php实现动态口令认证的示例代码
发布:smiling 来源: PHP粉丝网 添加日期:2024-03-25 21:05:17 浏览: 评论:0
谷歌身份验证器Google Authenticator是谷歌推出的一款动态口令工具,解决大家各平台账户遭到恶意攻击的问题,一般在相关的服务平台登陆中除了用正常用户名和密码外,需要再输入一次谷歌认证器生成的动态口令才能验证成功,相当于输入二次密码,以达到账户的高安全性。
例如交易所、金融平台、以及一些钱包等项目等等,都会使用谷歌身份验证器Google Authenticator来做二次认证,开启谷歌身份验证之后,登录账户,除了输入用户名和密码,还需要输入谷歌验证器上的动态密码。谷歌验证器上的动态密码,也称为一次性密码,密码按照时间或使用次数不断动态变化(默认 30 秒变更一次)
代码参考:https://github.com/PHPGangsta/GoogleAuthenticator
关键代码:
- <?php
- // https://github.com/PHPGangsta/GoogleAuthenticator
- error_reporting(0);// 关闭错误报告
- session_start(); // 启动session
- require_once 'PHPGangsta/GoogleAuthenticator.php';
- $ga = new PHPGangsta_GoogleAuthenticator();
- // $secret = $ga->createSecret();
- // 自定义安全密钥
- $secret = "62H6TMAXQTZBVTRB";
- // 手机端扫描二维码获取动态口令
- $qrCodeUrl = $ga->getQRCodeGoogleUrl('username', $secret);
- echo "二维码地址: ".$qrCodeUrl."\n\n";
- // 输出动态口令
- $oneCode = $ga->getCode($secret);
- echo "本次登录的动态口令:'$oneCode'\n";
- // 动态口令认证
- $checkResult = $ga->verifyCode($secret, $password,2); // 2 = 2*30sec clock tolerance
- if ($checkResult) {
- $_SESSION['username'] = $username;
- echo "<h1>登录成功!</h1>";
- header("Refresh: 5; url=main.php");
- exit;
- } else {
- echo "<h1>登录失败!</h1>";
- header("Refresh: 3; url=login.html");
- exit;
- }
- ?>
使用方法:
手机端安装 Microsoft Authenticator
下载地址:https://www.microsoft.com/en-us/security/mobile-authenticator-app
将以上代码生成的二维码地址在浏览器中访问
手机端扫描二维码获取动态验证码
代码示例:
login.html
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>系统运维管理平台</title>
- <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" />
- </head>
- <body>
- <div id="login">
- <h1>Login</h1>
- <form method="post" action="login.php">
- <input type="text" required="required" placeholder="用户名" name="username"></input>
- <input type="password" required="required" placeholder="密码" name="password"></input>
- <button class="but" type="submit">登录</button>
- </form>
- </div>
- </body>
- </html>
login.php
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>系统运维管理平台</title>
- <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" />
- </head>
- <body>
- <div id="login">
- <?php
- // https://github.com/PHPGangsta/GoogleAuthenticator
- error_reporting(0);// 关闭错误报告
- session_start(); // 启动session
- require_once 'PHPGangsta/GoogleAuthenticator.php';
- $ga = new PHPGangsta_GoogleAuthenticator();
- // $secret = $ga->createSecret();
- # 自定义安全密钥
- $secret = "62H6TMAXQTZBVTRB";
- // $qrCodeUrl = $ga->getQRCodeGoogleUrl('admin', $secret);
- // echo "二维码: ".$qrCodeUrl."\n\n";
- // 检查用户是否已经登录
- if (isset($_SESSION['username'])) {
- // 用户已登录,显示用户信息或其他操作
- header("Refresh: 3; url=main.php");
- } else {
- if(!isset($_SESSION['num'])){//isset() — 检测num变量是否设置。
- $_SESSION['num'] = 0;
- }
- // 密码输入错误3次,将不允许登录!
