该文是wecenter学习笔记的一部分
验证码管理
验证需要考虑
- 验证码图片的生成、存储和访问
- 验证码的有效期管理
- 失效验证码的清理策略
- 验证有效性
基于 Zend_Captcha_Image 实现的验证码生成和管理功能,可以根据自己提供的字体文件生成自定义大小和位数的验证码,
并存储到单独的session命名空间中。
system/core/captcha.php#__construct
$this->captcha = new Zend_Captcha_Image(array(
'font' => $this->get_font(),
'imgdir' => $img_dir,
'fontsize' => rand(20, 22),
'width' => 100,
'height' => 40,
'wordlen' => 4,
'session' => new Zend_Session_Namespace(G_COOKIE_PREFIX . '_Captcha'),
'timeout' => 600
));
$this->captcha->setDotNoiseLevel(rand(3, 6));
$this->captcha->setLineNoiseLevel(rand(1, 2));
** 使用方式和实现原理 **
生成验证码
AWS_APP::captcha()->generate();
system/core/captcha.php#generate
public function generate()
{
$this->captcha->generate();
HTTP::no_cache_header();
readfile($this->captcha->getImgDir() . $this->captcha->getId() . $this->captcha->getSuffix());
die;
}
检查验证码
if (!AWS_APP::captcha()->is_validate($_POST['seccode_verify']) AND get_setting('register_seccode') == 'Y')
{
H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请填写正确的验证码')));
}
system/core/captcha.php#is_validate
public function is_validate($validate_code, $generate_new = true)
{
if (strtolower($this->captcha->getWord()) == strtolower($validate_code))
{
if ($generate_new)
{
$this->captcha->generate();
}
return true;
}
return false;
}
Zend_Captcha_Image
** 生成验证码图片 **
Zend/Captcha/Image.php
public function generate()
{
$id = parent::generate();
$tries = 5;
// If there's already such file, try creating a new ID
while($tries-- && file_exists($this->getImgDir() . $id . $this->getSuffix())) {
$id = $this->_generateRandomId();
$this->_setId($id);
}
$this->_generateImage($id, $this->getWord());
if (mt_rand(1, $this->getGcFreq()) == 1) {
$this->_gc();
}
return $id;
}
Zend/Captcha/Image.php
protected function _generateImage($id, $word)
{
if (!extension_loaded("gd")) {
//require_once 'Zend/Captcha/Exception.php';
throw new Zend_Captcha_Exception("Image CAPTCHA requires GD extension");
}
if (!function_exists("imagepng")) {
//require_once 'Zend/Captcha/Exception.php';
throw new Zend_Captcha_Exception("Image CAPTCHA requires PNG support");
}
if (!function_exists("imageftbbox")) {
//require_once 'Zend/Captcha/Exception.php';
throw new Zend_Captcha_Exception("Image CAPTCHA requires FT fonts support");
}
$font = $this->getFont();
if (empty($font)) {
//require_once 'Zend/Captcha/Exception.php';
throw new Zend_Captcha_Exception("Image CAPTCHA requires font");
}
$w = $this->getWidth();
$h = $this->getHeight();
$fsize = $this->getFontSize();
$img_file = $this->getImgDir() . $id . $this->getSuffix();
if(empty($this->_startImage)) {
$img = imagecreatetruecolor($w, $h);
} else {
$img = imagecreatefrompng($this->_startImage);
if(!$img) {
//require_once 'Zend/Captcha/Exception.php';
throw new Zend_Captcha_Exception("Can not load start image");
}
$w = imagesx($img);
$h = imagesy($img);
}
$text_color = imagecolorallocate($img, 0, 0, 0);
$bg_color = imagecolorallocate($img, 255, 255, 255);
imagefilledrectangle($img, 0, 0, $w-1, $h-1, $bg_color);
$textbox = imageftbbox($fsize, 0, $font, $word);
$x = ($w - ($textbox[2] - $textbox[0])) / 2;
$y = ($h - ($textbox[7] - $textbox[1])) / 2;
imagefttext($img, $fsize, 0, $x, $y, $text_color, $font, $word);
// generate noise
for ($i=0; $i<$this->_dotNoiseLevel; $i++) {
imagefilledellipse($img, mt_rand(0,$w), mt_rand(0,$h), 2, 2, $text_color);
}
for($i=0; $i<$this->_lineNoiseLevel; $i++) {
imageline($img, mt_rand(0,$w), mt_rand(0,$h), mt_rand(0,$w), mt_rand(0,$h), $text_color);
}
// transformed image
$img2 = imagecreatetruecolor($w, $h);
