User registration scenario - SMS verification solution

Keywords: PHP

The mobile phone number verification function is basically used in the new user registration link of the website or APP. Whether the function is safe and stable will directly affect the conversion rate of new registered users.

When enterprises use the new user registration function, they usually encounter the following two problems:

1, SMS interface is brushed

1. Cause
Because the new user registration page is exposed in the open network environment, anyone can call this function; Some illegal software will take advantage of this feature and simulate manual access to a large number of SMS verification codes;

2. Adverse consequences
Because the software can request short messages with high concurrency, it will lead to the following adverse consequences:

    1) Your company's SMS is consumed maliciously;
    2) Because the SMS is sent in the name of your company, it will have a certain negative impact on your company's brand;
    3) Harassed users may complain, which will have a certain impact on the normal sending of SMS and the safety and stability of SMS channel of your company.

3. Solution
In addition to your company's necessary protection on the new user registration page, the SMS platform also provides the following functions to help you reduce the risk of SMS verification code interface being brushed:

    1) Exception sending interception: analyze the sending characteristics of each SMS submitted by the interface in real time. In case of exception, execute real-time interception immediately, so as to save you a lot of SMS costs.
    2) Maximum sending volume setting: set the maximum daily SMS sending volume of the account according to the actual business situation. After reaching the set threshold, the system will suspend SMS sending and push SMS notification to the administrator.
    3) Maximum daily sending volume per number: you can limit the maximum daily sending volume of a single mobile phone number.

2, Some users cannot receive or delay receiving verification code SMS

1. Cause
Due to user unsubscribing, complaints, operator channel failure, channel congestion, user mobile phone problems and other factors, some customers cannot receive verification code SMS, which affects the promotion and transformation of your company.

2. Adverse consequences
If the newly registered user fails to receive the verification code SMS, the following effects will occur:

    1) Loss of customers due to users' failure to receive registration verification SMS;
    2) Some users who can't receive SMS will feed back to the company's customer service to increase the pressure of after-sales work;
    3) The recognition of the company's brand is reduced.

3. SMS platform solution
In order to maximize the arrival rate of verification code SMS, the SMS interface also provides the following value-added services:

    1) Automatic reissue in case of failure: real-time detection of SMS delivery status. In case of failure, the system will automatically use another SMS channel for reissue in real time;
    2) Abnormal automatic reissue: for some special cases, if the customer does not receive the registration verification SMS within 10 seconds (time can be set), the system will automatically call another SMS channel to resend one;
    3) Voice automatic supplementary call: it can be set that when the user clicks the get verification code short message button for the third time, the system will broadcast the verification code number to the customer by telephone voice.

Code example

//Interface type: mutual wireless trigger SMS interface, which supports sending verification code SMS, order notification SMS, etc.
 // Account registration: please open an account through this address
 // matters needing attention:
 //(1) During debugging, please use the system default SMS content: your verification code is: [variable]. Please don't disclose the verification code to others.
 //(2) Please use APIID and APIKEY to call the interface, which can be obtained in the member center;
 //(3) The code is only for reference to access the mutual wireless SMS interface. Customers can write it by themselves according to their actual needs;
header("Content-type:text/html; charset=UTF-8");
//Request data to the SMS interface and check whether curl init is enabled in the environment.
function Post($curlPost,$url){
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_HEADER, false);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_NOBODY, true);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $curlPost);
        $return_str = curl_exec($curl);
        return $return_str;
//Convert xml data to array format.
function xml_to_array($xml){
    $reg = "/<(\w+)[^>]*>([\\x00-\\xFF]*)<\\/\\1>/";
    if(preg_match_all($reg, $xml, $matches)){
        $count = count($matches[0]);
        for($i = 0; $i < $count; $i++){
        $subxml= $matches[2][$i];
        $key = $matches[1][$i];
            if(preg_match( $reg, $subxml )){
                $arr[$key] = xml_to_array( $subxml );
                $arr[$key] = $subxml;
    return $arr;
//The random() function returns a random integer.
function random($length = 6 , $numeric = 0) {
    PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000);
    if($numeric) {
        $hash = sprintf('%0'.$length.'d', mt_rand(0, pow(10, $length) - 1));
    } else {
        $hash = '';
        $chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789abcdefghjkmnpqrstuvwxyz';
        $max = strlen($chars) - 1;
        for($i = 0; $i < $length; $i++) {
            $hash .= $chars[mt_rand(0, $max)];
    return $hash;
//SMS interface address
$target = "";
//Get phone number
$mobile = $_POST['mobile'];
//Get verification code
$send_code = $_POST['send_code'];
//Generated random number
$mobile_code = random(4,1);
    exit('Mobile phone number cannot be empty');
//Protection against malicious user requests
if(empty($_SESSION['send_code']) or $send_code!=$_SESSION['send_code']){
    exit('The request timed out. Please refresh the page and try again');
$post_data = "account=user name&password=password&mobile=".$mobile."&content=".rawurlencode("Your verification code is:".$mobile_code.". Please don't disclose the verification code to others.");
//View user name login user center - > verification code notification SMS > Product Overview - > API interface information - > apiid
//View password login user center - > verification code notification SMS > Product Overview - > API interface information - > apikey
$gets =  xml_to_array(Post($post_data, $target));
    $_SESSION['mobile'] = $mobile;
    $_SESSION['mobile_code'] = $mobile_code;
echo $gets['SubmitResult']['msg'];

Posted by broann on Tue, 02 Nov 2021 03:59:57 -0700