什么是用PHP来验证验证码的最佳方法?

时间:2020-12-05 18:24:42

What is the best way to generate random captchas to avoid the malicious robots attached?

生成随机验证码以避免附加恶意机器人的最佳方法是什么?

way 1:

方式1:

function _generateRandom( $length = 4, $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ) {
    return substr( str_shuffle( $chars ), 0, $length );
}

way 2:

方式2:

function _generateRandom($length=4)
{
    $_rand_src = array(
        array(48,57) //digits
        , array(97,122) //lowercase chars
        );
    srand ((double) microtime() * 1000000);
    $random_string = "";
    for($i=0;$i<$length;$i++){
        $i1=rand(0,sizeof($_rand_src)-1);
        $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1]));
    }
    return $random_string;
}

Or way 3...

或方式3 ......

Or not mind the random process...

或者不介意随机过程......

I still don't know how a robot can guess the generated random words so that they can still submit the post form?

我仍然不知道机器人如何猜测生成的随机单词,以便他们仍然可以提交帖子表格?

2 个解决方案

#1

0  

Well if you attach a value for CAPTCHA inside the form, the robot can read it... :)

好吧,如果你在表单中附加CAPTCHA的值,那么机器人可以读取它...... :)

Robots can also read an image and in some cases interpret the image into letters using a very common technique called Optical character recognition (OCR) That's why many CAPTCHAs are obfuscated and warped, to try and confused the OCR algorithms

机器人还可以读取图像,并且在某些情况下使用称为光学字符识别(OCR)的非常常见的技术将图像解释为字母。这就是为什么许多CAPTCHA被混淆和扭曲的原因,试图混淆OCR算法

If you want to generate random characters, here's a function of mine

如果你想生成随机字符,这是我的一个功能

# Generate random characters
# @param $l = length
# @param $s = use symbols?
# @param $a = use alphabetical?
# @param $n = use numbers?

function rand_chars($l=8,$s=1,$a=1,$n=1) {
  $string = ''; $chars = array();
  if ($s) $chars = array_merge($chars,array(
                     33,35,36,37,38,40,41,42,43,44,45,
                     46,47,58,59,60,61,62,63,64,91,93,
                     94,95,123,124,125,126
                     ));
  if ($a) $chars = array_merge($chars,array(
                     65,66,67,68,69,70,71,72,73,74,
                     75,76,77,78,79,80,81,82,83,84,
                     85,86,87,88,89,90,
                     97,98,99,100,101,102,103,104,105,106,
                     107,108,109,110,111,112,113,114,115,116,
                     117,118,119,120,121,122
                     ));
  if ($n) $chars = array_merge($chars,array(
                     48,49,50,51,52,53,54,55,56,57
                     ));
  for ($i=0;$i<$l;$i++) {shuffle($chars);$string.=chr(reset($chars));}
  return $string;
  }

#2

0  

Robots won't guess your algorithm, but will try to read what is visible. I assume you don't echo your string, if you do, that's like having no captcha at all. Another fault that is often made, is that people load images for the generated string and name (or alt) the image the exact same as the distorted character that represents it. That wouldn't do well either.

机器人不会猜测你的算法,但会尝试读取可见的内容。我假设你没有回应你的字符串,如果你这样做,就像没有验证码一样。经常发生的另一个错误是,人们为生成的字符串加载图像,并为图像命名(或替代)与表示它的扭曲字符完全相同。这也不会很好。

#1

0  

Well if you attach a value for CAPTCHA inside the form, the robot can read it... :)

好吧,如果你在表单中附加CAPTCHA的值,那么机器人可以读取它...... :)

Robots can also read an image and in some cases interpret the image into letters using a very common technique called Optical character recognition (OCR) That's why many CAPTCHAs are obfuscated and warped, to try and confused the OCR algorithms

机器人还可以读取图像,并且在某些情况下使用称为光学字符识别(OCR)的非常常见的技术将图像解释为字母。这就是为什么许多CAPTCHA被混淆和扭曲的原因,试图混淆OCR算法

If you want to generate random characters, here's a function of mine

如果你想生成随机字符,这是我的一个功能

# Generate random characters
# @param $l = length
# @param $s = use symbols?
# @param $a = use alphabetical?
# @param $n = use numbers?

function rand_chars($l=8,$s=1,$a=1,$n=1) {
  $string = ''; $chars = array();
  if ($s) $chars = array_merge($chars,array(
                     33,35,36,37,38,40,41,42,43,44,45,
                     46,47,58,59,60,61,62,63,64,91,93,
                     94,95,123,124,125,126
                     ));
  if ($a) $chars = array_merge($chars,array(
                     65,66,67,68,69,70,71,72,73,74,
                     75,76,77,78,79,80,81,82,83,84,
                     85,86,87,88,89,90,
                     97,98,99,100,101,102,103,104,105,106,
                     107,108,109,110,111,112,113,114,115,116,
                     117,118,119,120,121,122
                     ));
  if ($n) $chars = array_merge($chars,array(
                     48,49,50,51,52,53,54,55,56,57
                     ));
  for ($i=0;$i<$l;$i++) {shuffle($chars);$string.=chr(reset($chars));}
  return $string;
  }

#2

0  

Robots won't guess your algorithm, but will try to read what is visible. I assume you don't echo your string, if you do, that's like having no captcha at all. Another fault that is often made, is that people load images for the generated string and name (or alt) the image the exact same as the distorted character that represents it. That wouldn't do well either.

机器人不会猜测你的算法,但会尝试读取可见的内容。我假设你没有回应你的字符串,如果你这样做,就像没有验证码一样。经常发生的另一个错误是,人们为生成的字符串加载图像,并为图像命名(或替代)与表示它的扭曲字符完全相同。这也不会很好。

标签:

相关文章