thinkphp整合系列之极验滑动验证码geetest功能

2020-10-29 10:12:09 浏览数 (1)

给一个央企做官网,登录模块用的thinkphp验证码类。但是2019-6-10到12号,国家要求央企检验官网漏洞,防止黑客攻击,正直贸易战激烈升级时期,所以各事业单位很重视官网安全性,于是乎集团总部就委托了宁波一个专业检测公司用专业工具检测出,后台验证码能用打码工具暴力破解,发函要求整改。so,就有了下面的极速验证图形

官网:http://www.geetest.com/

一:注册获取key

注册;创建应用;获取key;

二:导入sdk

/ThinkPHP/Library/Org/Xb/GeetestLip.class.php(此处GeetestLip.class.php是我重新命名的geetest类文件,原名为class.geetestlib.php)

此处牵扯到thinkphp引入第三方类,我把第三方类放到Org/Util/Xb下面了,同时对该类文件加入命名空间如下,否则实例化类时找不到文件

三:生成验证样式

admin/view/public/cdtsh_log_smfyws.php

代码语言:javascript复制
<!doctype html 
<html 
<head 
<meta charset="GBK" / 
<title 网站管理系统后台</title 
<script language="javascript" type="text/javascript" src="__JS__/jquery.js" </script 
<link rel="stylesheet" href="__CSS__/jquery.validator.css" 
<script type="text/javascript" src="__JS__/jquery.validator.js" </script 
<script type="text/javascript" src="__JS__/zh_CN.js" </script 
<link href="__CSS__/admin_login.css?v20130227" rel="stylesheet" / 
<script 
$(document).ready(function(){
var verifyimg = $(".verifyimg").attr("src");
$(".reloadverify").click(function(){
if( verifyimg.indexOf('?') 0){
$(".verifyimg").attr("src", verifyimg '&random=' Math.random());
}else{
$(".verifyimg").attr("src", verifyimg.replace(/?.*$/,'') '?' Math.random());
}
});
});
</script 
</head 
<body 
<div class="wrap" 
<h1 <a href="javascript:;" style="height: 116px; width: 250px;" 后台管理中心</a </h1 
<form method="post" action="{:U('Admin/Public/cdtsh_log_smfyws')}" 
<div class="login" 
<ul 
<li 
<input class="input" id="username" name="username"type="text" title="用户名" data-rule="required;username" placeholder="用户名" / 
<span class="msg-box n-right" style="position:absolute; left: 248px; top: 12px; " for="username" </span 
</li 
<li 
<input class="input" name="password" type="password" title="密码" data-rule="required;password" placeholder="密码"/ 
<span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="password" </span 
</li 
<li 
<input class="input" id="verify" name="verify" type="text" style="width:130px;" title="密码" data-ok=" " placeholder="验证码" data-tip="输入验证码!" title="验证码" data-rule="required;text;remote[{:U('Admin/Public/check_verify')}]" / 
<div class="yanzhengma_box" id="verifyshow"   <img class="verifyimg reloadverify" style=" cursor: pointer;" align="right" src="{:U('public/verify')}" title="点击刷新"  </div 
<span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="verify" </span 
</li 
</ul 
<ul 
<!--<input type="button" value="异步验证登录" onclick="check_verify()" -- 
<!--<input type="submit" value="post提交登录" -- 
<div id="captcha" </div 
</ul 
<button type="submit" class="btn" id="subbtn" 登录</button 
</div 
</form 
</div 
<script src="http://static.geetest.com/static/tools/gt.js" </script 
<script 
var handler = function (captchaObj) {
// 将验证码加到id为captcha的元素里
captchaObj.appendTo("#captcha");
};
// 获取验证码
$.get("{:U('Admin/Public/verifys')}", function(data) {
// 使用initGeetest接口
// 参数1:配置参数,与创建Geetest实例时接受的参数一致
// 参数2:回调,回调的第一个参数验证码对象,之后可以使用它做appendTo之类的事件
initGeetest({
gt: data.gt,
challenge: data.challenge,
product: "float", // 产品形式
offline: !data.success,
new_captcha:'true',
width:'260px',
}, handler);
},'json');
</script 
</body 
</html 