- if($_SESSION['num']<3){
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- $username = $_POST['username'];
- $password = $_POST['password'];
- //此处应该从数据库中查询是否存在系统用户,再进行口令验证
- if($username){
- $oneCode = $ga->getCode($secret);
- echo "本次登录的动态口令:'$oneCode'\n";
- $checkResult = $ga->verifyCode($secret, $password,2); // 2 = 2*30sec clock tolerance
- if ($checkResult) {
- $_SESSION['username'] = $username;
- echo "<h1>登录成功!</h1>";
- header("Refresh: 5; url=main.php");
- exit;
- } else {
- $_SESSION['num']++;
- echo "<h1>登录失败!</h1>";
- header("Refresh: 3; url=login.html");
- exit;
- }
- }else{
- echo "<h1>登录失败!</h1>";
- header("Refresh: 3; url=login.html");
- exit;
- }
- } else {
- header("Location: login.html");
- exit;
- }
- }else{
- echo "<h1>密码输入错误已超过3次,系统已不允许登录!</h1>";
- header("Refresh: 3; url=login.html");
- exit;
- }
- }
- ?>
- </div>
- </body>
- </html>
main.php
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>系统运维管理平台</title>
- <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" />
- </head>
- <body>
- <div id="login">
- <?php
- session_start(); // 启动session
- if (isset($_SESSION['username'])) {
- echo "<h2>".$_SESSION['username']."您已登录!</h2>";
- echo "<h2><a href='logout.php'>退出登录</a></h2>";
- } else{
- header("Refresh: 3; url=login.html");
- }
- ?>
- </body>
- </html>
logout.php
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>系统运维管理平台</title>
- <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" />
- </head>
- <body>
- <div id="login">
- <?php
- session_start();
- if(isset($_SESSION['username']))
- {
- session_destroy();
- }
- header("Refresh: 3; url=login.html");
- ?>
- </body>
- </html>
login.css
- html{
- width: 100%;
- height: 100%;
- overflow: hidden;
- font-style: sans-serif;
- }
- body{
- width: 100%;
- height: 100%;
- font-family: 'Open Sans',sans-serif;
- margin: 0;
- background-color: #4A374A;
- }
- #login{
- position: absolute;
- top: 50%;
- left:50%;
- margin: -150px 0 0 -150px;
- width: 300px;
- height: 300px;
- }
- #login h1,h2{
- color: #fff;
- /* text-shadow:0 0 10px; */
- letter-spacing: 1px;
- text-align: center;
- }
- h1,h2{
- font-size: 2em;
- margin: 0.67em 0;
- }
- input{
- width: 278px;
- height: 18px;
- margin-bottom: 10px;
- outline: none;
- padding: 10px;
- font-size: 13px;
- color: #fff;
- /* text-shadow:1px 1px 1px; */
- border-top: 1px solid #312E3D;
- border-left: 1px solid #312E3D;
- border-right: 1px solid #312E3D;
- border-bottom: 1px solid #56536A;
- border-radius: 4px;
- background-color: #2D2D3F;
- }
- .but{
- width: 300px;
- min-height: 20px;
- display: block;
- background-color: #4a77d4;
- border: 1px solid #3762bc;
- color: #fff;
- padding: 9px 14px;
- font-size: 15px;
- line-height: normal;
- border-radius: 5px;
- margin: 0;
- }
Tags: php动态口令认证
- 上一篇:PHP 超高性能可扩展HTTP服务框架Webman
- 下一篇:最后一页
推荐文章
热门文章
最新评论文章
- 写给考虑创业的年轻程序员(10)
- PHP新手上路(一)(7)
- 惹恼程序员的十件事(5)
- PHP邮件发送例子,已测试成功(5)
- 致初学者:PHP比ASP优秀的七个理由(4)
- PHP会被淘汰吗?(4)
- PHP新手上路(四)(4)
- 如何去学习PHP?(2)
- 简单入门级php分页代码(2)
- php中邮箱email 电话等格式的验证(2)