thinkphp整合系列之极验滑动验证码geetest功能
发布:smiling 来源: PHP粉丝网 添加日期:2021-11-26 11:29:06 浏览: 评论:0
给一个央企做官网,登录模块用的thinkphp验证码类。但是2019-6-10到12号,国家要求央企检验官网漏洞,防止黑客攻击,正直贸易战激烈升级时期,所以各事业单位很重视官网安全性,于是乎集团总部就委托了宁波一个专业检测公司用专业工具检测出,后台验证码能用打码工具暴力破解,发函要求整改,so,就有了下面的极速验证图形。
官网:http://www.geetest.com/
一:注册获取key
注册;创建应用;获取key;
二:导入sdk
/ThinkPHP/Library/Org/Xb/GeetestLip.class.php(此处GeetestLip.class.php是我重新命名的geetest类文件,原名为class.geetestlib.php)
此处牵扯到thinkphp引入第三方类,我把第三方类放到Org/Util/Xb下面了,同时对该类文件加入命名空间如下,否则实例化类时找不到文件
三:生成验证样式
admin/view/public/cdtsh_log_smfyws.php
- <!doctype html>
- <html>
- <head>
- <meta charset="GBK" />
- <title>网站管理系统后台</title>
- <script language="javascript" type="text/javascript" src="__JS__/jquery.js"></script>
- <link rel="stylesheet" href="__CSS__/jquery.validator.css">
- <script type="text/javascript" src="__JS__/jquery.validator.js"></script>
- <script type="text/javascript" src="__JS__/zh_CN.js"></script>
- <link href="__CSS__/admin_login.css?v20130227" rel="stylesheet" />
- <script>
- $(document).ready(function(){
- var verifyimg = $(".verifyimg").attr("src");
- $(".reloadverify").click(function(){
- if( verifyimg.indexOf('?')>0){
- $(".verifyimg").attr("src", verifyimg+'&random='+Math.random());
- }else{
- $(".verifyimg").attr("src", verifyimg.replace(/\?.*$/,'')+'?'+Math.random());
- }
- });
- });
- </script>
- </head>
- <body>
- <div class="wrap">
- <h1><a href="javascript:;" style="height: 116px; width: 250px;">后台管理中心</a></h1>
- <form method="post" action="{:U('Admin/Public/cdtsh_log_smfyws')}">
- <div class="login">
- <ul>
- <li>
- <input class="input" id="username" name="username"type="text" title="用户名" data-rule="required;username" placeholder="用户名" />
- <span class="msg-box n-right" style="position:absolute; left: 248px; top: 12px; " for="username"></span>
- </li>
- <li>
- <input class="input" name="password" type="password" title="密码" data-rule="required;password" placeholder="密码"/>
- <span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="password"></span>
- </li>
- <li>
- <input class="input" id="verify" name="verify" type="text" style="width:130px;" title="密码" data-ok=" " placeholder="验证码" data-tip="输入验证码!" title="验证码" data-rule="required;text;remote[{:U('Admin/Public/check_verify')}]" />
- <div class="yanzhengma_box" id="verifyshow"> <img class="verifyimg reloadverify" style=" cursor: pointer;" align="right" src="{:U('public/verify')}" title="点击刷新"> </div>
- <span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="verify"></span>
- </li>
- </ul>
- <ul>
- <!--<input type="button" value="异步验证登录" onclick="check_verify()">-->
- <!--<input type="submit" value="post提交登录">-->
- <div id="captcha"></div>
- </ul>
- <button type="submit" class="btn" id="subbtn">登录</button>
- </div>
- </form>
- </div>
- <script src="http://static.geetest.com/static/tools/gt.js"></script>
- <script>
- var handler = function (captchaObj) {
- // 将验证码加到id为captcha的元素里
- captchaObj.appendTo("#captcha");
- };
- // 获取验证码
- $.get("{:U('Admin/Public/verifys')}", function(data) {
- // 使用initGeetest接口
- // 参数1:配置参数,与创建Geetest实例时接受的参数一致
- // 参数2:回调,回调的第一个参数验证码对象,之后可以使用它做appendTo之类的事件
- initGeetest({
- gt: data.gt,
- challenge: data.challenge,
- product: "float", // 产品形式
- offline: !data.success,
- new_captcha:'true',
- width:'260px',
- }, handler);
- },'json');
- </script>
- </body>
- </html>
四:验证函数
/Application/Common/Common/function.php
- /**
- * geetest检测验证码
- */
- function geetest_chcek_verify($data){
- $geetest_id = "7149e2021d7938157e";
- $geetest_key = "62b92039e1e9cf9455";
- $geetest=new \Org\Util\Xb\GeetestLib($geetest_id,$geetest_key);
- $user_id=$_SESSION['geetest']['user_id'];
- $ip_address=$_SESSION['geetest']['ip_address'];
- $dataa = array(
- "user_id" => $user_id, # 网站用户id
