验证码优化、防止暴力破解

49e1db1c · devil · d9f8398a · 49e1db1c · 49e1db1c · 49e1db1c
18 changed file
--- a/application/admin/controller/Email.php
+++ b/application/admin/controller/Email.php
@@ -90,7 +90,7 @@ class Email extends Common
 		// 验证码公共基础参数
 		$verify_param = array(
 				'expire_time' => MyC('common_verify_expire_time'),
-				'time_interval'	=>	MyC('common_verify_time_interval'),
+				'interval_time'	=>	MyC('common_verify_interval_time'),
 			);

 		$obj = new \base\Email($verify_param);

--- a/application/admin/controller/Site.php
+++ b/application/admin/controller/Site.php
@@ -150,7 +150,7 @@ class Site extends Common
 				break;

 			// 图片验证码
-			case 'imagesverify' :
+			case 'verify' :
 				$field_list[] = 'common_images_verify_rules';
 				break;


--- a/application/admin/view/default/site/nav.html
+++ b/application/admin/view/default/site/nav.html
@@ -20,8 +20,8 @@
    <li {{if $nav_type eq 'attachment'}}class="am-active"{{/if}} data-type="attachment">
        <a href="{{:MyUrl('admin/site/index', ['nav_type'=>'attachment'])}}">附件</a>
    </li>
-    <li {{if $nav_type eq 'imagesverify'}}class="am-active"{{/if}} data-type="imagesverify">
-        <a href="{{:MyUrl('admin/site/index', ['nav_type'=>'imagesverify'])}}">图片验证码</a>
+    <li {{if $nav_type eq 'verify'}}class="am-active"{{/if}} data-type="verify">
+        <a href="{{:MyUrl('admin/site/index', ['nav_type'=>'verify'])}}">验证码</a>
    </li>
    <li {{if $nav_type eq 'orderaftersale'}}class="am-active"{{/if}} data-type="orderaftersale">
        <a href="{{:MyUrl('admin/site/index', ['nav_type'=>'orderaftersale'])}}">订单售后</a>

--- a/application/admin/view/default/site/imagesverify.html
+++ b/application/admin/view/default/site/imagesverify.html
@@ -8,14 +8,14 @@
        <!-- table nav end -->

        <!-- form start -->
-        <form class="am-form form-validation view-save" action="{{:MyUrl('admin/site/save')}}" method="POST" request-type="ajax-url" request-value="{{:MyUrl('admin/site/index', ['nav_type'=>'imagesverify'])}}" enctype="multipart/form-data">
+        <form class="am-form form-validation view-save" action="{{:MyUrl('admin/site/save')}}" method="POST" request-type="ajax-url" request-value="{{:MyUrl('admin/site/index', ['nav_type'=>'verify'])}}" enctype="multipart/form-data">
            <div class="am-form-group">
                <label>{{$data.common_verify_expire_time.name}}<span class="am-form-group-label-tips">{{$data.common_verify_expire_time.describe}}</span></label>
                <input type="number" name="{{$data.common_verify_expire_time.only_tag}}" placeholder="{{$data.common_verify_expire_time.name}}" data-validation-message="{{$data.common_verify_expire_time.error_tips}}" class="am-radius" {{if !empty($data)}}value="{{$data.common_verify_expire_time.value}}"{{/if}} required />
            </div>
            <div class="am-form-group">
-                <label>{{$data.common_verify_time_interval.name}}<span class="am-form-group-label-tips">{{$data.common_verify_time_interval.describe}}</span></label>
-                <input type="number" name="{{$data.common_verify_time_interval.only_tag}}" placeholder="{{$data.common_verify_time_interval.name}}" data-validation-message="{{$data.common_verify_time_interval.error_tips}}" class="am-radius" {{if !empty($data)}}value="{{$data.common_verify_time_interval.value}}"{{/if}} required />
+                <label>{{$data.common_verify_interval_time.name}}<span class="am-form-group-label-tips">{{$data.common_verify_interval_time.describe}}</span></label>
+                <input type="number" name="{{$data.common_verify_interval_time.only_tag}}" placeholder="{{$data.common_verify_interval_time.name}}" data-validation-message="{{$data.common_verify_interval_time.error_tips}}" class="am-radius" {{if !empty($data)}}value="{{$data.common_verify_interval_time.value}}"{{/if}} required />
            </div>
            <div class="am-form-group">
                <label>{{$data.home_img_verify_state.name}}<span class="am-form-group-label-tips">{{$data.home_img_verify_state.describe}}</span></label>

