thinkphp整合系列之极验滑动验证码geetest功能

时间:2022-11-21 22:49:48

给一个央企做官网,登录模块用的thinkphp验证码类。但是2019-6-10到12号,国家要求央企检验官网漏洞,防止黑客攻击,正直贸易战激烈升级时期,所以各事业单位很重视官网安全性,于是乎集团总部就委托了宁波一个专业检测公司用专业工具检测出,后台验证码能用打码工具暴力破解,发函要求整改。so,就有了下面的极速验证图形

thinkphp整合系列之极验滑动验证码geetest功能

thinkphp整合系列之极验滑动验证码geetest功能

官网:http://www.geetest.com/

一:注册获取key

注册;创建应用;获取key;

thinkphp整合系列之极验滑动验证码geetest功能

thinkphp整合系列之极验滑动验证码geetest功能

二:导入sdk

/thinkphp/library/org/xb/geetestlip.class.php(此处geetestlip.class.php是我重新命名的geetest类文件,原名为class.geetestlib.php)

thinkphp整合系列之极验滑动验证码geetest功能

此处牵扯到thinkphp引入第三方类,我把第三方类放到org/util/xb下面了,同时对该类文件加入命名空间如下,否则实例化类时找不到文件

thinkphp整合系列之极验滑动验证码geetest功能

三:生成验证样式

admin/view/public/cdtsh_log_smfyws.php

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<!doctype html>
<html>
<head>
  <meta charset="gbk" />
  <title>网站管理系统后台</title>
  <script language="javascript" type="text/javascript" src="__js__/jquery.js"></script>
  <link rel="stylesheet" href="__css__/jquery.validator.css">
  <script type="text/javascript" src="__js__/jquery.validator.js"></script>
  <script type="text/javascript" src="__js__/zh_cn.js"></script>
  <link href="__css__/admin_login.css?v20130227" rel="stylesheet" />
  <script>
    $(document).ready(function(){
      var verifyimg = $(".verifyimg").attr("src");
      $(".reloadverify").click(function(){
        if( verifyimg.indexof('?')>0){
          $(".verifyimg").attr("src", verifyimg+'&random='+math.random());
        }else{
          $(".verifyimg").attr("src", verifyimg.replace(/?.*$/,'')+'?'+math.random());
        }
      });
    });
  </script>
</head>
<body>
<div class="wrap">
  <h1><a href="javascript:;" style="height: 116px; width: 250px;">后台管理中心</a></h1>
  <form method="post" action="{:u('admin/public/cdtsh_log_smfyws')}">
    <div class="login">
      <ul>
        <li>
          <input class="input" id="username" name="username"type="text" title="用户名" data-rule="required;username" placeholder="用户名" />
          <span class="msg-box n-right" style="position:absolute; left: 248px; top: 12px; " for="username"></span>
        </li>
        <li>
          <input class="input" name="password" type="password" title="密码" data-rule="required;password" placeholder="密码"/>
          <span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="password"></span>
        </li>
        <li>
          <input class="input" id="verify" name="verify" type="text" style="width:130px;" title="密码" data-ok=" " placeholder="验证码" data-tip="输入验证码!" title="验证码" data-rule="required;text;remote[{:u('admin/public/check_verify')}]" />
          <div class="yanzhengma_box" id="verifyshow">  <img class="verifyimg reloadverify" style=" cursor: pointer;" align="right" src="{:u('public/verify')}" title="点击刷新"> </div>
          <span class="msg-box n-right" style="position:absolute;left: 248px; top: 12px;" for="verify"></span>
        </li>
      </ul>
      <ul>
          <!--<input type="button" value="异步验证登录" onclick="check_verify()">-->
          <!--<input type="submit" value="post提交登录">-->
          <div id="captcha"></div>
      </ul>
      <button type="submit" class="btn" id="subbtn">登录</button>
    </div>
  </form>
</div>
<script src="http://static.geetest.com/static/tools/gt.js"></script>
<script>
  var handler = function (captchaobj) {
    // 将验证码加到id为captcha的元素里
    captchaobj.appendto("#captcha");
   };
  // 获取验证码
  $.get("{:u('admin/public/verifys')}", function(data) {
    // 使用initgeetest接口
    // 参数1:配置参数,与创建geetest实例时接受的参数一致
    // 参数2:回调,回调的第一个参数验证码对象,之后可以使用它做appendto之类的事件
    initgeetest({
      gt: data.gt,
      challenge: data.challenge,
      product: "float", // 产品形式
      offline: !data.success,
      new_captcha:'true',
      width:'260px',
    }, handler);
  },'json');
</script>
</body>
</html>