- "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生SDK植入APP应用的方式
- "ip_address" => $ip_address, # 请在此处传输用户请求验证时所携带的IP
- );
- if ($_SESSION['geetest']['gtserver']==1){
- $result=$geetest->success_validate($data['geetest_challenge'], $data['geetest_validate'], $data['geetest_seccode'], $dataa);
- //return $result;
- if ($result) {
- //return 11;
- return true;
- } else{
- //return 22;
- return false;
- }
- }else{
- if ($geetest->fail_validate($data['geetest_challenge'],$data['geetest_validate'],$data['geetest_seccode'])) {
- //return 33;
- return true;
- }else{
- //return 44;
- return false;
- }
- }
- }
- //获取id地址
- function GetIP() {
- if (!emptyempty($_SERVER["HTTP_CLIENT_IP"])) {
- $cip = $_SERVER["HTTP_CLIENT_IP"];
- } elseif (!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
- $cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
- } elseif (!emptyempty($_SERVER["REMOTE_ADDR"])) {
- $cip = $_SERVER["REMOTE_ADDR"];
- } else {
- $cip = "无法获取!";
- }
- return $cip;
- }
五:php 生成验证码 并 验证
- //极速验证
- public function verifys(){
- //require_once dirname(dirname(dirname(__FILE__))) . '/lib/class.geetestlib.php';
- //require_once dirname(dirname(__FILE__)) . '/config/config.php';
- // $GtSdk = new GeetestLib(CAPTCHA_ID, PRIVATE_KEY);
- $geetest_id = "7149e2021d7938157e9";
- $geetest_key = "62b92039e1e9cf";
- $geetest=new \Org\Util\Xb\GeetestLib($geetest_id,$geetest_key);
- //dump($geetest);die;
- $user_id = "test";
- $data = array(
- "user_id" => $user_id, # 网站用户id
- "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生SDK植入APP应用的方式
- "ip_address" => GetIP(), # 请在此处传输用户请求验证时所携带的IP
- );
- $status = $geetest->pre_process($data,1);
- //dump($status);
- $_SESSION['geetest']=array(
- 'gtserver'=>$status,
- 'user_id'=>$user_id,
- 'ip_address'=>GetIP(),
- );
- echo $geetest->get_response_str();
- }
- public function cdtsh_log_smfyws() {
- if ($_SESSION['userid']) {
- $this->redirect('Admin/Index/Index');
- } else {
- if (IS_POST) {
- $username = $_POST['username'];
- $password = $_POST['password'];
- //$geetest_challenge = $_POST['geetest_challenge'];
- //$geetest_validate = $_POST['geetest_validate'];
- //$geetest_seccode = $_POST['geetest_seccode'];
- $data=I('post.');
- if($data['geetest_challenge']=="" || $data['geetest_validate']=="" ||$data['geetest_seccode']=="" ){
- $this->error('请进行图形验证');
- }else{
- //dump(geetest_chcek_verify($data));
- if (geetest_chcek_verify($data)){
- //echo '验证成功';
- if ($this->loginAdmin($username, $password)) {
- $data = M("User")->where("username='".$username."' and password='".md5($password)."'")->find();
- if ($data["status"] != 1) {
- //判断是否禁用
- $this->recordLoginAdmin($_POST['username'], $_POST['password'], 0, "账号禁用"); //记录登录日志
- $this->error('该帐号禁用');
- } else {
- $save["lastlogin_time"] = time();
- $save["lastlogin_ip"] = get_client_ip();
- $save["login_num"] = $data["login_num"] + 1;
- $status = M("user")->where(array("id" => $data['id']))->save($save);
- $_SESSION['userid'] = $data['id'];
- $_SESSION['user'] = $data['username'];
- $_SESSION['rid'] = $data['a_Id'];
- $this->recordLoginAdmin($_POST['username'], $_POST['password'], 1); //记录登录日志
- $this->redirect('Admin/Index/Index');
- //$this->success('登录成功',U('Admin/Index/Index'));
- }
- } else {
- $this->recordLoginAdmin($_POST['username'], $_POST['password'], 0, "账号密码错误"); //记录登录日志
- $this->error('登录失败');
- }
- }else{
- //echo '图形验证失败';
- $this->error('图形验证失败');
- }
- }
- } else {
- $this->display();
- }
- }
- }
到这里就结束了
Tags: thinkphp滑动验证码 geetest
推荐文章
热门文章
最新评论文章
- 写给考虑创业的年轻程序员(10)
- PHP新手上路(一)(7)
- 惹恼程序员的十件事(5)
- PHP邮件发送例子,已测试成功(5)
- 致初学者:PHP比ASP优秀的七个理由(4)
- PHP会被淘汰吗?(4)
- PHP新手上路(四)(4)
- 如何去学习PHP?(2)
- 简单入门级php分页代码(2)
- php中邮箱email 电话等格式的验证(2)