您可以添加一个额外的列,例如 otpissued 用于将交易时间与 OTP 一起存储,然后检查它是否在时间范围内。
除了当前时间之外,不会向请求的发送者提供时间或提供它,因此无法绕过检查(除非发送者可以使用数据库操纵设备上的时间)。
例如以下是交易表:-
使用:-
`INSERT INTO transactions VALUES(null,1234, julianday('now'));`
会添加一行。
对于演示行可以使用
SELECT id, otp, otpissued, strftime('Addded on %Y-%m-%d at %H:%M:%S',otpissued) AS issued_date_time FROM transactions;- 这只是让交易日期更易于阅读。
所以事务表可以是:-
可以使用以下方式检查交易:-
-- Check if the transaction is valid no row = timed out 1 row = valid
SELECT id,
CASE WHEN julianday('now') >= otpissued
AND julianday('now') <= julianday(otpissued,'+5 minutes')
THEN 'VALID'
ELSE 'INVALID'
END AS validation,
-- Used for testing/demonstation
otp,
strftime('%Y-%m-%d %H:%M %S',julianday('now')) AS current_date_time, -- FOR TESTING/DEMO
strftime('%Y-%m-%d %H:%M %S',otpissued) AS otp_date_time, -- FOR TESTING/DEMO
strftime('%Y-%m-%d %H:%M %S',otpissued, '+5 minutes') AS otp_expiry , -- FOR TESTING/DEMO
julianday(otpissued) AS issued_jd, -- FOR TESTING/DEMO
julianday(otpissued,'+5 minutes') as expiry_jd -- FOR TESTING/DEMO
-- End of additional columns for testing/demonstration
FROM transactions
WHERE otp = 1234
--Alternative will output no rows if invalid (outside time-frame) 1 or more rows if valid (within time-frame)
--WHERE otp = 1234 AND (julianday('now') >= otpissued AND julianday('now') <= julianday(otpissued,'+5 minutes'));
这可能会导致(过期超过 5 分钟):-
当然,上面的检查是:-
SELECT id,
CASE WHEN otp = 1234
AND julianday('now') >= otpissued
AND julianday('now') <= julianday(otpissued,'+5 minutes')
THEN 'VALID'
ELSE 'INVALID'
END AS validation
FROM transactions
WHERE otp = 1234;
在这种情况下,结果将是(如果没有交易符合 WHERE 标准,即具有正确的 otp,则为空):-
如果添加了新行:-
测试有效
(请注意,您可能没有相同的 OTP,并且可能更有选择性,例如使用事务 ID,因此您只能检查 1 行,但这是一个演示)
那么冗长的检查会导致:-
紧凑检查是:-