sileya-ai
/
vr-shopxo-source
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

验证码优化、防止暴力破解

feat/task1-c-wallet
devil 2020-06-03 13:38:13 +08:00
parent d9f8398a7a
commit 49e1db1c7b
18 changed files with 114 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
application/admin/controller/Email.php
View File

@ -90,7 +90,7 @@ class Email extends Common
// 验证码公共基础参数
$verify_param = array(
'expire_time' => MyC('common_verify_expire_time'),
'time_interval' => MyC('common_verify_time_interval'),
'interval_time' => MyC('common_verify_interval_time'),
);
$obj = new \base\Email($verify_param);

2
application/admin/controller/Site.php
View File

@ -150,7 +150,7 @@ class Site extends Common
break;
// 图片验证码
case 'imagesverify' :
case 'verify' :
$field_list[] = 'common_images_verify_rules';
break;

4
application/admin/view/default/site/nav.html
View File

@ -20,8 +20,8 @@
<li {{if $nav_type eq 'attachment'}}class="am-active"{{/if}} data-type="attachment">
<a href="{{:MyUrl('admin/site/index', ['nav_type'=>'attachment'])}}">附件</a>
</li>
<li {{if $nav_type eq 'imagesverify'}}class="am-active"{{/if}} data-type="imagesverify">
<a href="{{:MyUrl('admin/site/index', ['nav_type'=>'imagesverify'])}}">图片验证码</a>
<li {{if $nav_type eq 'verify'}}class="am-active"{{/if}} data-type="verify">
<a href="{{:MyUrl('admin/site/index', ['nav_type'=>'verify'])}}">验证码</a>
</li>
<li {{if $nav_type eq 'orderaftersale'}}class="am-active"{{/if}} data-type="orderaftersale">
<a href="{{:MyUrl('admin/site/index', ['nav_type'=>'orderaftersale'])}}">订单售后</a>

6
application/admin/view/default/site/imagesverify.html → application/admin/view/default/site/verify.html
View File

@ -8,14 +8,14 @@
<!-- table nav end -->
<!-- form start -->
<form class="am-form form-validation view-save" action="{{:MyUrl('admin/site/save')}}" method="POST" request-type="ajax-url" request-value="{{:MyUrl('admin/site/index', ['nav_type'=>'imagesverify'])}}" enctype="multipart/form-data">
<form class="am-form form-validation view-save" action="{{:MyUrl('admin/site/save')}}" method="POST" request-type="ajax-url" request-value="{{:MyUrl('admin/site/index', ['nav_type'=>'verify'])}}" enctype="multipart/form-data">
<div class="am-form-group">
<label>{{$data.common_verify_expire_time.name}}<span class="am-form-group-label-tips">{{$data.common_verify_expire_time.describe}}</span></label>
<input type="number" name="{{$data.common_verify_expire_time.only_tag}}" placeholder="{{$data.common_verify_expire_time.name}}" data-validation-message="{{$data.common_verify_expire_time.error_tips}}" class="am-radius" {{if !empty($data)}}value="{{$data.common_verify_expire_time.value}}"{{/if}} required />
</div>
<div class="am-form-group">
<label>{{$data.common_verify_time_interval.name}}<span class="am-form-group-label-tips">{{$data.common_verify_time_interval.describe}}</span></label>
<input type="number" name="{{$data.common_verify_time_interval.only_tag}}" placeholder="{{$data.common_verify_time_interval.name}}" data-validation-message="{{$data.common_verify_time_interval.error_tips}}" class="am-radius" {{if !empty($data)}}value="{{$data.common_verify_time_interval.value}}"{{/if}} required />
<label>{{$data.common_verify_interval_time.name}}<span class="am-form-group-label-tips">{{$data.common_verify_interval_time.describe}}</span></label>
<input type="number" name="{{$data.common_verify_interval_time.only_tag}}" placeholder="{{$data.common_verify_interval_time.name}}" data-validation-message="{{$data.common_verify_interval_time.error_tips}}" class="am-radius" {{if !empty($data)}}value="{{$data.common_verify_interval_time.value}}"{{/if}} required />
</div>
<div class="am-form-group">
<label>{{$data.home_img_verify_state.name}}<span class="am-form-group-label-tips">{{$data.home_img_verify_state.describe}}</span></label>