--- a/application/common.php
+++ b/application/common.php
@@ -11,6 +11,50 @@

 // 应用公共文件

+
+/**
+ * 缓存安全验证次数处理
+ * @author  Devil
+ * @blog    http://gong.gg/
+ * @version 1.0.0
+ * @date    2020-06-03
+ * @desc    description
+ * @param   [string]          $key          [缓存 key]
+ * @param   [int]             $type         [操作类型（0清除, 1验证）]
+ * @param   [int]             $expire_time  [过期时间（默认30秒+30秒）]
+ */
+function SecurityPreventViolence($key, $type = 1, $expire_time = 30)
+{
+    // 安全缓存 key
+    $mkey = md5($key.'_security_prevent_violence');
+
+    // 清除缓存返
+    if($type == 0)
+    {
+        cache($mkey, null);
+        return true;
+    }
+
+    // 验证并增加次数
+    $count = intval(cache($mkey))+1;
+    $max = config('shopxo.security_prevent_violence_max');
+    $status = false;
+    if($count <= $max)
+    {
+        cache($mkey, $count, $expire_time+30);
+        $status = true;
+    }
+
+    // 验证达到次数限制则清除验证信息
+    if($count > $max)
+    {
+        cache($key, null);
+        cache($mkey, null);
+    }
+
+    return $status;
+}
+
 /**
 * 模块动态表格加载方法
 * @author  Devil

--- a/application/index/view/default/safety/email_info.html
+++ b/application/index/view/default/safety/email_info.html
@@ -36,7 +36,7 @@
 				<div class="am-input-group am-input-group-sm am-form-group">
 					<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
 					<span class="am-input-group-btn">
-						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
+						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
 					</span>
 				</div>
 				<div class="am-form-group am-form-group-refreshing">

--- a/application/index/view/default/safety/mobile_info.html
+++ b/application/index/view/default/safety/mobile_info.html
@@ -36,7 +36,7 @@
 				<div class="am-input-group am-input-group-sm am-form-group">
 					<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
 					<span class="am-input-group-btn">
-						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
+						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
 					</span>
 				</div>
 				<div class="am-form-group am-form-group-refreshing">

--- a/application/index/view/default/safety/new_email_info.html
+++ b/application/index/view/default/safety/new_email_info.html
@@ -36,7 +36,7 @@
 				<div class="am-input-group am-input-group-sm am-form-group">
 					<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
 					<span class="am-input-group-btn">
-						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
+						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
 					</span>
 				</div>
 				<div class="am-form-group am-form-group-refreshing">

--- a/application/index/view/default/safety/new_mobile_info.html
+++ b/application/index/view/default/safety/new_mobile_info.html
@@ -36,7 +36,7 @@
 				<div class="am-input-group am-input-group-sm am-form-group">
 					<input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
 					<span class="am-input-group-btn">
-						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}">获取验证码</button>
+						<button class="am-btn am-btn-default am-radius btn-loading-example verify-submit-new" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/safety/verifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}">获取验证码</button>
 					</span>
 				</div>
 				<div class="am-form-group am-form-group-refreshing">

--- a/application/index/view/default/user/forget_pwd_info.html
+++ b/application/index/view/default/user/forget_pwd_info.html
@@ -41,7 +41,7 @@
 						<div class="am-input-group am-input-group-sm">
 			                <input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
 			                <span class="am-input-group-btn">
-			                    <button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/forgetpwdverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}" data-form-tag="form.form-validation">获取验证码</button>
+			                    <button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/forgetpwdverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}" data-form-tag="form.form-validation">获取验证码</button>
 			                </span>
 			            </div>
 		            </div>

