A concise tutorial on the use of thinkphp verification code

The

  Verification code function is mainly to prevent the Web site login function is brushed, but according to the current market of common authentication code features, it is easy to bypass, so if you want to make the site safe enough, it is best to study more in-depth

First, we need to add the authentication code method to the Controller admin/lib/action/loginaction.class.php knowledge Point: 1, Ob_clean function use 2, import method calls the default class library 3, The image class Buildimageverify method uses the   code as follows: The   code is as follows: Public function verify () { ob_clean ();  //ob_clean function Clears the previous output  import (' ORG. Util.image ');  //import calls the Image.class.php class file in the expansion pack extend/library/org/util/in the message/thinkphp Framework directory  image:: Buildimageverify ();  //calls the Buildimageverify method to generate the CAPTCHA, the default parameter is ($length =4, $mode =1, $type = ' png ', $width =48, $height =22, $verifyName = ' Verify '), interested friends can study under the image class}     II, in the template file to add validation code module admin/tpl/login/index.html Knowledge Points: 1, verification code picture Call 2, JS related to the running process to understand 3, __ Public__ Constants   Add the following code to the Password entry box: The code is as follows: <! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" "Http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "> <script type=" text/javascript "src=" __public__/js/jquery-1.7.2.min.js "></script>// The __public__ constant can find the defined __public__ directory in "view page source files" after the page is loaded by defaultThe public directory under the root directory message, the following explains how to customize the __public__ system constant//jquery file, only loaded this file can invoke the jquery method <script type= "text/ JavaScript "src=" __public__/js/login.js ></script>//The specific code here will be posted below, in fact, just define a change_code function, That is, the asynchronous operation to replace the CAPTCHA (can be replaced without refreshing the page)   <title>message Board background</title> </head> <body> & nbsp  <form action= "{: U (' Admin.php/login/login ')}" method= "Post" name= "Back_login" >   <h2> simple Background Login system </h2>   Username: <input type= ' username ' name= ' username ' id= ' username '/>   <br/>   Password: <in Put type= ' password ' name= ' password ' id= ' password '/>   <br/>   Verification Code: <input type= "code" name= "code"/ >   /Here it is necessary to set the type to Code,name named code   <img src= "{: U (' admin/login/verify ', ', ')}" id= "code"/ >   under the//img label SRC is the call to the login controller Veryfy method  //The following two parameters left blank is necessary, where the 2nd is not practical, mainly for the 3rd parameter blank, so that the setting can cancel the pseudo static suffix name, Otherwise, the default pseudo static suffix named HTML will cause the picture to not load correctly   <a href= "javascript:void (Change_code (this));" > Can't see clearly</a>  /Here called a   <br/>   <input type= "Submit"  value= "Login"/>  </form> & nbsp </body> </html>     login.js files in the message/public/directory the contents of the file are as follows: The code is as follows: Verifyurl = ' http://localhost/ Message/admin.php/login/verify '; Defines the authentication code path function Change_code (obj) { $ ("#code"). attr ("src", verifyurl+ '/' +math.random ());  //dynamically generated authentication code method, Interested friends can further study the JQ method  return false;     Another: __public__ file definition in message/admin/conf/config.php in the configuration, add the following content, you can change the __public__ path configuration as follows:   code is as follows:// Constant-related configuration ' tmpl_parse_string ' => array (  ' __public__ ' => __root__. '/' . App_name. '/public ',  //path change to Message/admin/public, Refresh page, verify code can still refresh, show JS effective, also can "view page source file"),