05 图灵验证码
安全122 字
■ 验证码生成
场景:用户注册、密码重置、密码找回时。
说明:复杂度至少4位数字或字母,或者采用拼图等验证方式,一次一用,建议有效期不超过180秒。 Java示例:后端生成验证码。
PHP 示例:后端生成验证码。
<?php
session_start();
$width = 100;
$height = 30;
$image = imagecreatetruecolor($width, $height);
$black = imagecolorallocate($image, 0, 0, 0);
$bgcolor = imagecolorallocate($image, 255, 255, 255);
imagefill($image, 0, 0, $bgcolor);
$captch_code = "";
for ($i=0; $i<4; $i++) {
$fontsize = 6;
$fontcolor = imagecolorallocate($image, rand(0, 100), rand(0, 100), rand(0, 100));
$data = 'abcdefghijkmnpqrstuvwxyABCDEFGHIJKLMNOPQRSTUVWXYZ123456789';
$fontcontent = substr($data, rand(0, strlen($data)-1), 1);
$captch_code .= $fontcontent;
$x = ($i*100/4) + rand(5, 10);
$y = rand(5, 15);
imagestring($image, $fontsize, $x, $y, $fontcontent, $fontcolor);
}
$_SESSION['captch_code'] = $captch_code;
for ($i<0; $i<200; $i++) {
$pointcolor = imagecolorallocate($image, rand(50, 200), rand(50, 200), rand(50, 200));
imagesetpixel($image, rand(1, $width-1), rand(1, $height-1), $pointcolor);
}
for ($i=0; $i<3; $i++) {
$linecolor = imagecolorallocate($image, rand(100, 200), rand(100, 200), rand(100, 200));
imageline($image, rand(1, $width-1), rand(1, $height-1), rand(1, $width-1), rand(1, $height-1), $linecolor);
}
header('Content-Type:image/png');
imagepng($image);
imagedestroy($image);
?>html 用户登录页面增加验证码功能
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<form method="post">
<table>
<tr><td>用户名:</td><td><input type="text" name="username" placeholer="请输入用户名……"/></td></tr>
<tr><td>密 码:</td><td><input type="password" name="password" /></td></tr>
<tr><td>验证码:</td><td><input type='text' name='check' id='icode' value=''/><span id='checkcode'></span></td></tr>
<tr><td><img id='captch' border='1' src="__CONTROLLER__/image?r=<?php echo rand();?>" width='100' heigth='30'/></td>
<td><a href='javascript:void(0)' onclick="document.getElementById('captch').src='__CONTROLLER__/image?r='+Math.random()">看不清?</a></td></tr>
<tr><td><input type="reset" value="取消" /></td><td><input type="submit" value="登录" /></td></tr>
</table>
</form>
<script>
document.getElementById("icode").onblur=function() {
if (window.XMLHttpRequest) {
request = new XMLHttpRequest();
} else {
request = new ActiveXObject("Microsoft.XMLHTTP");
}
var url="check?checkcode="+document.getElementById("icode").value;
request.open('GET', url, true);
request.send();
request.onreadystatechange = function() {
if (request.readyState == 4) {
if (request.status == 200) {
document.getElementById("checkcode").innerHTML = request.responseText;
} else {
alert("错误:" + request.status);
}
}
}
}
</script>
</body>
</html>验证码校验功能实现。
<?php
function checkCode($code, $userid) {
session_start();
if (!isset($_SESSION[static::MESSAGE_CODE_TIME]) || !isset($_SESSION[static::MESSAGE_CODE])) {
echo "Error: code is null.";
return -1;
}
if ($_SESSION[static::MESSAGE_CODE_TIME] + 60*3 < time()) {
$this->unsetCode();
echo "Error: code timeout.";
return -1;
}
if ($_SESSION[static::MESSAGE_CODE] == $code && $_SESSION[static::MESSAGE_CODE_USER] == $userid) {
$this->unsetCode();
return 0;
}
echo "Error, check code fail.";
return -1;
}
?>