四:验证函数

/Application/Common/Common/function.php

代码语言:javascript复制
/**
* geetest检测验证码
*/
function geetest_chcek_verify($data){
$geetest_id = "7149e2021d7938157e";
$geetest_key = "62b92039e1e9cf9455";
$geetest=new OrgUtilXbGeetestLib($geetest_id,$geetest_key);
$user_id=$_SESSION['geetest']['user_id'];
$ip_address=$_SESSION['geetest']['ip_address'];
$dataa = array(
"user_id" =  $user_id, # 网站用户id
"client_type" =  "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生SDK植入APP应用的方式
"ip_address" =  $ip_address, # 请在此处传输用户请求验证时所携带的IP
);
if ($_SESSION['geetest']['gtserver']==1){
$result=$geetest- success_validate($data['geetest_challenge'], $data['geetest_validate'], $data['geetest_seccode'], $dataa);
//return $result;
if ($result) {
//return 11;
return true;
} else{
//return 22;
return false;
}
}else{
if ($geetest- fail_validate($data['geetest_challenge'],$data['geetest_validate'],$data['geetest_seccode'])) {
//return 33;
return true;  
}else{
//return 44;
return false;
}
}
}
//获取id地址
function GetIP() {
if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
$cip = $_SERVER["HTTP_CLIENT_IP"];
} elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} elseif (!empty($_SERVER["REMOTE_ADDR"])) {
$cip = $_SERVER["REMOTE_ADDR"];
} else {
$cip = "无法获取!";
}
return $cip;
}

五:php 生成验证码 并 验证

代码语言:javascript复制
//极速验证
public function verifys(){
//require_once dirname(dirname(dirname(__FILE__))) . '/lib/class.geetestlib.php';
//require_once dirname(dirname(__FILE__)) . '/config/config.php';
// $GtSdk = new GeetestLib(CAPTCHA_ID, PRIVATE_KEY);
$geetest_id = "7149e2021d7938157e9";
$geetest_key = "62b92039e1e9cf";
$geetest=new OrgUtilXbGeetestLib($geetest_id,$geetest_key);
//dump($geetest);die;
$user_id = "test";
$data = array(
"user_id" =  $user_id, # 网站用户id
"client_type" =  "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生SDK植入APP应用的方式
"ip_address" =  GetIP(), # 请在此处传输用户请求验证时所携带的IP
);
$status = $geetest- pre_process($data,1);
//dump($status);
$_SESSION['geetest']=array(
'gtserver'= $status,
'user_id'= $user_id,
'ip_address'= GetIP(),
);
echo $geetest- get_response_str();
}
public function cdtsh_log_smfyws() {
if ($_SESSION['userid']) {
$this- redirect('Admin/Index/Index');
} else {
if (IS_POST) {
$username = $_POST['username'];
$password = $_POST['password'];
//$geetest_challenge = $_POST['geetest_challenge'];
//$geetest_validate = $_POST['geetest_validate'];
//$geetest_seccode = $_POST['geetest_seccode'];
$data=I('post.');
if($data['geetest_challenge']=="" || $data['geetest_validate']=="" ||$data['geetest_seccode']=="" ){
$this- error('请进行图形验证');
}else{
//dump(geetest_chcek_verify($data));
if (geetest_chcek_verify($data)){
//echo '验证成功';
if ($this- loginAdmin($username, $password)) {
$data = M("User")- where("username='".$username."' and password='".md5($password)."'")- find();
if ($data["status"] != 1) {
//判断是否禁用
$this- recordLoginAdmin($_POST['username'], $_POST['password'], 0, "账号禁用"); //记录登录日志
$this- error('该帐号禁用');
} else {
$save["lastlogin_time"] = time();
$save["lastlogin_ip"] = get_client_ip();
$save["login_num"] = $data["login_num"]   1;
$status = M("user")- where(array("id" =  $data['id']))- save($save);
$_SESSION['userid'] = $data['id'];
$_SESSION['user'] = $data['username'];
$_SESSION['rid'] = $data['a_Id'];
$this- recordLoginAdmin($_POST['username'], $_POST['password'], 1); //记录登录日志
$this- redirect('Admin/Index/Index');
//$this- success('登录成功',U('Admin/Index/Index'));
}
} else {
$this- recordLoginAdmin($_POST['username'], $_POST['password'], 0, "账号密码错误"); //记录登录日志
$this- error('登录失败');
}
}else{
//echo '图形验证失败';
$this- error('图形验证失败');
}
}
} else {
$this- display();
}
}
}

到这里就结束了

总结

以上所述是小编给大家介绍的thinkphp整合系列之极验滑动验证码geetest功能,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对ZaLou.Cn网站的支持! 如果你觉得本文对你有帮助,欢迎转载,烦请注明出处,谢谢!

0 人点赞