一、验证码的作用
防恶意破解密码:防止,使用程序或机器人恶意去试密码.为了提高用户的体验,用户输入错误以后,才会要求输入验证码.
防论坛灌水:这个是很常见的。有一种程序叫做顶帖机,如果无限制的刷,整个论坛可能到处是拉圾信息,比如,百度贴吧,你只要是新用户或者刚刚关注的贴吧,要是发帖,会马上出现验证码。
有效防止注册:防止使用程序或机器人去无限制注册账号.
防刷票:网上有很多投票类的网站.
反爬:防止爬虫爬取数据
二、原理
验证码于服务器端生成,发送给客户端,并以图像格式显示。客户端提交所显示的验证码,客户端接收并进行比较,若比对失败则不能实现登录或注册,反之成功后跳转相应界面。
流程
三、如何实现
1、前期配置
- 安装pillow
pip install Pillow - 安装django-simple-captcha
pip install django-simple-captcha==0.5.6 - 将captcha添加到setting的app中
INSTALLED_APPS = [ 'captcha', ] - 添加urls.py
urlpatterns += [ url(r'^captcha/', include('captcha.urls')), ] - 配置
# django_simple_captcha 验证码配置 # 格式 CAPTCHA_OUTPUT_FORMAT = u'%(text_field)s %(hidden_field)s %(image)s' # 噪点样式 CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_null', # 没有样式 # 'captcha.helpers.noise_arcs', # 线 # 'captcha.helpers.noise_dots', # 点 ) # 图片大小 CAPTCHA_IMAGE_SIZE = (100, 25) CAPTCHA_BACKGROUND_COLOR = '#ffffff' CAPTCHA_CHALLENGE_FUNCT = 'captcha.helpers.random_char_challenge' # 图片中的文字为随机英文字母,如 mdsh # CAPTCHA_CHALLENGE_FUNCT = 'captcha.helpers.math_challenge' # 图片中的文字为数字表达式,如1+2=</span> CAPTCHA_LENGTH = 4 # 字符个数 CAPTCHA_TIMEOUT = 1 # 超时(minutes)
2、示例代码
- forms.py
from django import forms from maiziedu.models import UserProfile from captcha.fields import CaptchaField class RegisterForm(forms.Form): ''' 注册 ''' username = forms.EmailField(widget=forms.TextInput(attrs={"placeholder": "请输入邮箱账号", "value": "", "required": "用户名不能为空",}),max_length=50,error_messages={"required": "用户名不能为空",}) password = forms.CharField(widget=forms.PasswordInput(attrs={"placeholder": "请输入密码", "value": "", "required": "密码不能为空",}),min_length=8, max_length=50,error_messages={"required": "密码不能为空",}) # 验证码 captcha = CaptchaField() def clean(self): # 验证码 try: captcha_x = self.cleaned_data['captcha'] except Exception as e: raise forms.ValidationError(u"验证码有误,请重新输入") # 用户名 try: username=self.cleaned_data['username'] except Exception as e: raise forms.ValidationError(u"注册账号需为邮箱格式") # 登录验证 is_email_exist = UserProfile.objects.filter(email=username).exists() is_username_exist = UserProfile.objects.filter(username=username).exists() if is_username_exist or is_email_exist: raise forms.ValidationError(u"该账号已被注册") # 密码 try: password=self.cleaned_data['password'] except Exception as e: raise forms.ValidationError(u"请输入至少8位密码"); return self.cleaned_data - 刷新验证码
# 刷新验证码 def refresh_captcha(request): verify= dict() verify['cptch_key'] = CaptchaStore.generate_key() verify['cptch_image'] = verify(to_json_response['cptch_key']) return HttpResponse(json.dumps(verify), content_type='application/json') - views.py
def register(request): if request.method == 'POST': # 验证码 try: reg_form = RegisterForm(request.POST) except Exception as e: # 登录失败 返回错误提示 err = "注册失败,请重试" return result_response(request, err) if reg_form.is_valid(): try: username = reg_form.cleaned_data['username'] password = reg_form.cleaned_data['password'] user = UserProfile.objects.create(username = username, email = username, password = make_password(password), is_active = True) user.save() # 验证成功登录 auth.login(request, user) return result_response(request, "") except Exception as e: setFormTips(reg_form, "注册失败,请重试") else: if request.POST.get('captcha_1') == "": setFormTips(reg_form, "验证码不能为空") # 登录失败 返回错误提示 err = getFormTips(reg_form) return result_response(request, err) else: reg_form = RegisterForm() # locals() 传递所有变量 return render(request, 'index.html', locals()) - 刷新验证码
$(function () { let refres_url = 'http://127.0.0.1:8000/account/verify/'; $('.captcha').click(function () { $.getJSON(refres_url, function (data) { $('.captcha').attr('src', data.img_url) $('#id_capt_0').val(data.haskey) }) }) })
