给一个央企做官网,登录模块用的thinkphp验证码类。但是2019-6-10到12号,国家要求央企检验官网漏洞,防止黑客攻击,正直贸易战激烈升级时期,所以各事业单位很重视官网安全性,于是乎集团总部就委托了宁波一个专业检测公司用专业工具检测出,后台验证码能用打码工具暴力破解,发函要求整改。so,就有了下面的极速验证图形
官网:http://www.geetest.com/
一:注册获取key
注册;创建应用;获取key;
二:导入sdk
/thinkphp/library/org/xb/geetestlip.class.php(此处geetestlip.class.php是我重新命名的geetest类文件,原名为class.geetestlib.php)
此处牵扯到thinkphp引入第三方类,我把第三方类放到org/util/xb下面了,同时对该类文件加入命名空间如下,否则实例化类时找不到文件
三:生成验证样式
admin/view/public/cdtsh_log_smfyws.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
<!doctype html> <html> <head> <meta charset= "gbk" /> <title>网站管理系统后台</title> <script language= "javascript" type= "text/javascript" src= "__js__/jquery.js" ></script> <link rel= "stylesheet" href= "__css__/jquery.validator.css" > <script type= "text/javascript" src= "__js__/jquery.validator.js" ></script> <script type= "text/javascript" src= "__js__/zh_cn.js" ></script> <link href= "__css__/admin_login.css?v20130227" rel= "stylesheet" /> <script> $(document).ready( function (){ var verifyimg = $( ".verifyimg" ).attr( "src" ); $( ".reloadverify" ).click( function (){ if ( verifyimg.indexof( '?' )>0){ $( ".verifyimg" ).attr( "src" , verifyimg+ '&random=' +math.random()); } else { $( ".verifyimg" ).attr( "src" , verifyimg.replace(/?.*$/, '' )+ '?' +math.random()); } }); }); </script> </head> <body> <div class = "wrap" > <h1><a href= "javascript:;" style= "height: 116px; width: 250px;" >后台管理中心</a></h1> <form method= "post" action= "{:u('admin/public/cdtsh_log_smfyws')}" > <div class = "login" > <ul> <li> <input class = "input" id= "username" name= "username" type= "text" title= "用户名" data-rule= "required;username" placeholder= "用户名" /> <span class = "msg-box n-right" style= "position:absolute; left: 248px; top: 12px; " for = "username" ></span> </li> <li> <input class = "input" name= "password" type= "password" title= "密码" data-rule= "required;password" placeholder= "密码" /> <span class = "msg-box n-right" style= "position:absolute;left: 248px; top: 12px;" for = "password" ></span> </li> <li> <input class = "input" id= "verify" name= "verify" type= "text" style= "width:130px;" title= "密码" data-ok= " " placeholder= "验证码" data-tip= "输入验证码!" title= "验证码" data-rule= "required;text;remote[{:u('admin/public/check_verify')}]" /> <div class = "yanzhengma_box" id= "verifyshow" > <img class = "verifyimg reloadverify" style= " cursor: pointer;" align= "right" src= "{:u('public/verify')}" title= "点击刷新" > </div> <span class = "msg-box n-right" style= "position:absolute;left: 248px; top: 12px;" for = "verify" ></span> </li> </ul> <ul> <!--<input type= "button" value= "异步验证登录" onclick= "check_verify()" >--> <!--<input type= "submit" value= "post提交登录" >--> <div id= "captcha" ></div> </ul> <button type= "submit" class = "btn" id= "subbtn" >登录</button> </div> </form> </div> <script src= "http://static.geetest.com/static/tools/gt.js" ></script> <script> var handler = function (captchaobj) { // 将验证码加到id为captcha的元素里 captchaobj.appendto( "#captcha" ); }; // 获取验证码 $.get( "{:u('admin/public/verifys')}" , function (data) { // 使用initgeetest接口 // 参数1:配置参数,与创建geetest实例时接受的参数一致 // 参数2:回调,回调的第一个参数验证码对象,之后可以使用它做appendto之类的事件 initgeetest({ gt: data.gt, challenge: data.challenge, product: "float" , // 产品形式 offline: !data.success, new_captcha: 'true' , width: '260px' , }, handler); }, 'json' ); </script> </body> </html> |
四:验证函数
/application/common/common/function.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
