wecenter学习笔记-验证码管理

该文是wecenter学习笔记的一部分

验证码管理

验证需要考虑

  • 验证码图片的生成、存储和访问
  • 验证码的有效期管理
  • 失效验证码的清理策略
  • 验证有效性

基于 Zend_Captcha_Image 实现的验证码生成和管理功能,可以根据自己提供的字体文件生成自定义大小和位数的验证码,
并存储到单独的session命名空间中。

system/core/captcha.php#__construct

$this->captcha = new Zend_Captcha_Image(array(
    'font' => $this->get_font(),
    'imgdir' => $img_dir,
    'fontsize' => rand(20, 22),
    'width' => 100,
    'height' => 40,
    'wordlen' => 4,
    'session' => new Zend_Session_Namespace(G_COOKIE_PREFIX . '_Captcha'),
    'timeout' => 600
));

$this->captcha->setDotNoiseLevel(rand(3, 6));
$this->captcha->setLineNoiseLevel(rand(1, 2));

** 使用方式和实现原理 **

生成验证码

AWS_APP::captcha()->generate();

system/core/captcha.php#generate

public function generate()
{
    $this->captcha->generate();

    HTTP::no_cache_header();

    readfile($this->captcha->getImgDir() . $this->captcha->getId() . $this->captcha->getSuffix());

    die;
}

检查验证码

if (!AWS_APP::captcha()->is_validate($_POST['seccode_verify']) AND get_setting('register_seccode') == 'Y')
{
    H::ajax_json_output(AWS_APP::RSM(null, -1, AWS_APP::lang()->_t('请填写正确的验证码')));
}

system/core/captcha.php#is_validate

public function is_validate($validate_code, $generate_new = true)
{
    if (strtolower($this->captcha->getWord()) == strtolower($validate_code))
    {
        if ($generate_new)
        {
            $this->captcha->generate();
        }
        
        return true;
    }

    return false;
}

Zend_Captcha_Image

** 生成验证码图片 **

Zend/Captcha/Image.php

public function generate()
{
    $id = parent::generate();
    $tries = 5;
    // If there's already such file, try creating a new ID
    while($tries-- && file_exists($this->getImgDir() . $id . $this->getSuffix())) {
        $id = $this->_generateRandomId();
        $this->_setId($id);
    }
    $this->_generateImage($id, $this->getWord());

    if (mt_rand(1, $this->getGcFreq()) == 1) {
        $this->_gc();
    }
    return $id;
}

Zend/Captcha/Image.php

protected function _generateImage($id, $word)
{
    if (!extension_loaded("gd")) {
        //require_once 'Zend/Captcha/Exception.php';
        throw new Zend_Captcha_Exception("Image CAPTCHA requires GD extension");
    }

    if (!function_exists("imagepng")) {
        //require_once 'Zend/Captcha/Exception.php';
        throw new Zend_Captcha_Exception("Image CAPTCHA requires PNG support");
    }

    if (!function_exists("imageftbbox")) {
        //require_once 'Zend/Captcha/Exception.php';
        throw new Zend_Captcha_Exception("Image CAPTCHA requires FT fonts support");
    }

    $font = $this->getFont();

    if (empty($font)) {
        //require_once 'Zend/Captcha/Exception.php';
        throw new Zend_Captcha_Exception("Image CAPTCHA requires font");
    }

    $w     = $this->getWidth();
    $h     = $this->getHeight();
    $fsize = $this->getFontSize();

    $img_file   = $this->getImgDir() . $id . $this->getSuffix();
    if(empty($this->_startImage)) {
        $img        = imagecreatetruecolor($w, $h);
    } else {
        $img = imagecreatefrompng($this->_startImage);
        if(!$img) {
            //require_once 'Zend/Captcha/Exception.php';
            throw new Zend_Captcha_Exception("Can not load start image");
        }
        $w = imagesx($img);
        $h = imagesy($img);
    }
    $text_color = imagecolorallocate($img, 0, 0, 0);
    $bg_color   = imagecolorallocate($img, 255, 255, 255);
    imagefilledrectangle($img, 0, 0, $w-1, $h-1, $bg_color);
    $textbox = imageftbbox($fsize, 0, $font, $word);
    $x = ($w - ($textbox[2] - $textbox[0])) / 2;
    $y = ($h - ($textbox[7] - $textbox[1])) / 2;
    imagefttext($img, $fsize, 0, $x, $y, $text_color, $font, $word);

   // generate noise
    for ($i=0; $i<$this->_dotNoiseLevel; $i++) {
       imagefilledellipse($img, mt_rand(0,$w), mt_rand(0,$h), 2, 2, $text_color);
    }
    for($i=0; $i<$this->_lineNoiseLevel; $i++) {
       imageline($img, mt_rand(0,$w), mt_rand(0,$h), mt_rand(0,$w), mt_rand(0,$h), $text_color);
    }

    // transformed image
    $img2     = imagecreatetruecolor($w, $h);
    $bg_color = imagecolorallocate($img2, 255, 255, 255);
    imagefilledrectangle($img2, 0, 0, $w-1, $h-1, $bg_color);
    // apply wave transforms
    $freq1 = $this->_randomFreq();
    $freq2 = $this->_randomFreq();
    $freq3 = $this->_randomFreq();
    $freq4 = $this->_randomFreq();

