Why can someone else use the verification code? -Php Tutorial

Why can someone else use the verification code? Why can someone else use the verification code? The following is the code for obtaining the verification code. is the verification code too simple? how can we make it more complicated?

/**
* Verification code Image
*/

If (! Defined ('in _ fdyu '))
{
Die ('hacking attempt ');
}

Class captcha
{
/**
* Directory of the background image
*
* @ Var string $ folder
*/

// Var $ folder = ROOT_PATH. 'regiondes/captcha /';

Var $ folder = '';

/**
* Image file type
*
* @ Var string $ img_type
*/
Var $ img_type = 'PNG ';

/*------------------------------------------------------*/
// -- Name in the session
/*------------------------------------------------------*/
Var $ session_word = 'captcha _ word ';

/**
* Background image and background color
*
* 0 => name of the background image file
* 1 => Red, 2 => Green, 3 => Blue
* @ Var array $ themes
*/
Var $ themes_jpg = array (
1 => array('captcha_bg1.jpg ', 255,255,255 ),
2 => array('captcha_bg2.jpg ', 0, 0, 0 ),
3 => array('captcha_bg3.jpg ', 0, 0, 0 ),
4 => array('captcha_bg4.jpg ', 255,255,255 ),
5 => array('captcha_bg5.jpg ', 255,255,255 ),
);

Var $ themes_gif = array (
1 => array('captcha_bg1.gif', 255,255,255 ),
2 => array('captcha_bg2.gif ', 0, 0, 0 ),
3 => array('captcha_bg3.gif ', 0, 0, 0 ),
4 => array('captcha_bg4.gif', 255,255,255 ),
5 => array('captcha_bg5.gif', 255,255,255 ),
);

/**
* Image width
*
* @ Var integer $ width
*/
Var $ width = 38;

/**
* Image height
*
* @ Var integer $ height
*/
Var $ height = 16;

/**
* Constructor
*
* @ Access public
* @ Param
*
* @ Return void
*/
Function _ construct ($ folder = '', $ width = 38, $ height = 16)
{
$ This-> captcha ($ folder, $ width, $ height );
}

/**
* Constructor
*
* @ Access public
* @ Param string $ directory of the folder background image
* @ Param integer $ width: Image width
* @ Param integer $ height image height
* @ Return bool
*/
Function captcha ($ folder = '', $ width = 38, $ height = 16)
{
$ Folder = ROOT_PATH. 'includes/captcha /';

If (! Empty ($ folder ))
{
$ This-> folder = $ folder;
}

$ This-> width = $ width;
$ This-> height = $ height;

/* Check whether GD is supported */
If (PHP_VERSION> = '4. 3 ')
{

Return (function_exists ('imagecreatetruecolor') | function_exists ('imagecreate '));
}
Else
{

Return (imagetypes () & IMG_GIF)> 0) | (imagetypes () & IMG_JPG)> 0 );
}
}




/**
* Check whether the verification code is consistent with the one in the session.
*
* @ Access public
* @ Param string $ word verification code
* @ Return bool
*/
Function check_word ($ word)
{
$ Recorded = isset ($ _ SESSION [$ this-> session_word])? Base64_decode ($ _ SESSION [$ this-> session_word]): '';
$ Given = $ this-> encrypts_word (strtoupper ($ word ));

Return (preg_match ("/$ given/", $ recorded ));
}

/**
* Generate an image and output it to the browser.
*
* @ Access public
* @ Param string $ word verification code
* @ Return mix
*/
Function generate_image ($ word = false)
{
If (! $ Word)
{
$ Word = $ this-> generate_word ();
}

/* Record the verification code to the session */
$ This-> record_word ($ word );

/* Verification code length */
$ Letters = strlen ($ word );

/* Select a random solution */
Mt_srand (double) microtime () * 1000000 );

If (function_exists ('imagecreatefromjpeg ') & (imagetypes () & IMG_JPG)> 0 ))
{
$ Theme = $ this-> themes_jpg [mt_rand (1, count ($ this-> themes_jpg)];
}
Else
{
$ Theme = $ this-> themes_gif [mt_rand (1, count ($ this-> themes_gif)];
}

If (! File_exists ($ this-> folder. $ theme [0])
{
Return false;
}
Else
{
$ Img_bg = (function_exists ('imagecreatefromjpeg ') & (imagetypes () & IMG_JPG)> 0 ))?
Imagecreatefromjpeg ($ this-> folder. $ theme [0]): imagecreatefromgif ($ this-> folder. $ theme [0]);
$ Bg_width = imagesx ($ img_bg );
$ Bg_height = imagesy ($ img_bg );

