Verification code is already a very basic knowledge point in the website now, the existence of verification code It can prevent malicious cracking of passwords, ticket fraud, and water injection, and can effectively prevent violent cracking of specific users.
Now let’s learn about the awesome verification codes in PHP in those years.
First, take the four-digit verification code as an example (the same principle applies to multiple-digit verification codes).
At present, most websites still use static image verification codes, because it is simple and convenient to implement and does not require strong skills. Of course, this is also the basis. The principle is to use PHP's drawing function to draw text into a picture and return it to the page . Therefore, there are only three steps to solve the problem:
Of course, PHP does not enable the drawing function by default, so first enable the drawing function in the php.ini configuration file: search for ;extension=php_gd2.dll and remove the preceding semicolon. (Remember to save it!)
According to the first point, everyone should first think of digital verification codes, because it is easy, just randomly generate a few numbers, and then put them together, it looks like Jiang Zi!
1 $validateCode = ''; 2 for ($i = 0; $i < 4; $i + +) { 3 $validateCode .= rand(0, 9); 4 } 5 echo $validateCode; View CodeThen think about it carefully. Today’s website verification codes all have letters, but this thing doesn’t have letters. What’s wrong? Then I thought, just convert the above thing into hexadecimal.
1 $validateCode = ''; 2 for ($i = 0; $i < 4; $i + +) { 3 $validateCode .= dechex(rand(0, 16)); 4 } 5 echo $validateCode; View Code It seems a bit too clever, but think about it, there are a few letters, but there are only a, b, c, d, e, f. So what if you need all the letters? Haha, when I think about it, I just think of listing all the letters and numbers in a string, and then using random subscripts to
to randomly get the corresponding value, which is what it looks like:
Haha, it finally looks like the random number in the verification code, but when I see the method below, I am always confused:
<span>echo</span> <span>substr</span>(<span>str_shuffle</span>('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'), 0, 4);
The str_shuffle method scrambles the string content, and substr($str, 0, 4) gets the first four numbers. This is absolutely no problem! However, if you look carefully, you can see that the content in such verification codes will not be repeated.
The above verification code is generated, and then the verification code will be drawn using PHP.
1 $validateCode = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890') , 0, 4) ; 2 3 // Create an image with a width of 110px and a height of 25px 4 $img = imagecreatetruecolor(110, 25); 5 // Set the background color of the picture to black, and the color values correspond to RGB 6 $bgcolor = imagecolorallocate($img, 0, 0, 0); 7 8 // Create white 9 $white = imagecolorallocate($img, 255, 255, 255); 10 11 // Add text to the picture. The second parameter is the size of the text, which can only be between 1 and 5. The third parameter is the x coordinate, the 4th The first parameter is the y coordinate, the fifth parameter is the content of the text, and the sixth parameter is the color of the text 12 imagestring($img, rand(3, 5), rand(0, 80), rand(2, 10), $validateCode, $white); 13 14 // Add text to the picture. The second parameter is the size of the text, which can only be between 1 and 5. The third parameter is the x coordinate, the 4th The first parameter is the y coordinate, the fifth parameter is the content of the text, and the sixth parameter is the color of the text 15 imagestring($img, rand(3, 5), rand(0, 80), rand(2, 10), $validateCode, $white); View Code
Of course, in this case, the verification code will be easy to recognize. It is just white text on a black background. To make it more difficult, we will add a few more lines superimposed on the verification code.
1 $validateCode = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890') , 0, 4) ; 2 3 // Create an image with a width of 110px and a height of 25px 4 $img = imagecreatetruecolor(110, 25); 5 // Set the background color of the picture to black, and the color values correspond to RGB 6 $bgcolor = imagecolorallocate($img, 0, 0, 0); 7 // imagefill($img, 10, 10, $bgcolor); 8 9 // Create white 10 $white = imagecolorallocate($img, 255, 255, 255); 11 12 for ($i = 0; $i < 30; $i ++) { 13 // Draw a line on the picture, where the second parameter represents the x starting coordinate of the line, and the third parameter represents the y starting coordinate of the line Coordinates, the 4th parameter represents the end coordinate of x, the 5th parameter represents the end coordinate of y, the 6th parameter represents the color, a random color is generated here 14 imageline($img, rand(0, 110), rand(0, 50), rand(0, 110), rand(0, 50), imagecolorallocate($img, rand(0, 255), rand(0, 255), rand(0, 255))); 15 } 16 17 // Add text in the picture. The second parameter is the size of the text, which can only be between 1 and 5. The third parameter is the x coordinate, the 4th The first parameter is the y coordinate, the fifth parameter is the content of the text, and the sixth parameter is the color of the text 18 imagestring($img, rand(3, 5), rand(0, 80), rand(2, 10), $validateCode, $white); 19 20 // Return to picture 21 header('Content-type: image/png'); 22 imagepng($img); View CodeThe result is like this. Of course, if you want to implement the verification code, this is not enough. You need to save the random number generated by the verification code into the server's session, $_SESSION['validate'] = $validateCode; Then compare it with the verification code entered through the client. This is how the verification code in PHP is implemented. Of course, as mentioned before, this is the most basic code. You can change it to implement arithmetic verification code, Chinese verification code, or other based on your ideas. Some interesting verification codes to make it less boring and more secure.
Do you have any other awesome verification codes to share with me?
That’s because register_global = off in php.ini;
can be changed to on. However, after php5, it is set to off by default.
Because it is not safe to get the value directly. I think I wonder if the user knows the name of your session
, can he modify your session through the get or post method?
Because all you need to get the value is the name!
php5 generally uses superglobal variables!
$_GET
$_POST
$_COOKIE
$_SESSION
Another poster The book seems a bit old. Session_register is no longer recommended in php5. Now it can be assigned directly $_SESSION['yzm'] = 100;
Note: I heard that php6 has been released!
The reason is found: the $rand variable is not initialized, and there will be a warning when outputting directly. The solution is to add $rand=''; before the for statement, so there will be no problem.
session_start();
$rand='';
for($i=0;$i<4;$i++){
$rand.=dechex(rand(0,15) );
}
$_SISSION['rand']=$rand;
$bg=imagecreatetruecolor(100,30);
$im=imagecolorallocate($bg,0,0 ,0);
$color=imagecolorallocate($bg,255,255,255);
imagestring($bg,5,0,0,$rand,$color);
header("Content- type: image/jpeg");
imagejpeg($bg);