,所以请任何建议将不胜感激。
解决方案
推荐阅读
- javascript - Jquery循环比较没有得到预期的结果
- javascript - 在 React 的组件构造函数中传递函数
- symfony - 一次执行多个请求时,Windows 上的 Doctrine 缓存问题
- javascript - 选项卡控件在 ASP.net MVC 中无法按预期工作
- ios - 如何在 swift 5 中过滤数组以在搜索栏中搜索文本?
- stm32 - STM32 HAL_I2C_Master_Transmit - 为什么我们需要转移地址?
- mysql - 如何在 mySQL 中删除小数点前的前导 0
- python - 使用 numpy trapz 将 2D 数据与 nans 集成
- spring - 对springboot postgres表进行分区
- mysql - MySQL 存储过程 - 将整数变量添加到日期返回 null