$ Img_org = (function_exists ('imagecreatetruecolor') & PHP_VERSION> = '4. 3 ')?
Imagecreatetruecolor ($ this-> width, $ this-> height): imagecreate ($ this-> width, $ this-> height );

/* Copy and resize the original background image */
If (function_exists ('imagecopyresampled ') & PHP_VERSION> = '4. 3') // GD 2.x
{
Imagecopyresampled ($ img_org, $ img_bg, 0, 0, 0, $ this-> width, $ this-> height, $ bg_width, $ bg_height );
}
Else // GD 1.x
{
Imagecopyresized ($ img_org, $ img_bg, 0, 0, 0, $ this-> width, $ this-> height, $ bg_width, $ bg_height );
}
Imagedestroy ($ img_bg );

$ Clr = imagecolorallocate ($ img_org, $ theme [1], $ theme [2], $ theme [3]);

/* Draw a border */
// Imagerectangle ($ img_org, 0, 0, $ this-> width-1, $ this-> height-1, $ clr );

/* Obtain the height and width of the verification code */
$ X = ($ this-> width-(imagefontwidth (5) * $ letters)/2;
$ Y = ($ this-> height-imagefontheight (5)/2;
Imagestring ($ img_org, 5, $ x, $ y, $ word, $ clr );

Header ('expires: Thu, 01 Jan 1970 00:00:00 GMT ');

// HTTP/1.1
Header ('cache-Control: private, no-store, no-Cache, must-revalidate ');
Header ('cache-Control: post-check = 0, pre-check = 0, max-age = 0', false );

// HTTP/1.0
Header ('pragma: no-cache ');
If ($ this-> img_type = 'jpeg '& function_exists ('imagecreatefromjpeg '))
{
Header ('content-type: image/jpeg ');
Imageinterlace ($ img_org, 1 );
Imagejpeg ($ img_org, false, 95 );
}
Else
{
Header ('content-type: image/png ');
Imagepng ($ img_org );
}

Imagedestroy ($ img_org );

Return true;
}
}

/*------------------------------------------------------*/
// -- PRIVATE METHODs
/*------------------------------------------------------*/

/**
* Encrypt the string to be recorded
*
* @ Access private
* @ Param string $ original word string
* @ Return string
*/
Function encrypts_word ($ word)
{
Return substr (md5 ($ word), 1, 10 );
}

/**
* Save the verification code to the session.
*
* @ Access private
* @ Param string $ original word string
* @ Return void
*/
Function record_word ($ word)
{
$ _ SESSION [$ this-> session_word] = base64_encode ($ this-> encrypts_word ($ word ));
}

/**
* Generate a random verification code
*
* @ Access private
* @ Param integer $ length verification code length
* @ Return string
*/
Function generate_word ($ length = 4)
{
$ Chars = '1234567890abcdefghjklmnpqrstuvwxyz ';

For ($ I = 0, $ count = strlen ($ chars); $ I <$ count; $ I ++)
{
$ Arr [$ I] = $ chars [$ I];
}

Mt_srand (double) microtime () * 1000000 );
Shuffle ($ arr );

Return substr (implode ('', $ arr), 5, $ length );
}
}

?>

Reply to discussion (solution)

Only the definition of check_word is displayed, but the call of check_word is not displayed.
Session_start is not displayed either.

On the submit page, you can call the following:
Include_once ('Des/cls_captcha.php ');
$ Validator = new captcha ();
If (! $ Validator-> check_word ($ t_captcha ))
{
$ Ajax ['record '] ['all _ tp'] = 9;
Echo json_encode ($ ajax );
Exit;
}

Where is session_start?

It seems no. how can this problem be solved?

Session_start (); this is also available in another file.

Require (ROOT_PATH. 'Des/init. php'); this file is available on every page, in which session_start ();

Where is the verification code you passed in? Why didn't I send it to $ validator?

