比较全面的php session验证码与防分辨
比较全面的php session验证码与防识别
验证码开发过程中的3个误区:
1、?背景干扰:干扰线、干扰点、干扰图,基本没有,程序很容易通过高亮度调节去除掉。
2、?字符旋转:破解机器人通过数次学习、旋转之后,能够得到90%以上的正确识别率,采用常规字体,能够得到接近100%的识别。
3、?随机间距:基本没用,采用提取高亮度之后,采用图片切割的方法,很容易就将随机间距消灭掉。
?
防止被破解:
1、?背景干扰线尽量能够干扰到字符,采用和字符相同的颜色,能够破坏高亮度反差色提取法对字符的学习。QQ有采用。
2、?矢量变形:想Google、Ms、Yahoo都采用了这种变态的方法,这种将字符进行扭曲变形,基本上机器识别率为零,因为没有相对应的固定形状。损失是用户也不一定认得。需要验证码图片有一些大才行。
3、?字符粘连,可以破坏掉字符切割法分割字符,Google也有用到这个,QQ也有采用。
4、?中文验证码,中文验证码的识别难度比较大,但是现在逐渐的也慢慢被学习并且破解。(香港,台湾是用繁体)
5、?字符旋转:需要和字符粘连在一起才能够起作用,他们一起,验证码几乎不具备机器破解可能性。加随机背景图片、随机字体、稍微旋转字母或数字,位置不固定,稍微扭曲
?
注意:
字体.ttf的当$mode=7的该字体必须支持中文,否则出现乱码。
在服务端做验证时取session存储的验证字符与用户提交的字符进行比较,相同则通过验证。
<?php/** @Date 2011-2-24* @Author hudeyong926*/function getCode($length = 32, $mode = 0) { switch ($mode) { case '1' : $str = '123456789'; break; case '2' : $str = 'abcdefghijklmnopqrstuvwxyz'; break; case '3' : $str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; break; case '4' : $str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; break; case '5' : $str = 'ABCDEFGHIJKLMNPQRSTUVWXYZ123456789'; break; case '6' : $str = 'abcdefghijklmnopqrstuvwxyz1234567890'; break; case '7' ://中文验证码 break; default : $str = 'ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz23456789'; break; } $result = ''; for($i = 0; $i < $length; $i ++) { if ($mode == 7) { $str [$i] = chr ( mt_rand ( 176, 215 ) ) . chr ( mt_rand ( 161, 249 ) ); $str [$i] = iconv ( "GB2312", "UTF-8", $str [$i] ); //imagettftext是utf-8的,所以先转换下 $result .= $str [$i]; } else { $l = strlen ( $str ) - 1; $num = mt_rand ( 0, $l ); $result .= $str [$num]; } } return $result;}//建立验证图片function createAuthNumImg($randStr, $fontName, $imgW = 100, $imgH = 40) { header ( "content-type: image/png" ); $image = imagecreate ( $imgW, $imgH ); $fontSize = 20;//字号 //$green = imagecolorallocate($image,0x6b,0xc1,0x46); $gray = imagecolorallocate ( $image, 228, 228, 228 ); //灰色 $red = imagecolorallocate ( $image, 255, 102, 204 );//粉色 $blue = imagecolorallocate($image,0x53,0x68,0xbd); $colors = array($red, $gray, $blue); $color_b = imagecolorallocate ( $image, 0, 0, 0 ); //黑色 for($i = 0; $i < 1000; $i ++) { //绘背景干扰点 imagesetpixel ( $image, mt_rand ( 0, $imgW ), mt_rand ( 0, $imgH ), $colors[rand(0,count($colors)-1)]); } imagerectangle ( $image, 0, 0, $imgW - 1, $imgH - 1, $color_b );//绘制边框 imagettftext ( $image, $fontSize, 5, 3, 25, $color_b, $fontName, $randStr);///将验证字符绘入图片 字符旋转 for($i=0; $i<2; $i++){ //绘背景干扰线 imageline($image, mt_rand(0,5), mt_rand(6,18), mt_rand(65,$imgW), mt_rand(6,$imgH), $color_b);//一条干扰线 } imagepng ( $image ); imagedestroy ( $image );}session_start ();$verifyCode = GetCode ( 5 );$_SESSION ['VERIFY_CODE'] = $verifyCode ;createAuthNumImg ( $verifyCode, "font.ttf", 75, 30); //字体存放路径,如果你没有文件就去C:\WINDOWS\Fonts文件中找一个吧。/** 问答模式$a=GetCode(2,1); $b=GetCode(1,1); $passPort = $a."+".$b."=?"; $verifyCode = $a+$b; $_SESSION ['VERIFY_CODE'] = $verifyCode ; createAuthNumImg ( $passPort, "font.ttf", 75, 30);*/?>中文占两个字符长度,需要控制验证码图片的长度,一个中文位置相当于2个非中文
<?php echo strlen('中'); echo strlen('ad');?>为了避免机器人的破解,验证码的视觉效果越来越差,随之很多网站就加了“看不清?请刷新”之类的功能,当然也不是简简单单的页面刷新,是只刷新验证码部分,用户从而得到一个新的验证码。在网上看了些别人写的方法,下面总结两种。
第一种比较简单,运用一下onclick即可,直接点击验证码的图片就可以刷新,不过最好在验证码后面说明一下,提示有这个功能。
<img src="/static/imghw/default1.png" data-src="validimg.jsp" class="lazy" alt="看不清?请刷新" style="max-width:90%" style="max-width:90%" onclick="this.src=this.src+'?'+Math.random()" />
第二种则是用JavaScript的方法:
<img src="/static/imghw/default1.png" data-src="validimg.jsp" class="lazy" style="max-width:90%" style="max-width:90%" alt="比较全面的php session验证码与防分辨" > <a href="JavaScript:reloadImage("validimg.jsp" );">刷新</a><script language="JavaScript">function reloadImage(url){document.formName.img1.src = url+Math.random();}</script>?
