知码网伴您成长
分类: IT业界
2013-07-14 14:39:33
如今你要申请一个QQ号,需要输入很复杂的:验证码由若干个汉字组成,还加上了花里胡哨的背景,使得有些汉字实在难以辨认。腾讯这么做,是为了防止有人利用软件批量获取QQ号码----每次提交都要输入随机生成的验证码,这是软件难以做到的。
最初的验证码,只是几个随机生成的数字。但是道高一尺魔高一丈,很快就有能识别数字的软件了,“收藏家”们利用这种软件批量获取帐号,或是探测密码,因为软件可以不知疲倦地不断submit。于是,出现了图片形式的验证码,还要加上无规则的背景,既然人眼都难以分辨,想来软件分辨起来就有一定的难度。但是腾讯开始采用汉字图片做验证码,是不是意味着破解验证码的技术又有了新进展,带背景的数字或字母图片形式的验证码,也可以被软件分辨了?
且不管那么多,我们来谈谈ASP生成验证码的办法吧。
还是从最简单的例子说起,来了解一下验证码的基本思路。
第一个例子,在显示表单的同时,生成一个4位的随机数做为验证码,利用session传递该验证码,在数据处理页面,比对用户输入的验证码与session中的值是否一致。顺便说一句,我曾见过有糊涂的仁兄利用hidden类型的input控件传递验证码,孰不知,通过查看页面源代码,该数据是暴露无遗的。还有password型的input中的数据也一样。
<%
‘**********************************
‘* NAME:post.asp *
‘* CODE:netops() *
‘* USE:验证码示例一:数字型 *
‘* TIME:2005.7 *
‘**********************************
Response.Buffer = true
Dim CheckCode
Response.Write "
"
‘==============验证码验证开始===========
dim sessionCode
sessionCode = session("chkCode")
session("chkCode") = ""
CheckCode = trim(Request.Form("chkcode"))
if CheckCode = "" then
msg = msg + "
if founderr = true then
call message("500")
if callform = true then call myform()
else
msg = "
Response.Write " "
REM 子过程,定义表单
Sub myform()
Response.Write "
Rem 子函数,生成验证码(四位随机数)
function getChkCode()
dim ranNum
randomize
ranNum=int(9000*rnd)+1000
session("chkCode") = ranNum
getChkCode = ranNum
end function
Rem 提示信息
sub message(w)
Response.Write "
| 提示信息 |
| "&msg&" |
以上代码展示生成验证码的一般思路,生成一个四位随机数作为验证码,这是最简单,同时也是最不安全的一种方法。
或许你想到了,可以以每位数字对应一张图片,生成图片型的验证码,就象图片型计数器那样处理。这并不是一个好想法,它跟数值型的验证码没有本质上的区别,并不能提高安全性。
下面,介绍如何生成图片型的验证码。
首先,可以通过ASP生成xbm型的验证码,这的的确确是一张xbm格式的图片,而且,你可以任意设置图片的大小。为了简单起见,我们仍以数字为例。
可以把生成验证码的代码独立出来,命名为checkcode.asp:
<%
‘**********************************************
‘* NAME:checkcode.asp *
‘* CODE:netops() *
‘* USE:生成xbm格式的验证码 *
‘* TIME:2005.7 *
‘**********************************************
on error resume next
dim i
dim countdata
countdata="1234567890"
dim rou,chkcode,chklen
chkcode=""
chklen = 4
randomize
for i=1 to 4
rou = int(rnd*10)
chkcode = chkcode + cstr(rou)
next
dim strDigits
strDigits = Array(_
"0","0x3c","0x66","0x66","0x66","0x66","0x66","0x66","0x66","0x66","0x3c",_
"1","0x30","0x38","0x30","0x30","0x30","0x30","0x30","0x30","0x30","0x30",_
"2","0x3c","0x66","0x60","0x60","0x30","0x18","0x0c","0x06","0x06","0x7e",_
"3","0x3c","0x66","0x60","0x60","0x38","0x60","0x60","0x60","0x66","0x3c",_
"4","0x30","0x30","0x38","0x38","0x34","0x34","0x32","0x7e","0x30","0x78",_
"5","0x7e","0x06","0x06","0x06","0x3e","0x60","0x60","0x60","0x66","0x3c",_
"6","0x38","0x0c","0x06","0x06","0x3e","0x66","0x66","0x66","0x66","0x3c",_
"7","0x7e","0x66","0x60","0x60","0x30","0x30","0x18","0x18","0x0c","0x0c",_
"8","0x3c","0x66","0x66","0x66","0x3c","0x66","0x66","0x66","0x66","0x3c",_
"9","0x3c","0x66","0x66","0x66","0x66","0x7c","0x60","0x60","0x30","0x1c")
dim iCharWidth,iCharHeight,theBit,theNum,iRow,k,theOffset
dim imageStr
imageStr = ""
iCharWidth = 8
iCharHeight= 10*1
Response.ContentType ="image/x-xbitmap"
Response.Expires =0
Response.Write "#define counter_width "&iCharWidth*chklen&chr(13) & chr(10)
Response.Write "#define counter_height "&iCharHeight&chr(13) & chr(10)
Response.Write "static unsigned char counter_bits[]={"
for iRow=0 to iCharHeight-1
for i=1 to chklen
theBit=mid(chkcode,i,1)
k=0
do while k
k=k+iCharHeight+1
loop
if k>=ubound(strDigits) then k=0
theOffset = k + 1
imageStr = imageStr + (strDigits(theOffset+iRow))&","
next
next
imageStr = left(imageStr,(len(imageStr)-1))
Response.Write imageStr
Response.Write "};"
session("chkCode") = chkcode
%>
在post.asp中,定义表单时,相应的代码改为:
REM 子过程,定义表单
Sub myform()
Response.Write "
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSecurity]
"BlockXBM"=dword:00000000