/** * geetest检测验证码 */ function geetest_chcek_verify( $data ){ $geetest_id = "7149e2021d7938157e" ; $geetest_key = "62b92039e1e9cf9455" ; $geetest = new orgutilgeetestlib( $geetest_id , $geetest_key ); $user_id = $_session [ 'geetest' ][ 'user_id' ]; $ip_address = $_session [ 'geetest' ][ 'ip_address' ]; $dataa = array ( "user_id" => $user_id , # 网站用户id "client_type" => "web" , #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生sdk植入app应用的方式 "ip_address" => $ip_address , # 请在此处传输用户请求验证时所携带的ip ); if ( $_session [ 'geetest' ][ 'gtserver' ]==1){ $result = $geetest ->success_validate( $data [ 'geetest_challenge' ], $data [ 'geetest_validate' ], $data [ 'geetest_seccode' ], $dataa ); //return $result; if ( $result ) { //return 11; return true; } else { //return 22; return false; } } else { if ( $geetest ->fail_validate( $data [ 'geetest_challenge' ], $data [ 'geetest_validate' ], $data [ 'geetest_seccode' ])) { //return 33; return true; } else { //return 44; return false; } } } //获取id地址 function getip() { if (! empty ( $_server [ "http_client_ip" ])) { $cip = $_server [ "http_client_ip" ]; } elseif (! empty ( $_server [ "http_x_forwarded_for" ])) { $cip = $_server [ "http_x_forwarded_for" ]; } elseif (! empty ( $_server [ "remote_addr" ])) { $cip = $_server [ "remote_addr" ]; } else { $cip = "无法获取!" ; } return $cip ; } |
五:php 生成验证码 并 验证
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
//极速验证 public function verifys(){ //require_once dirname(dirname(dirname(__file__))) . '/lib/class.geetestlib.php'; //require_once dirname(dirname(__file__)) . '/config/config.php'; // $gtsdk = new geetestlib(captcha_id, private_key); $geetest_id = "7149e2021d7938157e9" ; $geetest_key = "62b92039e1e9cf" ; $geetest = new orgutilgeetestlib( $geetest_id , $geetest_key ); //dump($geetest);die; $user_id = "test" ; $data = array ( "user_id" => $user_id , # 网站用户id "client_type" => "web" , #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生sdk植入app应用的方式 "ip_address" => getip(), # 请在此处传输用户请求验证时所携带的ip ); $status = $geetest ->pre_process( $data ,1); //dump($status); $_session [ 'geetest' ]= array ( 'gtserver' => $status , 'user_id' => $user_id , 'ip_address' =>getip(), ); echo $geetest ->get_response_str(); } public function cdtsh_log_smfyws() { if ( $_session [ 'userid' ]) { $this ->redirect( 'admin/index/index' ); } else { if (is_post) { $username = $_post [ 'username' ]; $password = $_post [ 'password' ]; //$geetest_challenge = $_post['geetest_challenge']; //$geetest_validate = $_post['geetest_validate']; //$geetest_seccode = $_post['geetest_seccode']; $data =i( 'post.' ); if ( $data [ 'geetest_challenge' ]== "" || $data [ 'geetest_validate' ]== "" || $data [ 'geetest_seccode' ]== "" ){ $this ->error( '请进行图形验证' ); } else { //dump(geetest_chcek_verify($data)); if (geetest_chcek_verify( $data )){ //echo '验证成功'; if ( $this ->loginadmin( $username , $password )) { $data = m( "user" )->where( "username='" . $username . "' and password='" .md5( $password ). "'" )->find(); if ( $data [ "status" ] != 1) { //判断是否禁用 $this ->recordloginadmin( $_post [ 'username' ], $_post [ 'password' ], 0, "账号禁用" ); //记录登录日志 $this ->error( '该帐号禁用' ); } else { $save [ "lastlogin_time" ] = time(); $save [ "lastlogin_ip" ] = get_client_ip(); $save [ "login_num" ] = $data [ "login_num" ] + 1; $status = m( "user" )->where( array ( "id" => $data [ 'id' ]))->save( $save ); $_session [ 'userid' ] = $data [ 'id' ]; $_session [ 'user' ] = $data [ 'username' ]; $_session [ 'rid' ] = $data [ 'a_id' ]; $this ->recordloginadmin( $_post [ 'username' ], $_post [ 'password' ], 1); //记录登录日志 $this ->redirect( 'admin/index/index' ); //$this->success('登录成功',u('admin/index/index')); } } else { $this ->recordloginadmin( $_post [ 'username' ], $_post [ 'password' ], 0, "账号密码错误" ); //记录登录日志 $this ->error( '登录失败' ); } } else { //echo '图形验证失败'; $this ->error( '图形验证失败' ); } } } else { $this ->display(); } } } |
到这里就结束了
总结
以上所述是小编给大家介绍的thinkphp整合系列之极验滑动验证码geetest功能,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对服务器之家网站的支持!
如果你觉得本文对你有帮助,欢迎转载,烦请注明出处,谢谢!原文链接:https://www.cnblogs.com/zmdComeOn/archive/2019/06/18/11043037.html