给一个央企做官网,登录模块用的thinkphp验证码类。但是2019-6-10到12号,国家要求央企检验官网漏洞,防止黑客攻击,正直贸易战激烈升级时期,所以各事业单位很重视官网安全性,于是乎集团总部就委托了宁波一个专业检测板桥体公司用专业工具检测出,后台验证码能用打码工具暴力破解,发函要求整改。so,就有了下面的极速验证图形
官网:
一:注册获取key
注册;创建应用;获取key;
二:导入sdk
/thinkphp/library/org/xb/geetestlip.class.php(此处geetestlip.class.php是我重新命名的geetest类文件,原名为class.geetestlib.php)
此处牵扯到thinkphp引入第三方类,我把第三方类放到org/util/xb下面了,同时对该类文件加入命名空间如下,否则实例化类时找不到文件
三:生成验证样式
admin/view/public/cdtsh_log_smfyws.php
<!doctype html><html><head> <meta chart="gbk" /> <title>网站管理系统后台</title> <script language="javascript" type="text/javascript" src="__js__/jquery.js"></script> <link rel="stylesheet" href="__css__/jquery.validator.css"> <script type="text/javascript" src="__js__/jquery.validator.js"></script> <script type="text/javascript" src="__js__/zh_cn.js"></script> <link href="__css__/admin_login.css?v20130227" rel="stylesheet" /> <script> $(document).ready(function(){ var verifyimg = $(".verifyimg").attr("src"); $(".reloadverify").click(function(){ if( verifyimg.indexof('?')>0){ $(".verifyimg").attr("src", verifyimg+'&random='+math.random()); }el{ $(".verifyimg").attr("src", verifyimg.replace(/\?.*$/,'')+'?'+math.random()); } }); }); </script></head><body><div class="wrap"> <h1><a href="javascript:;" style="height: 116px; width: 250px;">后台管理中心</a></h1> <form method="post" action="{:u('admin/public/cdtsh_log_smfyws')}"> <div class="login"> <ul> <li> <input class="input" id="urname" name="urname"type="text" title="用户名" data-rule="required;urname" placeholder="用户名" /> <span class="msg-box n-right" style="position:absolute; left: 248px; top: 12px; " for="urname"></span> </li> <li> <input class="input" name="password" type="password" title="密码" data-rule="required;password" placeholder="密码"/> <span class="msg-box n-right" style="position:absolutnuxe眼霜e;left: 248px; top: 12px;" for="password"></span> </li> <li> <input class="input" id="verify" name="verify" type="text" style="width:130px;" title="密码" data-ok=" " placeholder="验证码" data-tip="输入验证码!" title="验证码" data-rule="required;text;remote[{:u('admin/public/check_verify')}]" /> <div class="yanzhengma_box" id="verifyshow"> <img class="verifyimg reloadverify" style=" cursor: pointer;" align="right" src="{:u('public/verify')}" title="点击刷新"> </div> <span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="verify"></span> </li> </ul> <ul> <!--<input type="button" value="异步验证登录" onclick="check_verify()">--> <!--<input type="submit" value="post提交登录">--> <div id="captcha"></div> </ul> <button type="submit" class="btn" id="subbtn">登录</button> </div> </form></div><script src="http://static.geetest.com/static/tools/gt.js"></script><script> var handler = function (captchaobj) { // 将验证码加到id为captcha的元素里 captchaobj.appendto("#captcha"); }; // 获取验证码 $.get("{:u('admin/public/verifys')}", function(data) { // 使用initgeetest接口 // 参数1:配置参数,与创建geetest实例时接受的参数一致 // 参数2:回调,回调的第一个参数验证码对象,之后可以使用它做appendto之类的事件 initgeetest({ gt: data.gt, challenge: data.challenge, product: "float", // 产品形式 offline: !data.success, new_captcha:'true', width:'260px', }, handler); },'json'); </script></body></html>
四:验证函数
/application/common/common/function.php