44
application/common.php
View File

@ -11,6 +11,50 @@
// 应用公共文件
/**
* 缓存安全验证次数处理
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2020-06-03
* @desc description
* @param [string] $key [缓存 key]
* @param [int] $type [操作类型0清除, 1验证)]
* @param [int] $expire_time [过期时间默认30秒+30秒)]
*/
function SecurityPreventViolence($key, $type = 1, $expire_time = 30)
{
// 安全缓存 key
$mkey = md5($key.'_security_prevent_violence');
// 清除缓存返
if($type == 0)
{
cache($mkey, null);
return true;
}
// 验证并增加次数
$count = intval(cache($mkey))+1;
$max = config('shopxo.security_prevent_violence_max');
$status = false;
if($count <= $max)
{
cache($mkey, $count, $expire_time+30);
$status = true;
}
// 验证达到次数限制则清除验证信息
if($count > $max)
{
cache($key, null);
cache($mkey, null);
}
return $status;
}
/**
* 模块动态表格加载方法
* @author Devil

2
application/index/view/default/safety/email_info.html
View File

@ -36,7 +36,7 @@
<div class="am-input-group am-input-group-sm am-form-group">
<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
<span class="am-input-group-btn">
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
</span>
</div>
<div class="am-form-group am-form-group-refreshing">

2
application/index/view/default/safety/mobile_info.html
View File

@ -36,7 +36,7 @@
<div class="am-input-group am-input-group-sm am-form-group">
<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
<span class="am-input-group-btn">
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
</span>
</div>
<div class="am-form-group am-form-group-refreshing">

2
application/index/view/default/safety/new_email_info.html
View File

@ -36,7 +36,7 @@
<div class="am-input-group am-input-group-sm am-form-group">
<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
<span class="am-input-group-btn">
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
</span>
</div>
<div class="am-form-group am-form-group-refreshing">

2
application/index/view/default/safety/new_mobile_info.html
View File

@ -36,7 +36,7 @@
<div class="am-input-group am-input-group-sm am-form-group">
<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
<span class="am-input-group-btn">
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
</span>
</div>
<div class="am-form-group am-form-group-refreshing">

2
application/index/view/default/user/forget_pwd_info.html
View File

@ -41,7 +41,7 @@
<div class="am-input-group am-input-group-sm">
<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
<span class="am-input-group-btn">
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/forgetpwdverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}" data-form-tag="form.form-validation">获取验证码</button>
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/forgetpwdverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}" data-form-tag="form.form-validation">获取验证码</button>
</span>
</div>
</div>

4
application/index/view/default/user/reg_info.html
View File

@ -132,7 +132,7 @@
<div class="am-input-group am-input-group-sm">
<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
<span class="am-input-group-btn">
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}" data-form-tag="form.form-validation-sms">获取验证码</button>
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}" data-form-tag="form.form-validation-sms">获取验证码</button>
</span>
</div>
</div>
@ -178,7 +178,7 @@
<div class="am-input-group am-input-group-sm">
<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
<span class="am-input-group-btn">
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}" data-form-tag="form.form-validation-email">获取验证码</button>
<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}" data-form-tag="form.form-validation-email">获取验证码</button>
</span>
</div>
</div>

10
application/module/FormHandle.php
View File

@ -38,8 +38,12 @@ class FormHandle
$p = [];
if(!empty($data['form']))
{
foreach($data['form'] as $k=>$v)
foreach($data['form'] as $k=>&$v)
{
// 基础数据处理
// 条件处理
if(isset($v['search_config']) && !empty($v['search_config']['form_type']) && !empty($v['search_config']['form_name']))
{
$key = 'fp'.$k;
@ -136,8 +140,8 @@ class FormHandle
}
}
return [
'where' => $w,
'params' => $p,
'where' => $w,
'params' => $p,
];
}
}