Js:
Function get_toupiao (tp_id, all_toupiao, hd_id, tp_star_time, tp_end_time)
{
If ($. trim ($ ("input [name = captcha]"). val () = '1 ')
{
If ($. trim ($ ("input [name = t_captcha]"). val () = '')
{
Alert ("The verification code cannot be blank! ");
$ ("Input [name = t_captcha]"). focus ();
Return false;
}
}
Var t_captcha = $. trim ($ ("input [name = t_captcha]"). val ());
Var captcha = $. trim ($ ("input [name = captcha]"). val ());
Var originator = $. trim ($ ("input [name = originator]"). val ());
$. Get ("/show. php? Act = get_toupiao ",{
Tp_id: tp_id,
All_toupiao: all_toupiao,
Hd_id: hd_id,
Tp_star_time: tp_star_time,
Tp_end_time: tp_end_time,
T_captcha: t_captcha,
Captcha: captcha,
Originator: originator,
Async: false,
Rand: Math. random ()
}, Function (data ){
If (data. record. all_tp = "9 ")
{
Alert ("verification code input error ^_^! ");
Return false;
}
/* If (data. record. all_tp = "8 ")
{
Alert ("Please vote effectively. ^_^! ");
Return false;
}
If (data. record. all_tp = "7 ")
{
Alert ("too many people vote at the same time. please try again later ^_^! ");
Return false;
}*/
If (data. record. all_tp = "5 ")
{
Alert ("You have voted today. please try again tomorrow! ");
Return false;
}
If (data. record. all_tp = "6 ")
{
Alert ("You have voted today. please try again tomorrow! ");
Return false;
}
If (data. record. all_tp = "3 ")
{
Alert ("The voting time has passed and cannot be voted ");
Return false;
}
If (data. record. all_tp = "4 ")
{
Alert ("The voting time has not arrived, and you cannot vote ");
Return false;
}
If (data. record. all_tp = "1 ")
{
Alert ("You have already voted for this activity and cannot vote again ");
Return false;
}
If (data. record. all_tp = "2 ")
{
Alert ("You have already voted for this project and cannot vote again ");
Return false;
}
If (data. status. code = "1 ")
{
// Succeeded
$ ("# Tp _" + tp_id + ""). empty ();
$ ("# Tp _" + tp_id + ""). append ("" + data. record. tp_count + "");
$ ("# Captcha _" + tp_id + ""). empty ();
$ ("# Captcha _" + tp_id + ""). append ("" + data. status. captcha + "");
Alert ("vote successful! ");
Return false;
}
}, "Json ");
}

PHP:
Elseif ($ action = 'get _ toupiao ')
{
Global $ fdyu, $ db;
$ Tp_id = intval ($ _ GET ['TP _ id']);
$ Hd_id = intval ($ _ GET ['HD _ id']);
$ All_toupiao = $ _ GET ['all _ toupiao '];
$ Tp_star_time = $ _ GET ['TP _ star_time '];
$ Tp_end_time = $ _ GET ['TP _ end_time '];
$ T_captcha = $ _ GET ['t_ captcha '];
$ Captcha = intval ($ _ GET ['captcha ']);
$ Ip = getClientIP ();
$ Ajax = array ();

// Whether a verification code is required
If ($ captcha = 1)
{
Include_once ('Des/cls_captcha.php ');
$ Validator = new captcha ();
If (! $ Validator-> check_word ($ t_captcha ))
{
$ Ajax ['record '] ['all _ tp'] = 9;
Echo json_encode ($ ajax );
Exit;
}
}

Provides the following inspection methods:
1. Can I use
2. print the entered verification code and session verification code.
3. after the verification is passed, you need to delete the old verification code. Otherwise, you can use this verification code to submit different data without refreshing the new page.

See http://blog.csdn.net/fdipzone/article/details/7295496

When I used to post Yii, I found that csdn had 3rd bugs mentioned above, but they fixed them in the next day.
The verification code anti-fake ticket is a very unreliable thing. if the number of votes involves interests, the user can buy a paid verification code for identification.
In the final analysis, I still need to remove IP addresses.

The IP address is limited, but it is useless. different IP addresses can be used for ticket scalping.

On the 10th floor, I found that it was indeed the third point you mentioned, because I recorded the verification code in the database and found that there were repeated verification codes! How can I delete the old verification code?

If ($ action = 'get _ toupiao ')
{
...... Omitted
If ($ _ SESSION ['code _ 1']! = $ T_captcha)
{
$ Ajax ['record '] ['all _ tp'] = 9;
Echo json_encode ($ ajax );
Exit;
}
..... Omitted
$ Ajax ['status'] ['code'] = 1; // succeeded
Echo json_encode ($ ajax );
Exit;
}

In $ ajax ['status'] ['code'] = 1; // add unset ($ _ SESSION ['code _ 1']) to the success list?

After verification, you can clear the session verification code.
Ensure that the token can only be used once