How to use PHP to implement the verification code function of CMS system

How to use PHP to implement the verification code function of the CMS system

With the development of the website and the increase in user interaction, in order to ensure the security of the website, it is often necessary to perform operations such as user registration, login and form submission. Add verification code function. This article will introduce how to use PHP to implement the verification code function of the CMS system to protect the website from robots and malicious attacks.

1. Generate verification code

First, we need to generate a verification code image. PHP provides a GD library that can be used to generate pictures and draw text, interference lines and other effects on the pictures. The following is a code example for generating a verification code:

<?php
session_start();

// 随机生成4位验证码
$code = '';
for ($i = 0; $i < 4; $i++) {
    $code .= rand(0, 9);
}

// 将验证码保存到SESSION中，用于验证
$_SESSION['captcha'] = $code;

header('Content-type: image/png');

// 创建一个空白图片，并设置宽高和背景色
$image = imagecreatetruecolor(120, 30);
$bgColor = imagecolorallocate($image, 255, 255, 255);
imagefill($image, 0, 0, $bgColor);

// 随机生成干扰线
for ($i = 0; $i < 6; $i++) {
    $lineColor = imagecolorallocate($image, rand(0, 255), rand(0, 255), rand(0, 255));
    imageline($image, rand(0, 120), rand(0, 30), rand(0, 120), rand(0, 30), $lineColor);
}

// 在图片上绘制验证码
$textColor = imagecolorallocate($image, 0, 0, 0);
imagestring($image, 5, 40, 8, $code, $textColor);

// 输出验证码图片
imagepng($image);
imagedestroy($image);

In the above code, we use the imagecreatetruecolor() function to create a blank image of a specified size, and use imagefill()Function fills the background color. Then, use the imageline() function to generate 6 random interference lines. Finally, use the imagestring() function to draw the verification code on the image. Finally, use the imagepng() function to output the verification code image.

2. Verification code verification

Where the verification code needs to be verified, we need to compare whether the verification code entered by the user is consistent with the verification code saved in SESSION. The following is a code example for verification code verification:

<?php
session_start();

$captcha = $_SESSION['captcha'];
$userInput = $_POST['captcha'];

if ($captcha == $userInput) {
    // 验证码正确，执行相应操作
} else {
    // 验证码错误
}

The above code takes out the verification code from SESSION and compares it with the verification code entered by the user. If they are consistent, it means that the verification code is correct and the corresponding operation can be performed; if they are inconsistent, it means that the verification code is wrong and an error message can be prompted to the user.

3. Apply the verification code function in the CMS system

For the CMS system, we usually need to apply the verification code function in user login, user registration, comment submission and other operations. The following is a simple sample code:

<?php
session_start();

if (isset($_POST['submit'])) {
    $captcha = $_SESSION['captcha'];
    $userInput = $_POST['captcha'];

    if ($captcha == $userInput) {
        // 验证码正确，执行相应操作
        
        // 示例：用户登录验证
        $username = $_POST['username'];
        $password = $_POST['password'];

        // 验证用户名和密码，如果正确则登录
        if ($username == 'admin' && $password == '123456') {
            // 用户名和密码正确，登录成功
            $_SESSION['username'] = $username;
            echo '登录成功';
        } else {
            // 用户名或密码错误，登录失败
            echo '用户名或密码错误';
        }
    } else {
        // 验证码错误
        echo '验证码错误';
    }
}
?>

<form method="post" action="">
    <input type="text" name="username" placeholder="用户名"><br>
    <input type="password" name="password" placeholder="密码"><br>
    <input type="text" name="captcha" placeholder="验证码"><br>
    <img src="/static/imghwm/default1.png"  data-src="captcha.php"  class="lazy" alt="验证码"><br>
    <input type="submit" name="submit" value="登录">
</form>

In the above code, after the user submits the login form, the verification code entered by the user will be obtained and compared with the verification code saved in SESSION. If they are consistent, it means that the verification code is correct, and user login verification can be performed; if they are inconsistent, it means that the verification code is incorrect, and a message that the verification code is incorrect will be prompted to the user.

Summary

Through the above steps, we successfully implemented the verification code function in the CMS system. The addition of verification codes can effectively prevent robots and malicious attacks and protect the security of the website. At the same time, the verification code generation and verification process can be modified and optimized according to actual needs to meet different needs. Hope this article can be helpful to you.

The above is the detailed content of How to use PHP to implement the verification code function of CMS system. For more information, please follow other related articles on the PHP Chinese website!