/** * geetest检测验证码 */function geetest_chcek_verify($data){ $geetest_id = "7149e2021d7938157e"; $geetest_key = "62b92039e1e9cf9455"; $geetest=new \org\util\xb\geetestlib($geetest_id,$geetest_key); $ur_id=$_ssion['geetest']['ur_id']; $ip_address=$_ssion['geetest']['ip_address']; $dataa = array( "ur_id" => $ur_id, # 网站用户id "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生sdk植入app应用的方式 "ip_address" => $ip_address, # 请在此处传输用户请求验证时所携带的ip ); if ($_ssion['geetest']['gtrver']==1){ $result=$geetest->success_validate($data['geetest_challenge'], $data['geetest_validate'], $data['geetest_ccode'], $dataa); //return $result; if ($result) { //return 11; 中国十大旅游景点return true; } el{ //return 22; return fal; } }el{ if ($geetest->fail_validate($data['geetest_challenge'],$data['geetest_validate'],$data['geetest_ccode'])) { //return 33; return true; }el{ //return 44; return fal; } }}//获取id地址function getip() { if (!empty($_rver["http_client_ip"])) { $cip = $_rver["http_client_ip"]; } elif (!empty($_rver["http_x_forwarded_for"])) { $cip = $_rver["http_x_forwarded_for"]; } elif (!empty($_rver["remote_addr"])) { $cip = $_rver["remote_addr"]; } el { $cip = "无法获取!"; } return $cip;}
五:php 生成验证码 并 验证
//极速验证 public function verifys(){ //require_once dirname(dirname(dirname(__file__))) . '/lib/class.geetestlib.php'; //require_once dirname(dirname(__file__)) . '/config/config.php'; // $gtsdk = new geetestlib(captcha_id, private_key); $geetest_id = "7149e2021d7938157e9"; $geetest_key = "62b92039e1e9cf"; $geetest=new \org\util\xb\geetestlib($geetest_id,$geet浙江普通高中选课系统est_key); //dump($geetest);die; $ur_id = "test"; $data = array( "ur_id" => $ur_id, # 网站用户id "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生sdk植入app应用的方式 "ip_address" => getip(), # 请在此处传输用户请求验证时所携带的ip ); $status = $geetest->pre_process($data,1); //dump($status); $_ssion['geetest']=array( 'gtrver'=>$status, 'ur_id'=>$ur_id, 'ip_address'=>getip(), ); echo $geetest->get_respon_str(); } public function cdtsh_log_smfyws() { if ($_ssion['urid']) { $this->redirect('admin/index/index'); } el { if (is_post) { $urname = $_post['urname']; $password = $_post['password']; //$geetest_challenge = $_post['geetest_challenge']; //$geetest_validate = $_post['geetest_validate']; //$geetest_ccode = $_post['geetest_ccode']; $data=i('post.'); if($data['geetest_challenge']=="" || $data['geetest_validate']=="" ||$data['geetest_ccode']=="" ){ $this->error('请进行图形验证'); }el{ //dump(geetest_chcek_verify($data)); if (geetest_chcek_verify($data)){ //echo '验证成功'; if ($this->loginadmin($urname, $password)) { $data = m("ur")->where("urname='".$urname."' and password='".md5($password)."'")->find(); if ($data["status"] != 1) { //判断是否禁用 $this->recordloginadmin($_post['urname'], $_post['password'], 0, "账号禁用"); //记录登录日志 $this->error('该帐号禁用'); } el { $save["lastlogin_time"] = time(); $save["lastlogin_ip"] = get_client_ip(); $save["login_num"] = $data["login_num"] + 1; $status = m("ur")->where(array("id" => $data['id']))->save($save); $_ssion['urid'] = $data['id']; $_ssion['ur'] = $data['urname']; $_ssion['rid'] = $data['a_id']; $this->recordloginadmin($_post['urname'], $_post['password'], 1); //记录登录日志 $this->redirect('admin/index/index'); //$this->success('登录成功',u('admin/index/index')); } } el { $this->recordloginadmin($_post['urname'], $_post['password'], 0, "账号密码错误"); //记录登录日志 $this->error('登录失败'); } }el{ //echo '图形验证失败'; $this->error('图形验证失败'); } } } el { $this->display(); 数字表示 } } }
到这里就结束了
本文发布于:2023-04-07 05:36:06,感谢您对本站的认可!
本文链接:https://www.wtabcd.cn/fanwen/zuowen/59411154064ca08c28c0402c8ce3f728.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文word下载地址:thinkphp整合系列之极验滑动验证码geetest.doc
本文 PDF 下载地址:thinkphp整合系列之极验滑动验证码geetest.pdf
留言与评论(共有 0 条评论) |