
平台论坛博客文库

› 论坛 › 程序设计 › PHP › 一个登陆验证码的问题

一个登陆验证码的问题 [复制链接]

hekey

白手起家

论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-05-11 22:10 |只看该作者 |倒序浏览

有必要先说下目录结构。网站是放在虚拟主机上的。登陆页面在../admincp/login.php,验证码在../inc/rndcode.php
login.php代码如下：

<?php
require(dirname(__FILE__)."/../inc/config_inc.php");
require(dirname(__FILE__)."/../inc/config_mysql.php");
require(dirname(__FILE__)."/../inc/config_function.php");
$conn = new MysqlConn();
$conn->createcon();
$web_config = $conn->fetch_array("SELECT * FROM `site_config`");
$dopost = $_REQUEST['dopost'];
$username = addslashes($_REQUEST['username']);
$password = substr(md5($_REQUEST['password']),0,23);
$date = date('Y-m-d H:i:s');
$ip = GetIp();
$code = $_POST['code'];
if(empty($dopost)) $dopost="";
if ($dopost == "login") {
if ($code!==$_SESSION['ecode']||$code=="") {
ShowMsg("验证码不正确","login.php");
exit;
}
$row = $conn->fetch_array("select * from `admin` where `username`='$username'");
if (!$row[0] == "") {
$row2 = $conn->fetch_array("select * from `admin` where `password`='$password'");
if (!$row2[0] == "") {
if ($row2['estate']=="0") {
showmsg("你的账户已经被锁定，请与管理员联系",-1);
exit;
}
$_SESSION['username'] = $username;
$_SESSION['time'] = time();
$count = $row2['count']+1;
$uplog = $conn->query("insert into `log`(`username`,`logintime`,`ip`) values('$username','$date','$ip')") or die(mysql_error());
$upuser = $conn->query("update `admin` set `count`='$count',`ip`='$ip',`lasttime`='$date' where `username`='$username'")or die(mysql_error());
showmsg("欢迎".$username."进入后台","index.php");
exit;
}
else{
showmsg("密码错误！",-1);
exit;
}
}
else{
showmsg("用户名错误！",-1);
exit;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title><?php echo $web_config['webname'].'系统管理登陆';?></title>
<link type="text/css" href="../css/style.css" rel="stylesheet" />
<style type="text/css">
<!--
body {
background-color: #F1F2F4;
}
-->
</style></head>
<body>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="18" height="16" align="right" valign="bottom"><img src="images/left_top.gif" width="18" height="16" /></td>
<td align="center" valign="bottom" background="images/row_top.gif"></td>
<td width="14" align="left" valign="bottom"><img src="images/right_top.gif" width="14" height="16" /></td>
</tr>
<tr>
<td align="right" background="images/left_bg.gif"> </td>
<td align="center" valign="middle" background="images/main_bg.gif"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="lrd">
<tr>
<td height="22" align="center" background="images/admin_tablebar.gif" class="def_text">[ +  管理员登陆 + ]</td>
</tr>
<tr>
<td align="center" bgcolor="#CCCCCC"><table width="100%" border="0" cellspacing="1" cellpadding="0">
<form action="" method="post">
<input type="hidden" name="dopost" value="login">
<tr bgcolor="#F1F2F4">
<td width="20%" height="25" align="center" class="def_text">管理员用户</td>
<td height="25" align="center"><input name="username" type="text" class="input" id="username" size="50" /></td>
</tr>
<tr bgcolor="#F1F2F4">
<td width="20%" height="25" align="center" class="def_text">管理员密码</td>
<td height="12" align="center"><input name="password" type="password" class="input" id="password" size="50" /></td>
</tr>
<tr bgcolor="#F1F2F4">
<td height="12" align="center" class="def_text">验  证  码</td>
<td height="12" align="center"><table width="75%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="11%"><div align="left">
<input name="code" type="text" class="input" id="code" size="4" maxlength="4" />
</div></td>
<td width="15%"> </td>
<td width="74%"><div align="left"><img src="../inc/rndcode.php" /></div></td>
</tr>
</table></td>
</tr>
<tr bgcolor="#F1F2F4">
<td height="30" colspan="2" align="center" bgcolor="#F1F2F4"><input name="goto" type="hidden" id="goto" value="<?php echo $backurl;?>" />
<input name="submit_login" type="submit" class="input" id="submit_login" value=" 管理员登陆 " />
<input name="loginyes" type="hidden" id="loginyes" value="1" /></td>
</tr>
</form>
</table></td>
</tr>
</table></td>
<td align="left" background="images/right_bg.gif"> </td>
</tr>
<tr>
<td align="right" valign="top"><img src="images/left_down.gif" width="18" height="18" /></td>
<td align="center" valign="top" background="images/row_down.gif"> </td>
<td align="left" valign="top"><img src="images/right_down.gif" width="14" height="18" /></td>
</tr>
</table>
<br />
<table width="500" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="25" align="center" class="def_text"><?php echo $web_config['copyright']?></td>
</tr>
</table>
</body>
</html>

复制代码

rndcode.php代码如下：

<?
//生成新的四位整数验证码
session_start();//开始会话
$authnum = '';
$str = 'abcdefghijkmnpqrstuvwxyz1234567890';
$l = strlen($str);
for($i=1;$i<=4;$i++)
{
$num=rand(0,$l);
$authnum.= $str[$num];
}
//生成SESSION变量
$_SESSION['ecode']=$authnum;
//生成验证码图片
Header("Content-type: image/PNG");
srand((double)microtime()*1000000);
$im = imagecreate(50,20);
$black = ImageColorAllocate($im, 243,243,243);
$white = ImageColorAllocate($im, 0,0,0);
$gray = ImageColorAllocate($im, 200,200,200);
imagefill($im,68,30,$gray);
//将四位整数验证码绘入图片
imagestring($im, 5, 6, 3, $authnum, $white);
for($i=0;$i<90;$i++) //加入干扰象素
{
imagesetpixel($im, rand()%70 , rand()%30 , $gray);
}
ImagePNG($im);
ImageDestroy($im);
?>

复制代码

用GB或者遨游下运行login.php能顺利登陆。在IE下就不能登陆，提示验证码错误。后经过测试发现在IE下不能获取到$_SESSION['ecode']的值。这个是什么原因。把rndcode.php移动到admincp目录下就好了。

文库|博客

返回列表

Chinaunix › 论坛 › 程序设计 › PHP › 一个登陆验证码的问题