Don’t even think about installing the client. If you change the computer time, the program will be over. It is recommended to put it on the server side for authentication. When starting, use HTTP to verify whether it has expired on the server side
It’s very simple, 1. First, use the server to verify the validity of the authorization code; 2. MD5 rules can be generated by adding time. For example, if the authorization is valid for one month, then your MD5 can use MD5(authCode+dateformart( new Date(),"yyyymm")), in this way, the MD5 generated by your authorization code will be the same within a month, that is, the authorization code is valid. Note that it must be verified by the server, and the time must be the server's time; 3 , MD5 rules can be added with a few more layers to prevent them from being cracked by credential stuffing. You can add MD5 (SHA512(salt+authCode+dateformart(new Date(), "yyyymm"))), so that it is basically impossible to crack. Salt can be used. Each authCode generates a random variable and saves it on the server.
There are many methods for this, but there is no guarantee that it will not be cracked.
Simply speaking, you can add time information to the verification code. For example, if the validity period you need is 7 days, then you can use the date of the day you generate the verification code as a factor for generating the verification code. When your program is doing verification, get the current date and push it forward six days, for a total of 7 days, and generate 7 verification codes in the same way for verification. If one of them is correct, it means it has not expired.
The easiest way is to store your md5 encrypted activation code + date in the database. Just judge the time during verification. Of course, the activation code cannot be repeated. You can set a primary key or a unique index
If you use md5 encryption, you cannot put the date in the encrypted string. Use another encrypted string or plain text for the date. If you don’t want to be cracked, use server authentication
It is more convenient to do it on the server side. There are three fields on the server side, expiration time and whether it has been used. The client only needs to know the key
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Don’t even think about installing the client. If you change the computer time, the program will be over. It is recommended to put it on the server side for authentication. When starting, use HTTP to verify whether it has expired on the server side
It’s very simple,
1. First, use the server to verify the validity of the authorization code;
2. MD5 rules can be generated by adding time. For example, if the authorization is valid for one month, then your MD5 can use MD5(authCode+dateformart( new Date(),"yyyymm")), in this way, the MD5 generated by your authorization code will be the same within a month, that is, the authorization code is valid. Note that it must be verified by the server, and the time must be the server's time;
3 , MD5 rules can be added with a few more layers to prevent them from being cracked by credential stuffing. You can add MD5 (SHA512(salt+authCode+dateformart(new Date(), "yyyymm"))), so that it is basically impossible to crack. Salt can be used. Each authCode generates a random variable and saves it on the server.
There are many methods for this, but there is no guarantee that it will not be cracked.
Simply speaking, you can add time information to the verification code.
For example, if the validity period you need is 7 days, then you can use the date of the day you generate the verification code as a factor for generating the verification code.
When your program is doing verification, get the current date and push it forward six days, for a total of 7 days, and generate 7 verification codes in the same way for verification. If one of them is correct, it means it has not expired.
Don’t you also use one number to calculate your MD5? Wouldn't it be enough to just add the time information?
If you don’t want to be cracked, you can only put it on the server. I can provide you with free back-end services, haha
The easiest way is to store your md5 encrypted activation code + date in the database. Just judge the time during verification. Of course, the activation code cannot be repeated. You can set a primary key or a unique index
If you use md5 encryption, you cannot put the date in the encrypted string. Use another encrypted string or plain text for the date. If you don’t want to be cracked, use server authentication
You can design the data structure like this: {'a':'Verification code','b':'Expiration time (length of time from 1970)'}, and then encrypt the string.
It is more convenient to do it on the server side. There are three fields on the server side, expiration time and whether it has been used. The client only needs to know the key
Put it in redis and set the expiration time. . .