Why set the validity period of CAPTCHA?

already knows that md5 is irreversible.

there is a simple way to generate token
$token = md5 ($username.$password.$regtime);
1. If you can"t reverse it, why is token only valid for 24 hours?
generated validation link
register/active.php?verify= ".$ token."

2. I know that token does not contain spaces of slash symbols. Why does the code need to write
$verify = stripslashes (trim ($_ GET ["verify"]));
stripslashes when activated? there is no need for
trim and no need for ha

.
Jul.31,2021

think about why session sets the validity period!


first question:

  • set a validity period in order to preserve the consistency of the behavior. To take the simplest example, when A creates an account with an account password, A does not want to activate it, and what if B gets the indirect activation of the token, in some way. In fact, it doesn't matter whether the validity period is set or not. The important thing is to avoid some special cases as far as possible

second question:

  • is pretty much the same, avoiding unexpected behavior. If you apply SQL statements directly when you use token to query, won't it cause sql injection?

I remember someone once said that the CAPTCHA is our last line of defense. If we don't set the validity period, won't this last line of defense also fall down?

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1eb0c05-480d6.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1eb0c05-480d6.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?