6
application/service/SafetyService.php
View File

@ -125,7 +125,7 @@ class SafetyService
return $ret;
}
return DataReturn('修改成功');
return DataReturn('修改成功', 0);
}
return DataReturn('修改失败', -100);
}
@ -231,7 +231,7 @@ class SafetyService
$img_verify_params = array(
'key_prefix' => 'safety',
'expire_time' => MyC('common_verify_expire_time'),
'time_interval' => MyC('common_verify_time_interval'),
'interval_time' => MyC('common_verify_interval_time'),
);
// 是否开启图片验证码
@ -245,7 +245,7 @@ class SafetyService
$verify_params = array(
'key_prefix' => md5('safety_'.$accounts),
'expire_time' => MyC('common_verify_expire_time'),
'time_interval' => MyC('common_verify_time_interval'),
'interval_time' => MyC('common_verify_interval_time'),
);
$code = GetNumberCode(4);
if($params['type'] == 'sms')

15
application/service/UserService.php
View File

@ -1405,7 +1405,7 @@ class UserService
$verify_params = [
'key_prefix' => 'reg',
'expire_time' => MyC('common_verify_expire_time'),
'time_interval' => MyC('common_verify_time_interval'),
'interval_time' => MyC('common_verify_interval_time'),
];
// 是否开启图片验证码
@ -1487,7 +1487,7 @@ class UserService
$verify_params = [
'key_prefix' => 'forget',
'expire_time' => MyC('common_verify_expire_time'),
'time_interval' => MyC('common_verify_time_interval'),
'interval_time' => MyC('common_verify_interval_time'),
];
// 是否开启图片验证码
@ -1625,7 +1625,7 @@ class UserService
$verify_params = [
'key_prefix' => 'forget_'.md5($params['accounts']),
'expire_time' => MyC('common_verify_expire_time'),
'time_interval' => MyC('common_verify_time_interval'),
'interval_time' => MyC('common_verify_interval_time'),
];
switch($ret['data'])
{
@ -1664,10 +1664,13 @@ class UserService
// 密码修改
$ret = SafetyService::UserLoginPwdUpdate($params['accounts'], $user['id'], $params['pwd']);
if($ret['code'] != 0)
if($ret['code'] == 0)
{
// 清除验证码
$obj->Remove();
if(isset($obj) && is_object($obj))
{
$obj->Remove();
}
return DataReturn('操作成功', 0);
}
return $ret;
@ -2179,7 +2182,7 @@ class UserService
$verify_params = [
'key_prefix' => 'bind_'.md5($params['mobile']),
'expire_time' => MyC('common_verify_expire_time'),
'time_interval' => MyC('common_verify_time_interval'),
'interval_time' => MyC('common_verify_interval_time'),
];
// 发送验证码

3
config/shopxo.php
View File

@ -90,5 +90,8 @@ return [
// 价格符号
'price_symbol' => '¥',
// 验证码最大验证次数,防止暴力破解
'security_prevent_violence_max' => 6,
];
?>

12
config/shopxo.sql
View File

File diff suppressed because one or more lines are too long

20
extend/base/Email.php
View File

@ -212,15 +212,20 @@ class Email
*/
public function CheckCorrect($code = '')
{
$data = cache($this->key_code);
if(!empty($data))
{
if(empty($code) && isset($_POST['code']))
// 安全验证
if(SecurityPreventViolence($this->key_code, 1, $this->expire_time))
{
// 验证是否正确
$data = cache($this->key_code);
if(!empty($data))
{
$code = trim($_POST['code']);
if(empty($code) && isset($_POST['code']))
{
$code = trim($_POST['code']);
}
return ($data['code'] == $code);
}
return ($data['code'] == $code);
}
}
return false;
}
@ -235,6 +240,7 @@ class Email
public function Remove()
{
cache($this->key_code, null);
SecurityPreventViolence($this->key_code, 0);
}
/**

24
extend/base/Sms.php
View File

@ -248,15 +248,20 @@ class Sms
*/
public function CheckCorrect($code = '')
{
$data = cache($this->key_code);
if(!empty($data))
{
if(empty($code) && isset($_POST['code']))
{
$code = trim($_POST['code']);
}
return ($data['code'] == $code);
}
// 安全验证
if(SecurityPreventViolence($this->key_code, 1, $this->expire_time))
{
// 验证是否正确
$data = cache($this->key_code);
if(!empty($data))
{
if(empty($code) && isset($_POST['code']))
{
$code = trim($_POST['code']);
}
return ($data['code'] == $code);
}
}
return false;
}
@ -271,6 +276,7 @@ class Sms
public function Remove()
{
cache($this->key_code, null);
SecurityPreventViolence($this->key_code, 0);
}
/**