前面已经写过前端添加腾讯验证码验证的教程了,拦住一些小白算是够了,但对于稍微熟练一点的互联网网虫来说还不够,我们还需要对前端提交过来的验证码数据进行验证,确认后才能进行业务逻辑。下面是wordpress系统中对腾讯验证码的验证方法,对PHP网站也是一样适用。
腾讯api访问管理地址:https://console.cloud.tencent.com/cam/capi
将如下代码添加到functions.php文件中,注意替换你的腾讯相关数据,否则请求将不会成功。
复制
//https://www.daimadog.org/7140.html
//腾讯验证码后端验证
function hui_ip(){
if(!empty($_SERVER["HTTP_CLIENT_IP"])){
return $_SERVER["HTTP_CLIENT_IP"];
} elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])){
return $_SERVER["HTTP_X_FORWARDED_FOR"];
} elseif (!empty($_SERVER["REMOTE_ADDR"])){
return $_SERVER["REMOTE_ADDR"];
}
return "none";
}
function hui_v_captcha($Ticket, $Randstr){
$CaptchaAppId = '验证码应用appid';
$AppSecretKey = '验证码应用key';
$secretId = '腾讯api管理平台ID';
$secretKey = '腾讯api管理平台key';
if( !$CaptchaAppId || !$AppSecretKey || !$secretId || !$secretKey || !$Ticket || !$Randstr ){
return false;
}
$CaptchaAppId = (int) $CaptchaAppId;
$host = "captcha.tencentcloudapi.com";
$service = "captcha";
$version = "2019-07-22";
$action = "DescribeCaptchaResult";
$timestamp = time();
$payload = array(
'CaptchaType' => 9,
'Ticket' => $Ticket,
'Randstr' => $Randstr,
'UserIp' => hui_ip(),
'CaptchaAppId' => $CaptchaAppId,
'AppSecretKey' => $AppSecretKey,
);
$algorithm = "TC3-HMAC-SHA256";
// step 1: build canonical request string
$httpRequestMethod = "POST";
$canonicalUri = "/";
$canonicalQueryString = "";
$canonicalHeaders = "content-type:application/json\n"."host:".$host."\n";
$signedHeaders = "content-type;host";
$hashedRequestPayload = hash("SHA256", json_encode($payload));
$canonicalRequest = $httpRequestMethod."\n"
.$canonicalUri."\n"
.$canonicalQueryString."\n"
.$canonicalHeaders."\n"
.$signedHeaders."\n"
.$hashedRequestPayload;
// echo $canonicalRequest.PHP_EOL;
// step 2: build string to sign
$date = gmdate("Y-m-d", $timestamp);
$credentialScope = $date."/".$service."/tc3_request";
$hashedCanonicalRequest = hash("SHA256", $canonicalRequest);
$stringToSign = $algorithm."\n"
.$timestamp."\n"
.$credentialScope."\n"
.$hashedCanonicalRequest;
// echo $stringToSign.PHP_EOL;
// step 3: sign string
$secretDate = hash_hmac("SHA256", $date, "TC3".$secretKey, true);
$secretService = hash_hmac("SHA256", $service, $secretDate, true);
$secretSigning = hash_hmac("SHA256", "tc3_request", $secretService, true);
$signature = hash_hmac("SHA256", $stringToSign, $secretSigning);
// echo $signature.PHP_EOL;
// step 4: build authorization
$authorization = $algorithm
." Credential=".$secretId."/".$credentialScope
.", SignedHeaders=content-type;host, Signature=".$signature;
// echo $authorization.PHP_EOL;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://'.$host);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $httpRequestMethod);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: '.$authorization,
'Content-Type: application/json',
'Host: '.$host,
'X-TC-Action: '.$action,
'X-TC-Version: '.$version,
'X-TC-Timestamp: '.$timestamp,
));
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
$output = curl_exec($ch);
curl_close($ch);
$output = json_decode($output);
// print_r($output);
// https://cloud.tencent.com/document/product/1110/36926#3.-.E8.BE.93.E5.87.BA.E5.8F.82.E6.95.B0
if( isset($output->Response) && isset($output->Response->CaptchaCode) && $output->Response->CaptchaCode == 1 ){
return true;
}
return false;
}将如下代码放到你的登录或者注册验证接口适当位置即可实现后台对前端提交的验证码验证效果。
复制
if(isset($_POST['ticket']) && isset($_POST['randstr']) && !hui_v_captcha($_POST['ticket'], $_POST['randstr']) ){
print_r(json_encode(array('error'=>110, 'msg'=>'验证码错误,请重试')));
exit();
}到此后台验证以及结束,但前端对后台提供的数据还需要做出处理,比如验证错误改如何,这些就自己写吧,最简单就是不操作、不提示,反正不正确不动作。当然这样会影响用户的访问心情,说不定就不看你的站了。
评论 (0)