    $ph1 = $this->_randomPhase();
    $ph2 = $this->_randomPhase();
    $ph3 = $this->_randomPhase();
    $ph4 = $this->_randomPhase();

    $szx = $this->_randomSize();
    $szy = $this->_randomSize();

    for ($x = 0; $x < $w; $x++) {
        for ($y = 0; $y < $h; $y++) {
            $sx = $x + (sin($x*$freq1 + $ph1) + sin($y*$freq3 + $ph3)) * $szx;
            $sy = $y + (sin($x*$freq2 + $ph2) + sin($y*$freq4 + $ph4)) * $szy;

            if ($sx < 0 || $sy < 0 || $sx >= $w - 1 || $sy >= $h - 1) {
                continue;
            } else {
                $color    = (imagecolorat($img, $sx, $sy) >> 16)         & 0xFF;
                $color_x  = (imagecolorat($img, $sx + 1, $sy) >> 16)     & 0xFF;
                $color_y  = (imagecolorat($img, $sx, $sy + 1) >> 16)     & 0xFF;
                $color_xy = (imagecolorat($img, $sx + 1, $sy + 1) >> 16) & 0xFF;
            }
            if ($color == 255 && $color_x == 255 && $color_y == 255 && $color_xy == 255) {
                // ignore background
                continue;
            } elseif ($color == 0 && $color_x == 0 && $color_y == 0 && $color_xy == 0) {
                // transfer inside of the image as-is
                $newcolor = 0;
            } else {
                // do antialiasing for border items
                $frac_x  = $sx-floor($sx);
                $frac_y  = $sy-floor($sy);
                $frac_x1 = 1-$frac_x;
                $frac_y1 = 1-$frac_y;

                $newcolor = $color    * $frac_x1 * $frac_y1
                          + $color_x  * $frac_x  * $frac_y1
                          + $color_y  * $frac_x1 * $frac_y
                          + $color_xy * $frac_x  * $frac_y;
            }
            imagesetpixel($img2, $x, $y, imagecolorallocate($img2, $newcolor, $newcolor, $newcolor));
        }
    }

    // generate noise
    for ($i=0; $i<$this->_dotNoiseLevel; $i++) {
        imagefilledellipse($img2, mt_rand(0,$w), mt_rand(0,$h), 2, 2, $text_color);
    }
    for ($i=0; $i<$this->_lineNoiseLevel; $i++) {
       imageline($img2, mt_rand(0,$w), mt_rand(0,$h), mt_rand(0,$w), mt_rand(0,$h), $text_color);
    }

    imagepng($img2, $img_file);
    imagedestroy($img);
    imagedestroy($img2);
}

基本步骤

  1. 使用基底图生成缓冲图片
  2. 输出验证码文本
  3. 根据点和线的噪音级别生成噪音图形
  4. 进行波形扭曲变换
  5. 再次生成噪声点和线
  6. 保存图片到PNG格式的文件

** 验证码管理 **

验证码管理的基础工作在 Zend_Captcha_Word中完成,基本实现思路

  • 将生成的验证码code存入session中

    Zend/Captcha/Word.php

    public function generate()
    {
        if (!$this->_keepSession) {
            $this->_session = null;
        }
        $id = $this->_generateRandomId();
        $this->_setId($id);
        $word = $this->_generateWord();
        $this->_setWord($word);
        return $id;
    }
    
    protected function _setWord($word)
    {
        $session       = $this->getSession();
        $session->word = $word;
        $this->_word   = $word;
        return $this;
    }
    
  • 验证时直接从session中读取并验证

    Zend/Captcha.Word.php

    public function isValid($value, $context = null)
    {
        ...
    
        $this->_id = $value['id'];
        if ($input !== $this->getWord()) {
            $this->_error(self::BAD_CAPTCHA);
            return false;
        }
    
        return true;
    }
    
    public function getWord()
    {
        if (empty($this->_word)) {
            $session     = $this->getSession();
            $this->_word = $session->word;
        }
        return $this->_word;
    }
    
  • 清除session中的验证码

    通过控制Session数据失效时间和步数来清除Session中的验证码

    Zend/Captcha.Word.php

    public function getSession()
    {
        if (!isset($this->_session) || (null === $this->_session)) {
            $id = $this->getId();
            if (!class_exists($this->_sessionClass)) {
                //require_once 'Zend/Loader.php';
                Zend_Loader::loadClass($this->_sessionClass);
            }
            $this->_session = new $this->_sessionClass('Zend_Form_Captcha_' . $id);
            $this->_session->setExpirationHops(1, null, true);
            $this->_session->setExpirationSeconds($this->getTimeout());
        }
        return $this->_session;
    }
    

** 清理失效验证码图片 **

遍历验证码存储的文件夹,按创建世界删除有效期(最长有效期默认10分钟)之外的图片文件。

参照

Zend/Captcha/Image.php#_gc

GC在生成验证码的时候按概率随机触发

Zend/Captcha/Image.php#generate

if (mt_rand(1, $this->getGcFreq()) == 1) {
    $this->_gc();
}

除自己生成并管理验证码外,Zend Captcha还支持直接使用reCaptcha服务来管理验证码


配置参数管理 ←o→ 分页组件的实现

你可能感兴趣的:(wecenter学习笔记-验证码管理)