?
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to solve 'undefined: rand.Seed' error in golang?
Jun 25, 2023 am 08:34 AM
During the development or learning process of using Golang, we may encounter the error message of undefined:rand.Seed. This error usually occurs when you need to use a random number generator, because in Golang you need to set a random number seed before you can use the function in the rand package. This article will explain how to resolve this error. 1. Introduce the math/rand package. First, we need to introduce the math/rand package into the code. exist
How to use Bing Image Creator for free
Feb 27, 2024 am 11:04 AM
This article will introduce seven ways to get high-quality output using the free BingImageCreator. BingImageCreator (now known as ImageCreator for Microsoft Designer) is one of the great online artificial intelligence art generators. It generates highly realistic visual effects based on user prompts. The more specific, clear, and creative your prompts are, the better the results will be. BingImageCreator has made significant progress in creating high-quality images. It now uses Dall-E3 training mode, showing a higher level of detail and realism. However, its ability to consistently produce HD results depends on several factors, including fast
How to delete images from Xiaomi phones
Mar 02, 2024 pm 05:34 PM
How to delete images on Xiaomi mobile phones? You can delete images on Xiaomi mobile phones, but most users don’t know how to delete images. Next is the tutorial on how to delete images on Xiaomi mobile phones brought by the editor. Interested users can come and join us. Let's see! How to delete images on Xiaomi mobile phone 1. First open the [Album] function in Xiaomi mobile phone; 2. Then check the unnecessary pictures and click the [Delete] button in the lower right corner; 3. Then click [Album] at the top to enter the special area , select [Recycle Bin]; 4. Then directly click [Empty Recycle Bin] as shown in the figure below; 5. Finally, directly click [Permanent Delete] to complete.
How to synchronize random number generation in Golang parallel processing?
Jun 03, 2024 pm 02:53 PM
Synchronizing random number generation in Go concurrent programming: Use a mutex (sync.Mutex) to control access to the rand.Rand random number generator. Each goroutine acquires the mutex lock before generating random numbers and releases the mutex lock after generating it. This ensures that only one goroutine can access the random number generator at a time, eliminating data races.
Imagemagic installation Centos and Image installation tutorial
Feb 12, 2024 pm 05:27 PM
LINUX is an open source operating system. Its flexibility and customizability make it the first choice of many developers and system administrators. In the LINUX system, image processing is a very important task, and Imagemagick and Image are Two very popular image processing tools, this article will introduce you to how to install Imagemagick and Image in Centos system, and provide detailed installation tutorials. Imagemagic installation Centos tutorial Imagemagick is a powerful image processing toolset, which can perform various image operations under the command line. The following are the steps to install Imagemagick on Centos system: 1
How to solve the problem of generating the same random numbers using php rand function
Mar 23, 2023 am 09:17 AM
The rand() function uses the same initial seeds on each call. The default initial seed is obtained from the operating system's time, but it only has microsecond accuracy. That is, within a very short period of time, many rand() function calls will use the same initial seed, resulting in the same random number generation. So, how to solve this problem?
Python built-in type str source code analysis
May 09, 2023 pm 02:16 PM
1The basic unit of Unicode computer storage is the byte, which is composed of 8 bits. Since English only consists of 26 letters plus a number of symbols, English characters can be stored directly in bytes. But other languages (such as Chinese, Japanese, Korean, etc.) have to use multiple bytes for encoding due to the large number of characters. With the spread of computer technology, non-Latin character encoding technology continues to develop, but there are still two major limitations: no multi-language support: the encoding scheme of one language cannot be used in another language and there is no unified standard: for example There are many encoding standards in Chinese such as GBK, GB2312, GB18030, etc. Since the encoding methods are not unified, developers need to convert back and forth between different encodings, and many errors will inevitably occur.
What are the similarities and differences between __str__ and __repr__ in Python?
Apr 29, 2023 pm 07:58 PM
What are the similarities and differences between __str__ and __repr__? We all know the representation of strings. Python's built-in function repr() can express objects in the form of strings to facilitate our identification. This is the "string representation". repr() obtains the string representation of an object through the special method __repr__. If __repr__ is not implemented, when we print an instance of a vector to the console, the resulting string may be. >>>classExample:pass>>>print(str(Example()))>>>
