代码也是网上找的,自己稍微修改了下,code放在session里面,md5加密了一下,网上很多说这样很容易破解,但是作为一名业余的php程序员实在不知道有什么更好的办法了,希望知道更好办法的同学不吝赐教。
<?php
//error_reporting(E_ALL^E_NOTICE);
session_start();
header("Content-type: image/png");
$str = "2,3,4,5,6,7,8,9,a,b,c,d,f,g,h,i,j,k,m,n,p,q,r,s,t,u,v,w,x,y,z";
$list = explode(",", $str);
$cmax = count($list) - 1;
$verifyCode = '';
for ( $i=0; $i < 5; $i++ ){
$randnum = mt_rand(0, $cmax);
$verifyCode .= $list[$randnum];
}
$_SESSION['ok358_code'] = md5($verifyCode);
$im = imagecreate(92,28);
$black = imagecolorallocate($im, 0,0,200);
$white = imagecolorallocate($im, 255,255,255);
$gray = imagecolorallocate($im, 200,200,200);
$red = imagecolorallocate($im, 255, 0, 0);
imagefill($im,0,0,$gray);
//imagestring($im, 5, 10, 8, $verifyCode, $black);
//imagettftext ( resource image, int size, int angle, int x, int y, int color, string fontfile, string text)
imagettftext($im, 18, 0, 5, 20, $black, "../ttf/BOD_BLAR.TTF", $verifyCode);
for($i=0;$i<50;$i++)
{
imagesetpixel($im,rand($i,50),rand($i,$i),$black);
imagesetpixel($im,rand($i,100),rand($i,$i),$red);
//imagesetpixel($im,rand($i,$i),rand($i,$i),$gray);
imagearc($im, rand($i,100), rand($i,50), 20, 20, 75, 170, $black);
//imageline($im, rand(p), rand(p), rand(p), rand(p), $red);
}
imagepng($im);
imagedestroy($im);
?>
下面是验证用户输入的验证码和用户名密码的代码,感觉好像容易破解的样子,但是说不出什么问题来。。。希望高手来指教
<?php
include 'common.php';
if(md5($_POST['ok358_code']) == $_SESSION['ok358_code']){
$databases="webdata";
$server="127.0.0.1";
$username="root";
$password="123456";
$con = mysql_connect($server,$username,$password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
echo '-2';
}else{
mysql_query("SET NAMES GBK");
mysql_query("set character_set_client=GBK");
mysql_query("set character_set_results=GBK");
mysql_select_db($databases, $con);
// 从表中提取信息的sql语句
$strsql="SELECT user_name FROM user_info where user_name='" . $_POST['ok358_user'] . "' and pwd='" . md5($_POST['ok358_pwd']) . "'";
//echo $strsql;
//$strsql="SELECT user_name FROM `user_info` where user_name='123'";
// 执行sql查询
$result=mysql_query($strsql, $con);
// 获取查询结果
$row=mysql_fetch_row($result);
if($row[0]==''){
$_SESSION['ok358_login']='-1';
echo '-3';
}else{//验证成功
$loginsql="INSERT INTO LOGIN_INFO (USER_NAME,LOGIN_TIME,IP) VALUES('".$row[0]."','".date("Y-m-d H:i:s",time())."','".getIP()."')";
mysql_query($loginsql);
$_SESSION['ok358_login']='1';
$_SESSION['ok358_user']=$row[0];
$_SESSION['ok358_login_ip']=getIP();
echo '1';
}
mysql_close($con);
}
}else{
echo -1;
}
?>