--- a/application/index/view/default/user/reg_info.html
+++ b/application/index/view/default/user/reg_info.html
@@ -132,7 +132,7 @@
                                                <div class="am-input-group am-input-group-sm">
                                                    <input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
                                                    <span class="am-input-group-btn">
-                                                        <button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}" data-form-tag="form.form-validation-sms">获取验证码</button>
+                                                        <button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}" data-form-tag="form.form-validation-sms">获取验证码</button>
                                                    </span>
                                                </div>
                                            </div>
@@ -178,7 +178,7 @@
                                                <div class="am-input-group am-input-group-sm">
                                                    <input type="number" name="verify" class="am-radius" placeholder="验证码" minlength="4" maxlength="4" data-validation-message="验证码格式 4 位数字" required />
                                                    <span class="am-input-group-btn">
-                                                        <button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_time_interval', 30, true)}}" data-form-tag="form.form-validation-email">获取验证码</button>
+                                                        <button class="am-btn am-btn-default am-radius btn-loading-example verify-submit" type="button" data-am-loading="{spinner:'circle-o-notch', loadingText:'发送中...'}" data-url="{{:MyUrl('index/user/regverifysend')}}" data-verify="{{:MyC('home_img_verify_state')}}" data-text="获取验证码" data-send-text="还有 {time} 秒" data-time="{{:MyC('common_verify_interval_time', 30, true)}}" data-form-tag="form.form-validation-email">获取验证码</button>
                                                    </span>
                                                </div>
                                            </div>

--- a/application/module/FormHandle.php
+++ b/application/module/FormHandle.php
@@ -38,8 +38,12 @@ class FormHandle
        $p = [];
        if(!empty($data['form']))
        {
-            foreach($data['form'] as $k=>$v)
+            foreach($data['form'] as $k=>&$v)
            {
+                // 基础数据处理
+                
+                
+                // 条件处理
                if(isset($v['search_config']) && !empty($v['search_config']['form_type']) && !empty($v['search_config']['form_name']))
                {
                    $key = 'fp'.$k;
@@ -136,8 +140,8 @@ class FormHandle
            }
        }
        return [
-            'where' => $w,
-            'params' => $p,
+            'where'     => $w,
+            'params'    => $p,
        ];
    }
 }

--- a/application/service/SafetyService.php
+++ b/application/service/SafetyService.php
@@ -125,7 +125,7 @@ class SafetyService
                return $ret;
            }

-            return DataReturn('修改成功');
+            return DataReturn('修改成功', 0);
        }
        return DataReturn('修改失败', -100);
    }
@@ -231,7 +231,7 @@ class SafetyService
        $img_verify_params = array(
                'key_prefix' => 'safety',
                'expire_time' => MyC('common_verify_expire_time'),
-                'time_interval' =>  MyC('common_verify_time_interval'),
+                'interval_time' =>  MyC('common_verify_interval_time'),
            );

        // 是否开启图片验证码
@@ -245,7 +245,7 @@ class SafetyService
        $verify_params = array(
                'key_prefix' => md5('safety_'.$accounts),
                'expire_time' => MyC('common_verify_expire_time'),
-                'time_interval' =>  MyC('common_verify_time_interval'),
+                'interval_time' =>  MyC('common_verify_interval_time'),
            );
        $code = GetNumberCode(4);
        if($params['type'] == 'sms')

--- a/application/service/UserService.php
+++ b/application/service/UserService.php
@@ -1405,7 +1405,7 @@ class UserService
        $verify_params = [
            'key_prefix' => 'reg',
            'expire_time' => MyC('common_verify_expire_time'),
-            'time_interval' =>  MyC('common_verify_time_interval'),
+            'interval_time' =>  MyC('common_verify_interval_time'),
        ];

