thinkphp整合系列之极验滑动验证码geetest

其他 2019-06-18 01:31:29 阅读次数: 0

给一个央企做官网,登录模块用的thinkphp验证码类。但是2019-6-10到12号,国家要求央企检验官网漏洞,防止黑客攻击,正直贸易战激烈升级时期,所以各事业单位很重视官网安全性,于是乎集团总部就委托了宁波一个专业检测公司用专业工具检测出,后台验证码能用打码工具暴力破解,发函要求整改。so,就有了下面的极速验证图形

官网:http://www.geetest.com/

一:注册获取key
注册;创建应用;获取key;

二:导入sdk
/ThinkPHP/Library/Org/Xb/GeetestLip.class.php(此处GeetestLip.class.php是我重新命名的geetest类文件,原名为class.geetestlib.php)

此处牵扯到thinkphp引入第三方类,我把第三方类放到Org/Util/Xb下面了,同时对该类文件加入命名空间如下,否则实例化类时找不到文件

扫描二维码关注公众号,回复: 6536848 查看本文章

三:生成验证样式 

admin/view/public/cdtsh_log_smfyws.php

<!doctype html>
<html>
<head>
    <meta charset="GBK" />
    <title>网站管理系统后台</title>
    <script language="javascript" type="text/javascript" src="__JS__/jquery.js"></script>
    <link rel="stylesheet" href="__CSS__/jquery.validator.css">
    <script type="text/javascript" src="__JS__/jquery.validator.js"></script>
    <script type="text/javascript" src="__JS__/zh_CN.js"></script>
    <link href="__CSS__/admin_login.css?v20130227" rel="stylesheet" />
    <script>
        $(document).ready(function(){
            var verifyimg = $(".verifyimg").attr("src");
            $(".reloadverify").click(function(){
                if( verifyimg.indexOf('?')>0){
                    $(".verifyimg").attr("src", verifyimg+'&random='+Math.random());
                }else{
                    $(".verifyimg").attr("src", verifyimg.replace(/\?.*$/,'')+'?'+Math.random());
                }
            });
        });

    </script>

</head>

<body>

<div class="wrap">

    <h1><a href="javascript:;" style="height: 116px; width: 250px;">后台管理中心</a></h1>

    <form method="post"  action="{:U('Admin/Public/cdtsh_log_smfyws')}">

        <div class="login">

            <ul>

                <li>

                    <input class="input"  id="username" name="username"type="text"  title="用户名" data-rule="required;username"  placeholder="用户名" />

                    <span class="msg-box n-right" style="position:absolute; left: 248px; top: 12px; " for="username"></span>

                </li>

                <li>

                    <input class="input"  name="password" type="password"  title="密码"  data-rule="required;password" placeholder="密码"/>

                    <span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="password"></span>

                </li>

                <li>

                    <input class="input" id="verify" name="verify" type="text" style="width:130px;"  title="密码" data-ok=" " placeholder="验证码" data-tip="输入验证码!" title="验证码" data-rule="required;text;remote[{:U('Admin/Public/check_verify')}]" />

                    <div class="yanzhengma_box" id="verifyshow">   <img class="verifyimg reloadverify" style=" cursor: pointer;" align="right"  src="{:U('public/verify')}" title="点击刷新"> </div>

                    <span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="verify"></span>

                </li>

            </ul>
            <ul>
                
                    <!--<input type="button" value="异步验证登录" onclick="check_verify()">-->
                    <!--<input type="submit" value="post提交登录">-->
                    <div id="captcha"></div>
                
            </ul>

            <button type="submit" class="btn" id="subbtn">登录</button>



        </div>

    </form>

</div>

<script src="http://static.geetest.com/static/tools/gt.js"></script>
<script>
    var handler = function (captchaObj) {
        // 将验证码加到id为captcha的元素里
        captchaObj.appendTo("#captcha");
     };
    // 获取验证码
    $.get("{:U('Admin/Public/verifys')}", function(data) {
        // 使用initGeetest接口
        // 参数1:配置参数,与创建Geetest实例时接受的参数一致
        // 参数2:回调,回调的第一个参数验证码对象,之后可以使用它做appendTo之类的事件
        initGeetest({
            gt: data.gt,
            challenge: data.challenge,
            product: "float", // 产品形式
            offline: !data.success,
            new_captcha:'true',
            width:'260px',
        }, handler);
    },'json');
   