四:验证函数

/application/common/common/function.php

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
/**
 * geetest检测验证码
 */
function geetest_chcek_verify($data){
  $geetest_id = "7149e2021d7938157e";
  $geetest_key = "62b92039e1e9cf9455";
  $geetest=new orgutilgeetestlib($geetest_id,$geetest_key);
  $user_id=$_session['geetest']['user_id'];
  $ip_address=$_session['geetest']['ip_address'];
  $dataa = array(
    "user_id" => $user_id, # 网站用户id
    "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生sdk植入app应用的方式
    "ip_address" => $ip_address, # 请在此处传输用户请求验证时所携带的ip
  );
  if ($_session['geetest']['gtserver']==1){
    $result=$geetest->success_validate($data['geetest_challenge'], $data['geetest_validate'], $data['geetest_seccode'], $dataa);
    //return $result;
    if ($result) {
      //return 11;
      return true;
    } else{
      //return 22;
      return false;
    }
  }else{
    if ($geetest->fail_validate($data['geetest_challenge'],$data['geetest_validate'],$data['geetest_seccode'])) {
      //return 33;
      return true; 
    }else{
      //return 44;
      return false;
    }
  }
}
//获取id地址
function getip() {
  if (!empty($_server["http_client_ip"])) {
    $cip = $_server["http_client_ip"];
  } elseif (!empty($_server["http_x_forwarded_for"])) {
    $cip = $_server["http_x_forwarded_for"];
  } elseif (!empty($_server["remote_addr"])) {
    $cip = $_server["remote_addr"];
  } else {
    $cip = "无法获取!";
  }
  return $cip;
}

五:php 生成验证码 并 验证

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
//极速验证
  public function verifys(){
    //require_once dirname(dirname(dirname(__file__))) . '/lib/class.geetestlib.php';
    //require_once dirname(dirname(__file__)) . '/config/config.php';
    // $gtsdk = new geetestlib(captcha_id, private_key);
    $geetest_id = "7149e2021d7938157e9";
    $geetest_key = "62b92039e1e9cf";
    $geetest=new orgutilgeetestlib($geetest_id,$geetest_key);
    //dump($geetest);die;
    $user_id = "test";
    $data = array(
      "user_id" => $user_id, # 网站用户id
      "client_type" => "web", #web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生sdk植入app应用的方式
      "ip_address" => getip(), # 请在此处传输用户请求验证时所携带的ip
    );
    $status = $geetest->pre_process($data,1);
    //dump($status);
    $_session['geetest']=array(
      'gtserver'=>$status,
      'user_id'=>$user_id,
      'ip_address'=>getip(),
      );
    echo $geetest->get_response_str();
  }
 public function cdtsh_log_smfyws() {
    if ($_session['userid']) {
      $this->redirect('admin/index/index');
    } else {
      if (is_post) {
        $username = $_post['username'];
        $password = $_post['password'];
        //$geetest_challenge = $_post['geetest_challenge'];
        //$geetest_validate = $_post['geetest_validate'];
        //$geetest_seccode = $_post['geetest_seccode'];
        $data=i('post.');
        if($data['geetest_challenge']=="" || $data['geetest_validate']=="" ||$data['geetest_seccode']=="" ){
          $this->error('请进行图形验证');
        }else{
          //dump(geetest_chcek_verify($data));
          if (geetest_chcek_verify($data)){
            //echo '验证成功';
            if ($this->loginadmin($username, $password)) {
              $data = m("user")->where("username='".$username."' and password='".md5($password)."'")->find();
              if ($data["status"] != 1) {
                //判断是否禁用
                $this->recordloginadmin($_post['username'], $_post['password'], 0, "账号禁用"); //记录登录日志
                $this->error('该帐号禁用');
              } else {
                $save["lastlogin_time"] = time();
                $save["lastlogin_ip"] = get_client_ip();
                $save["login_num"] = $data["login_num"] + 1;
                $status = m("user")->where(array("id" => $data['id']))->save($save);
                $_session['userid'] = $data['id'];
                $_session['user'] = $data['username'];
                $_session['rid'] = $data['a_id'];
                $this->recordloginadmin($_post['username'], $_post['password'], 1); //记录登录日志
                $this->redirect('admin/index/index');
                //$this->success('登录成功',u('admin/index/index'));
              }
            } else {
              $this->recordloginadmin($_post['username'], $_post['password'], 0, "账号密码错误"); //记录登录日志
              $this->error('登录失败');
            }
          }else{
            //echo '图形验证失败';
            $this->error('图形验证失败');
          }
        }
      } else {
        $this->display();
      }
    }
  }

到这里就结束了

总结

以上所述是小编给大家介绍的thinkphp整合系列之极验滑动验证码geetest功能,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对服务器之家网站的支持!

如果你觉得本文对你有帮助,欢迎转载,烦请注明出处,谢谢!

原文链接:https://www.cnblogs.com/zmdComeOn/archive/2019/06/18/11043037.html