        // 是否开启图片验证码
@@ -1487,7 +1487,7 @@ class UserService
        $verify_params = [
            'key_prefix' => 'forget',
            'expire_time' => MyC('common_verify_expire_time'),
-            'time_interval' =>  MyC('common_verify_time_interval'),
+            'interval_time' =>  MyC('common_verify_interval_time'),
        ];

        // 是否开启图片验证码
@@ -1625,7 +1625,7 @@ class UserService
        $verify_params = [
            'key_prefix' => 'forget_'.md5($params['accounts']),
            'expire_time' => MyC('common_verify_expire_time'),
-            'time_interval' =>  MyC('common_verify_time_interval'),
+            'interval_time' =>  MyC('common_verify_interval_time'),
        ];
        switch($ret['data'])
        {
@@ -1664,10 +1664,13 @@ class UserService

        // 密码修改
        $ret = SafetyService::UserLoginPwdUpdate($params['accounts'], $user['id'], $params['pwd']);
-        if($ret['code'] != 0)
+        if($ret['code'] == 0)
        {
            // 清除验证码
-            $obj->Remove();
+            if(isset($obj) && is_object($obj))
+            {
+                $obj->Remove();
+            }
            return DataReturn('操作成功', 0);
        }
        return $ret;
@@ -2179,7 +2182,7 @@ class UserService
        $verify_params = [
            'key_prefix' => 'bind_'.md5($params['mobile']),
            'expire_time' => MyC('common_verify_expire_time'),
-            'time_interval' => MyC('common_verify_time_interval'),
+            'interval_time' => MyC('common_verify_interval_time'),
        ];

        // 发送验证码

--- a/config/shopxo.php
+++ b/config/shopxo.php
@@ -90,5 +90,8 @@ return [

    // 价格符号
    'price_symbol'                          => '￥',
+
+    // 验证码最大验证次数,防止暴力破解
+    'security_prevent_violence_max'         => 6,
 ];
 ?>
\ No newline at end of file
--- a/config/shopxo.sql
+++ b/config/shopxo.sql
--- a/extend/base/Email.php
+++ b/extend/base/Email.php
@@ -212,15 +212,20 @@ class Email
 	 */
 	public function CheckCorrect($code = '')
 	{
-		$data = cache($this->key_code);
-		if(!empty($data))
-		{
-			if(empty($code) && isset($_POST['code']))
+		// 安全验证
+        if(SecurityPreventViolence($this->key_code, 1, $this->expire_time))
+        {
+        	// 验证是否正确
+        	$data = cache($this->key_code);
+			if(!empty($data))
 			{
-				$code = trim($_POST['code']);
+				if(empty($code) && isset($_POST['code']))
+				{
+					$code = trim($_POST['code']);
+				}
+				return ($data['code'] == $code);
 			}
-			return ($data['code'] == $code);
-		}
+        }
 		return false;
 	}

@@ -235,6 +240,7 @@ class Email
 	public function Remove()
 	{
 		cache($this->key_code, null);
+		SecurityPreventViolence($this->key_code, 0);
 	}

 	/**

--- a/extend/base/Sms.php
+++ b/extend/base/Sms.php
@@ -248,15 +248,20 @@ class Sms
 	 */
 	public function CheckCorrect($code = '')
 	{
-		$data = cache($this->key_code);
-		if(!empty($data))
-		{
-			if(empty($code) && isset($_POST['code']))
-			{
-				$code = trim($_POST['code']);
-			}
-			return ($data['code'] == $code);
-		}
+        // 安全验证
+        if(SecurityPreventViolence($this->key_code, 1, $this->expire_time))
+        {
+            // 验证是否正确
+            $data = cache($this->key_code);
+            if(!empty($data))
+            {
+                if(empty($code) && isset($_POST['code']))
+                {
+                    $code = trim($_POST['code']);
+                }
+                return ($data['code'] == $code);
+            }
+        }
 		return false;
 	}

@@ -271,6 +276,7 @@ class Sms
 	public function Remove()
 	{
 		cache($this->key_code, null);
+        SecurityPreventViolence($this->key_code, 0);
 	}

 	/**