我有一个CodeIgniter验证码,正在使用Codeigniter表单验证和规则的回调函数进行验证。以下是我的注册控制器内部的两种方法:
public function index(){
$this->form_validation->set_rules('user_name' , 'Username' , 'trim|required|max_length[32]');
$this->form_validation->set_rules('captcha' , 'Captcha' , 'trim|required|max_length[32]|callback_check_captcha');
$this->form_validation->set_rules('password', 'Password','trim|required|min_length[5]|max_length[12]');
$this->form_validation->set_rules('confirm_password', 'Confirm Password','trim|required|min_length[5]|max_length[12]|matches[password]');
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
if ($this->form_validation->run()==FALSE){
//Captcha code
回叫是:
private function check_captcha($captcha_input){
// First, delete old captchas
$expiration = time() - 7200; // Two hour limit
$this->db->where('captcha_time < ', $expiration)
->delete('captcha');
// Then see if a captcha exists:
$sql = 'SELECT COUNT(*) AS count FROM captcha WHERE word = ? AND ip_address = ? AND captcha_time > ?';
$binds = array($captcha_input, $this->input->ip_address(), $expiration);
$query = $this->db->query($sql, $binds);
$row = $query->row();
if ($row->count == 0){
$this->form_validation->set_message('check_captcha', 'Captcha Fail');
return FALSE;
}else {
return TRUE;
}
}
问题是用户将可以使用URL(http://[::1]/ci/register/check_captcha)访问回调函数。尽管如此,在这种情况下,什么都没有发生,但尽管如此,我还是想学会防止这种情况发生。通常,在CI中,我将功能私有化,不允许用户UR1访问。如果我尝试将check_captcha函数设为私有,我会得到
消息:从上下文'CI_Form_validation中调用私有方法Register :: check_captcha()
我知道form_validation正在从寄存器类外部调用回调。有人可以告诉我在这种情况下如何限制对控制器的URl访问吗?