Fatal编程技术网
  • security/
  • Security Firebase auth与PHP,我使用它对吗?安全吗?

Security Firebase auth与PHP,我使用它对吗?安全吗?

security javascript

Security Firebase auth与PHP,我使用它对吗?安全吗?,security,javascript,Security,Javascript,所以我有一个表单,在表单中我要求用户输入他的电话号码以进行验证,然后他的信息将通过PHP查询插入DB 我使用了以下代码: var firebaseConfig = { apiKey: "******", authDomain: "*****", databaseURL: "https://****", projectId: "*****", storageBucket: &qu

所以我有一个表单,在表单中我要求用户输入他的电话号码以进行验证,然后他的信息将通过PHP查询插入DB

我使用了以下代码:

var firebaseConfig = {
    apiKey: "******",
    authDomain: "*****",
    databaseURL: "https://****",
    projectId: "*****",
    storageBucket: "",
    messagingSenderId: "*****",
    appId: "1:****:*****"
  };

  firebase.initializeApp(firebaseConfig);

  // Create a Recaptcha verifier instance globally
  // Calls submitPhoneNumberAuth() when the captcha is verified
  window.recaptchaVerifier = new firebase.auth.RecaptchaVerifier(
    "recaptcha-container",
    {
      size: "normal",
      callback: function(response) {
        submitPhoneNumberAuth();
      }
    }
  );

  // This function runs when the 'sign-in-button' is clicked
  // Takes the value from the 'phoneNumber' input and sends SMS to that phone number
  function submitPhoneNumberAuth() {
    var phoneNumber = document.getElementById("phoneNumber").value;
    var appVerifier = window.recaptchaVerifier;
    firebase
      .auth()
      .signInWithPhoneNumber(phoneNumber, appVerifier)
      .then(function(confirmationResult) {
        window.confirmationResult = confirmationResult;
      })
      .catch(function(error) {
        console.log(error);
      });
  }

  // This function runs when the 'confirm-code' button is clicked
  // Takes the value from the 'code' input and submits the code to verify the phone number
  // Return a user object if the authentication was successful, and auth is complete
  function submitPhoneNumberAuthCode() {
    var code = document.getElementById("code").value;
    confirmationResult
      .confirm(code)
      .then(function(result) {
        var user = result.user;
        console.log(user);
      })
      .catch(function(error) {
        console.log(error);
      });
  }

  //This function runs everytime the auth state changes. Use to verify if the user is logged in
  firebase.auth().onAuthStateChanged(function(user) {
    if (user) {
      console.log("USER LOGGED IN");
    } else {
      // No user is signed in.
      console.log("USER NOT LOGGED IN");
    }
  });
验证用户的电话号码。以我使用的形式:

 <div class="verifyCon">
                    <div class="SMSBox Padding2">
                        <div>
                            <span class="Text3"> phone number </span>
                        </div>
                        <div>
                            <input class="InptText" type="tel" id="phoneNumber" maxlength="10" minlength="10" name="uphone" required>
                        </div>
                        <div>
                            <button type="button" class="SMSBut" onclick="submitPhoneNumberAuth()">
                                <h2 id="sign-in-button" class="Text2"> send </h2>
                            </button>
                        </div>
                    </div>
                    <div class="SMSBox Padding2">
                        <div>
                            <span class="Text3"> code </span>
                        </div>
                        <div>
                            <input class="InptText" type="text" id="code" name="code" maxlength="6" minlength="6" required>
                        </div>
                        <div>
                            <button type="button" class="SMSBut" onclick="submitPhoneNumberAuthCode()">
                                <h2 id="check-in-button" class="Text2"> check </h2>
                            </button>
                        </div>
                    </div>
                </div>


电话号码
发送
代码
检查
我的问题是:

  • 安全吗?用户能否从文件中获取配置信息?如果是,如何确保安全
  • 有没有办法确保用户不会在没有验证电话号码的情况下提交表单
  • 我是否需要在表单页面中添加ReCaptcha,或者使用auth就足够了
  • 我不擅长JavaScript,因此请提供任何建议,我们将不胜感激