$bg_color = imagecolorallocate($img2, 255, 255, 255);
imagefilledrectangle($img2, 0, 0, $w-1, $h-1, $bg_color);
// apply wave transforms
$freq1 = $this->_randomFreq();
$freq2 = $this->_randomFreq();
$freq3 = $this->_randomFreq();
$freq4 = $this->_randomFreq();
$ph1 = $this->_randomPhase();
$ph2 = $this->_randomPhase();
$ph3 = $this->_randomPhase();
$ph4 = $this->_randomPhase();
$szx = $this->_randomSize();
$szy = $this->_randomSize();
for ($x = 0; $x < $w; $x++) {
for ($y = 0; $y < $h; $y++) {
$sx = $x + (sin($x*$freq1 + $ph1) + sin($y*$freq3 + $ph3)) * $szx;
$sy = $y + (sin($x*$freq2 + $ph2) + sin($y*$freq4 + $ph4)) * $szy;
if ($sx < 0 || $sy < 0 || $sx >= $w - 1 || $sy >= $h - 1) {
continue;
} else {
$color = (imagecolorat($img, $sx, $sy) >> 16) & 0xFF;
$color_x = (imagecolorat($img, $sx + 1, $sy) >> 16) & 0xFF;
$color_y = (imagecolorat($img, $sx, $sy + 1) >> 16) & 0xFF;
$color_xy = (imagecolorat($img, $sx + 1, $sy + 1) >> 16) & 0xFF;
}
if ($color == 255 && $color_x == 255 && $color_y == 255 && $color_xy == 255) {
// ignore background
continue;
} elseif ($color == 0 && $color_x == 0 && $color_y == 0 && $color_xy == 0) {
// transfer inside of the image as-is
$newcolor = 0;
} else {
// do antialiasing for border items
$frac_x = $sx-floor($sx);
$frac_y = $sy-floor($sy);
$frac_x1 = 1-$frac_x;
$frac_y1 = 1-$frac_y;
$newcolor = $color * $frac_x1 * $frac_y1
+ $color_x * $frac_x * $frac_y1
+ $color_y * $frac_x1 * $frac_y
+ $color_xy * $frac_x * $frac_y;
}
imagesetpixel($img2, $x, $y, imagecolorallocate($img2, $newcolor, $newcolor, $newcolor));
}
}
// generate noise
for ($i=0; $i<$this->_dotNoiseLevel; $i++) {
imagefilledellipse($img2, mt_rand(0,$w), mt_rand(0,$h), 2, 2, $text_color);
}
for ($i=0; $i<$this->_lineNoiseLevel; $i++) {
imageline($img2, mt_rand(0,$w), mt_rand(0,$h), mt_rand(0,$w), mt_rand(0,$h), $text_color);
}
imagepng($img2, $img_file);
imagedestroy($img);
imagedestroy($img2);
}
基本步骤
- 使用基底图生成缓冲图片
- 输出验证码文本
- 根据点和线的噪音级别生成噪音图形
- 进行波形扭曲变换
- 再次生成噪声点和线
- 保存图片到PNG格式的文件
** 验证码管理 **
验证码管理的基础工作在 Zend_Captcha_Word中完成,基本实现思路
-
将生成的验证码code存入session中
Zend/Captcha/Word.php
public function generate() { if (!$this->_keepSession) { $this->_session = null; } $id = $this->_generateRandomId(); $this->_setId($id); $word = $this->_generateWord(); $this->_setWord($word); return $id; }protected function _setWord($word) { $session = $this->getSession(); $session->word = $word; $this->_word = $word; return $this; } -
验证时直接从session中读取并验证
Zend/Captcha.Word.php
public function isValid($value, $context = null) { ... $this->_id = $value['id']; if ($input !== $this->getWord()) { $this->_error(self::BAD_CAPTCHA); return false; } return true; } public function getWord() { if (empty($this->_word)) { $session = $this->getSession(); $this->_word = $session->word; } return $this->_word; } -
清除session中的验证码
通过控制Session数据失效时间和步数来清除Session中的验证码
Zend/Captcha.Word.php
public function getSession() { if (!isset($this->_session) || (null === $this->_session)) { $id = $this->getId(); if (!class_exists($this->_sessionClass)) { //require_once 'Zend/Loader.php'; Zend_Loader::loadClass($this->_sessionClass); } $this->_session = new $this->_sessionClass('Zend_Form_Captcha_' . $id); $this->_session->setExpirationHops(1, null, true); $this->_session->setExpirationSeconds($this->getTimeout()); } return $this->_session; }
** 清理失效验证码图片 **
遍历验证码存储的文件夹,按创建世界删除有效期(最长有效期默认10分钟)之外的图片文件。
参照
Zend/Captcha/Image.php#_gc
GC在生成验证码的时候按概率随机触发
Zend/Captcha/Image.php#generate
if (mt_rand(1, $this->getGcFreq()) == 1) {
$this->_gc();
}
除自己生成并管理验证码外,Zend Captcha还支持直接使用reCaptcha服务来管理验证码