</script>

</body>

</html>

四:验证函数
/Application/Common/Common/function.php

/**
 * geetest检测验证码
 */
function geetest_chcek_verify($data){
    $geetest_id = "7149e2021d7938157e";
    $geetest_key = "62b92039e1e9cf9455";
    $geetest=new \Org\Util\Xb\GeetestLib($geetest_id,$geetest_key);
    $user_id=$_SESSION['geetest']['user_id'];
    $ip_address=$_SESSION['geetest']['ip_address'];
    $dataa = array(
        "user_id" => $user_id, # 网站用户id
        "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生SDK植入APP应用的方式
        "ip_address" => $ip_address, # 请在此处传输用户请求验证时所携带的IP
    );
    if ($_SESSION['geetest']['gtserver']==1){
        $result=$geetest->success_validate($data['geetest_challenge'], $data['geetest_validate'], $data['geetest_seccode'], $dataa);
        //return $result;
        if ($result) {
            //return 11;
            return true;
        } else{
            //return 22;
            return false;
        }
    }else{
        if ($geetest->fail_validate($data['geetest_challenge'],$data['geetest_validate'],$data['geetest_seccode'])) {
            //return 33;
            return true;    
        }else{
            //return 44;
            return false;
        }
    }
}


//获取id地址
function GetIP() {
    if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
        $cip = $_SERVER["HTTP_CLIENT_IP"];
    } elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
        $cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
    } elseif (!empty($_SERVER["REMOTE_ADDR"])) {
        $cip = $_SERVER["REMOTE_ADDR"];
    } else {
        $cip = "无法获取!";
    }
    return $cip;
}

五:php 生成验证码 并 验证

//极速验证
    public function verifys(){
        //require_once dirname(dirname(dirname(__FILE__))) . '/lib/class.geetestlib.php';
        //require_once dirname(dirname(__FILE__)) . '/config/config.php';

       // $GtSdk = new GeetestLib(CAPTCHA_ID, PRIVATE_KEY);
        $geetest_id = "7149e2021d7938157e9";
        $geetest_key = "62b92039e1e9cf";
        $geetest=new \Org\Util\Xb\GeetestLib($geetest_id,$geetest_key);
        //dump($geetest);die;
        $user_id = "test";
        $data = array(
            "user_id" => $user_id, # 网站用户id
            "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生SDK植入APP应用的方式
            "ip_address" => GetIP(), # 请在此处传输用户请求验证时所携带的IP
        );
        $status = $geetest->pre_process($data,1);
        //dump($status);
        $_SESSION['geetest']=array(
            'gtserver'=>$status,
            'user_id'=>$user_id,
            'ip_address'=>GetIP(),
            );
        echo $geetest->get_response_str();
    }
    
    
 public function cdtsh_log_smfyws() {
        if ($_SESSION['userid']) {
            $this->redirect('Admin/Index/Index');
        } else {
            if (IS_POST) {
                $username = $_POST['username'];
                $password = $_POST['password'];
                //$geetest_challenge = $_POST['geetest_challenge'];
                //$geetest_validate = $_POST['geetest_validate'];
                //$geetest_seccode = $_POST['geetest_seccode'];
                $data=I('post.');
                if($data['geetest_challenge']=="" ||  $data['geetest_validate']=="" ||$data['geetest_seccode']=="" ){
                    $this->error('请进行图形验证');
                }else{
                    //dump(geetest_chcek_verify($data));
                    if (geetest_chcek_verify($data)){
                        //echo '验证成功';
                        if ($this->loginAdmin($username, $password)) {
                            $data = M("User")->where("username='".$username."' and password='".md5($password)."'")->find();
                            if ($data["status"] != 1) {
                                //判断是否禁用
                                $this->recordLoginAdmin($_POST['username'], $_POST['password'], 0, "账号禁用"); //记录登录日志
                                $this->error('该帐号禁用');
                            } else {
                                $save["lastlogin_time"] = time();
                                $save["lastlogin_ip"] = get_client_ip();
                                $save["login_num"] = $data["login_num"] + 1;
                                $status = M("user")->where(array("id" => $data['id']))->save($save);
                                $_SESSION['userid'] = $data['id'];
                                $_SESSION['user'] = $data['username'];
                                $_SESSION['rid'] = $data['a_Id'];
                                $this->recordLoginAdmin($_POST['username'], $_POST['password'], 1); //记录登录日志

                                $this->redirect('Admin/Index/Index');
                                //$this->success('登录成功',U('Admin/Index/Index'));
                            }
                        } else {
                            $this->recordLoginAdmin($_POST['username'], $_POST['password'], 0, "账号密码错误"); //记录登录日志
                            $this->error('登录失败');
                        }
                    }else{
                        //echo '图形验证失败';
                        $this->error('图形验证失败');
                    }
                }
            } else {
                $this->display();
            }
        }
    }

到这里就结束了

猜你喜欢

转载自www.cnblogs.com/zmdComeOn/p/11043037.html
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
循环神经网络(rnn)讲解
Tigao教程四:单独的关节运动
金蝶K3WISE15.0-注册套打教程
如何在Mac上配置Kubernetes
Android应用结束自身进程的方法
SpringMVC学习 十三 拦截器栈
中国驻洛杉矶总领馆举行新春招待会
HttpClient get post 发送
11 - three.js 笔记 - 绘制三维字体模型
Mysql递归获取某个父节点下面的所有子节点和子节点上的所有父节点
每日归档
更多
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022