Home > Article > Backend Development > How to use PHP to implement user login verification code function
With the development of network technology, website security issues have attracted more and more attention. As a website developer, we need to ensure the security of users' account information and personal privacy. Among them, the security of the user login process is also very important. In order to protect the security of user accounts, we need to add a verification code function to the user login page. This article will introduce how to use PHP to implement the user login verification code function.
Verification code is a technology that distinguishes humans and computer programs, which can effectively prevent malicious attackers from using automated programs to launch attacks on websites. Common verification codes come in different forms such as numbers, letters, graphics, etc. Users need to correctly enter the verification code when logging in to verify the user's identity.
In website development, verification codes are usually embedded in the login system to prevent malicious users from obtaining system permissions through brute force cracking and other methods. At the same time, verification codes can also prevent malicious users from using automated programs to attack and brush data.
In PHP, you can use the GD extension library to draw various verification codes, including numbers, letters, graphics, etc. Below we take numerical and alphabetical verification codes as an example to introduce how to make verification codes in PHP.
2.1. Digital verification code generation
Digital verification code is the most basic form of making verification codes, and it is also the most common one. Numeric verification codes can be generated using functions in the GD library. Below is a sample code that generates a random 4-digit verification code.
<?php session_start(); // 开启 session header('Content-type: image/png'); // 设置 Content-type $im = imagecreatetruecolor(80, 40); // 创建一个宽为80,高为40的验证码背景图 $bgColor = imagecolorallocate($im, 255, 255, 255); // 设置背景色为白色 imagefill($im, 0, 0, $bgColor); // 绘制背景 $code = rand(1000, 9999); // 随机生成一个 4 位数的验证码 $_SESSION['code'] = $code; // 把验证码存储在 Session 中,以便在其他页面中使用 $textColor = imagecolorallocate($im, 0, 0, 0); // 设置验证码颜色 imagestring($im, 5, 20, 12, $code, $textColor); // 绘制验证码 imagepng($im); // 输出 PNG 图片 imagedestroy($im); // 释放内存 ?>
Analysis:
2.2. Alphanumeric mixed verification code generation
Numeric verification codes are vulnerable to attacks, so in order to improve security, we can use a mixed alphanumeric verification code form. Likewise, we can draw the alphanumeric captcha using PHP’s GD library. Below is a sample code that generates a random 4-digit alphanumeric verification code.
<?php session_start(); // 开启 session header('Content-type: image/png'); // 设置 Content-type $im = imagecreatetruecolor(100, 40); // 创建一个宽为100,高为40的验证码背景图 $bgColor = imagecolorallocate($im, 255, 255, 255); // 设置背景色为白色 imagefill($im, 0, 0, $bgColor); // 绘制背景 // 字母数字集 $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $len = strlen($chars); $code = ''; for ($i = 0; $i < 4; $i++) { $code .= $chars[rand(0, $len-1)]; } $_SESSION['code'] = $code; // 把验证码存储在 Session 中,以便在其他页面中使用 $textColor = imagecolorallocate($im, 0, 0, 0); // 设置验证码颜色 // 使用随机字体和位置,绘制验证码 for ($i = 0; $i < 4; $i++) { $font = rand(1, 5); // 随机选择字体 $angle = rand(-20, 20); // 随机旋转角度 $x = $i * 20 + rand(0, 10); // 规定较小的x坐标值和x步进值,y的值也可以自定义 $y = rand(20, 30); $fontColor = imagecolorallocate($im, rand(0, 255), rand(0, 255), rand(0, 255)); $char = substr($code, $i, 1); imagettftext($im, 18, $angle, $x, $y, $fontColor, __DIR__.'/font'.$font.'.ttf', $char); } imagepng($im); // 输出 PNG 图片 imagedestroy($im); // 释放内存 ?>
Analysis:
After generating the verification code, you only need to introduce the program to generate the verification code in the user login page. While verifying the user's input of account and password information, it is also necessary to verify whether the verification code entered by the user is correct.
The following is a sample code for a user login page.
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Login</title> </head> <body> <form action="login.php" method="post"> <label for="username">Username:</label> <input type="text" id="username" name="username"><br> <label for="password">Password:</label> <input type="password" id="password" name="password"><br> <label for="code">Code:</label> <input type="text" id="code" name="code"><br> <img src="captcha.php" alt="Captcha"> <button type="submit">Submit</button> </form> </body> </html>
Similar to the ordinary user login page, we added a verification code part while entering the account and password, and introduced the verification code generation program captcha.php. After the user enters the account number, password and verification code, click the submit button, and the system will submit the information entered by the user to login.php for verification.
The following is the code in login.php, which is used to verify whether the account number, password and verification code information entered by the user is correct.
<?php session_start(); $username = $_POST['username']; $password = $_POST['password']; $code = $_POST['code']; // 验证用户输入的验证码是否正确 if (strtolower($code) !== strtolower($_SESSION['code'])) { echo 'Invalid Code.'; exit; } // 验证用户输入的账号和密码是否正确 if ($username === 'admin' && $password === 'admin') { echo 'Login Successfully.'; } else { echo 'Invalid Username or Password.'; } ?>
In login.php, we first verify whether the verification code entered by the user is correct. If the verification code does not match, the user is prompted to enter an invalid verification code and exit the login verification. Otherwise, we verify whether the account and password information entered by the user is correct. If it is correct, the user will be prompted to log in successfully, otherwise it will be prompted that the username or password is invalid.
This article introduces how to use PHP and GD libraries to generate mixed numeric and alphanumeric verification codes, and use verification codes in websites to ensure user login Security of information. Through studying this article, you have learned how to prevent malicious users from using automated programs to attack your website, and protect the account and personal privacy of website users.
The above is the detailed content of How to use PHP to implement user login verification code function. For more information, please follow other related articles on the PHP Chinese website!