Smart verification code for anti-spam information irrigation

Anti-spam information irrigation smart verification code recently the system often encounters spam information attacks from advertising machines. Many people think of ways to increase the difficulty of the verification code, or do some questions and answers to prevent it. However, in this way, the use and experience of normal users are also very difficult while preventing advertising machines. Here we provide a smart verification code idea.

That is, after the verification code is successfully used in a short period of time, the verification code usage frequency is recorded + 1. The length and difficulty will be automatically increased when the next generation is made in a short time. The ultimate abnormal verification code is a distorted Chinese character.

The code is as follows:
Create a c_iphistory data table to record the verification code usage frequency.

Create table if not exists 'c _ iphistory '('id' int (11) not null AUTO_INCREMENT, 'IP' varchar (255) not null, 'num' int (11) not null, 'lastdateline 'int (11) not null, primary key ('id'), unique key 'IP' ('IP ')) ENGINE = MyISAM default charset = utf8 COMMENT = 'number of times the ip address using the verification code ';

Verification code generation part:

$ Freq = 60; // define the frequency of flood attacks // check whether the storage is saved $ tmp = db :: r ("select * from c_iphistory where ip = '$ _ G [ip]'"); $ len = 2; $ type = 0; if ($ tmp & $ tmp ['num']> 0) {$ num = $ tmp ['num']; $ timeout = TS-$ tmp ['lastdateline ']; $ num-= floor ($ timeout/$ freq); // if ($ num <0) $ num = 0; $ len + = $ num;} if ($ len> 3) {// multiply difficulty, length: 2-5 bits $ type = floor ($ len/4 ); if ($ type> 8) {$ type = 8; $ len-= 34;} else {$ len = $ len % 4; $ len + = 2 ;}} else {$ l En + = 2 ;}$ secode = s: rrand ($ len, $ type); // use $ secode to generate an image and record it to the verification code library for verification. ************ * ************** // *** Random number @ zairwolf ***/function rrand ($ len, $ type = 7) {// 1-Number // 2-Lower Char // 4-Upper Char // 8-Chinesemt_srand (double) microtime () * 1000000 ); switch ($ type) {case 0: $ charlist = '012'; break; case 1: $ charlist = '000000'; break; case 2: $ charlist = 'abcdefghijklmnopqrstuvwxy '; break; case 3: $ charlist = '0123456789abcdefghijklmnopq Rstuvwxyz '; break; case 4: $ charlist = 'abcdefghijklmnopqrstuvwxy'; break; case 5: $ charlist = 'authorization'; break; case 6: $ charlist = 'authorization '; break; case 7: $ charlist = '0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz '; break; case 8: // use Chinese global $ Ccharlist; if (! $ Ccharlist) $ Ccharlist = file_get_contents ("lib/disturbTxt. lib "); break;} $ str =''; if ($ type = 8) {$ max = strlen ($ Ccharlist)/3-1; for ($ I = 0; $ I <$ len; $ I ++) $ str. = substr ($ Ccharlist, mt_rand (0, $ max) * 3, 3);} else {$ max = strlen ($ charlist)-1; for ($ I = 0; $ I <$ len; $ I ++) $ str. = $ charlist [mt_rand (0, $ max)];} return $ str ;}

Verification code

// After the verification code is confirmed correct, perform the following operations $ freq = 60; // define the flood attack frequency // check whether the database is saved $ tmp = db :: r ("select * from c_iphistory where ip = '$ IP'"); if (! $ Tmp) {$ s = array ('IP' => $ ip, 'num' => 1, 'lastdateline '=> TS,); db :: I ("insert into c_iphistory set ". sqlcol ($ s);} else {// update flood attack records $ timeout = TS-$ tmp ['lastdateline ']; if ($ timeout> $ freq) {// The existing record that is sent before the value of 1 is exceeded -- $ num = $ tmp ['num']-1; if ($ num <0) $ num = 0; $ s = array ('num' => $ num, 'lastdateline '=> TS,); db: q ("update c_iphistory set ". sqlcol ($ s ). "where id = '$ tmp [id]'");} else {$ num = $ tmp ['num'] + 1; $ s = array ('num' => $ num, 'lastdateline '=> TS,); db: q ("update c_iphistory set ". sqlcol ($ s ). "where id = '$ tmp [id]'");}

For reference. TS is time (). We can understand the other parts.

Reply to discussion (solution)

This post was last edited by PhpNewnew at 14:31:09 on

I have not verified the code for the time being, but I have not carefully read the ideas and the spirit of sharing them. I should first praise them...

Thanks for sharing. Added to favorites.

Good idea. I learned ..

I just got started with PHP and I don't know much about the code. My question is: how much pressure will it put on the server to use the database like this?

Good idea, and Baidu and Sina Weibo are doing this now.

However, you cannot record this value in mysql. Otherwise, the database check and write operations will be sufficient.
You can use the hash table in the memory database to store this value. The hash key can use session_id.

It feels a little big. Is it stored in arrays?

Good idea, and Baidu and Sina Weibo are doing this now.

However, you cannot record this value in mysql. Otherwise, the database check and write operations will be sufficient.
You can use the hash table in the memory database to store this value. The hash key can use session_id.

What is n memory database ?? Is it stored in memory ??

Good idea .~!

The idea is good. it's not that easy to add it to favorites. A good idea. thank you.

This reminds me of the verification codes posted.