一、驗證碼的作用
防惡意破解密碼:防止,使用程序或機器人惡意去試密碼.為了提高用戶的體驗,用戶輸入錯誤以后,才會要求輸入驗證碼.
防論壇灌水:這個是很常見的。有一種程序叫做頂帖機,如果無限制的刷,整個論壇可能到處是拉圾信息,比如,百度貼吧,你只要是新用戶或者剛剛關注的貼吧,要是發帖,會馬上出現驗證碼。
有效防止注冊:防止使用程序或機器人去無限制注冊賬號.
防刷票:網上有很多投票類的網站.
反爬:防止爬蟲爬取數據
二、原理
驗證碼于服務器端生成,發送給客戶端,并以圖像格式顯示。客戶端提交所顯示的驗證碼,客戶端接收并進行比較,若比對失敗則不能實現登錄或注冊,反之成功后跳轉相應界面。
流程
?
三、如何實現
1、前期配置
- 安裝pillow
pip install Pillow - 安裝django-simple-captcha
pip install django-simple-captcha==0.5.6 - 將captcha添加到setting的app中
INSTALLED_APPS = [ 'captcha', ] - 添加urls.py
urlpatterns += [ url(r'^captcha/', include('captcha.urls')), ] - 配置
# django_simple_captcha 驗證碼配置 # 格式 CAPTCHA_OUTPUT_FORMAT = u'%(text_field)s %(hidden_field)s %(image)s' # 噪點樣式 CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_null', # 沒有樣式 # 'captcha.helpers.noise_arcs', # 線 # 'captcha.helpers.noise_dots', # 點 ) # 圖片大小 CAPTCHA_IMAGE_SIZE = (100, 25) CAPTCHA_BACKGROUND_COLOR = '#ffffff' CAPTCHA_CHALLENGE_FUNCT = 'captcha.helpers.random_char_challenge' # 圖片中的文字為隨機英文字母,如 mdsh # CAPTCHA_CHALLENGE_FUNCT = 'captcha.helpers.math_challenge' # 圖片中的文字為數字表達式,如1+2=</span> CAPTCHA_LENGTH = 4 # 字符個數 CAPTCHA_TIMEOUT = 1 # 超時(minutes)
2、示例代碼
- forms.py
from django import forms from maiziedu.models import UserProfile from captcha.fields import CaptchaField class RegisterForm(forms.Form): ''' 注冊 ''' username = forms.EmailField(widget=forms.TextInput(attrs={"placeholder": "請輸入郵箱賬號", "value": "", "required": "用戶名不能為空",}),max_length=50,error_messages={"required": "用戶名不能為空",}) password = forms.CharField(widget=forms.PasswordInput(attrs={"placeholder": "請輸入密碼", "value": "", "required": "密碼不能為空",}),min_length=8, max_length=50,error_messages={"required": "密碼不能為空",}) # 驗證碼 captcha = CaptchaField() def clean(self): # 驗證碼 try: captcha_x = self.cleaned_data['captcha'] except Exception as e: raise forms.ValidationError(u"驗證碼有誤,請重新輸入") # 用戶名 try: username=self.cleaned_data['username'] except Exception as e: raise forms.ValidationError(u"注冊賬號需為郵箱格式") # 登錄驗證 is_email_exist = UserProfile.objects.filter(email=username).exists() is_username_exist = UserProfile.objects.filter(username=username).exists() if is_username_exist or is_email_exist: raise forms.ValidationError(u"該賬號已被注冊") # 密碼 try: password=self.cleaned_data['password'] except Exception as e: raise forms.ValidationError(u"請輸入至少8位密碼"); return self.cleaned_data - 刷新驗證碼
# 刷新驗證碼 def refresh_captcha(request): verify= dict() verify['cptch_key'] = CaptchaStore.generate_key() verify['cptch_image'] = verify(to_json_response['cptch_key']) return HttpResponse(json.dumps(verify), content_type='application/json') - views.py
def register(request): if request.method == 'POST': # 驗證碼 try: reg_form = RegisterForm(request.POST) except Exception as e: # 登錄失敗 返回錯誤提示 err = "注冊失敗,請重試" return result_response(request, err) if reg_form.is_valid(): try: username = reg_form.cleaned_data['username'] password = reg_form.cleaned_data['password'] user = UserProfile.objects.create(username = username, email = username, password = make_password(password), is_active = True) user.save() # 驗證成功登錄 auth.login(request, user) return result_response(request, "") except Exception as e: setFormTips(reg_form, "注冊失敗,請重試") else: if request.POST.get('captcha_1') == "": setFormTips(reg_form, "驗證碼不能為空") # 登錄失敗 返回錯誤提示 err = getFormTips(reg_form) return result_response(request, err) else: reg_form = RegisterForm() # locals() 傳遞所有變量 return render(request, 'index.html', locals()) - 刷新驗證碼
?$(function () { let refres_url = 'http://127.0.0.1:8000/account/verify/'; $('.captcha').click(function () { $.getJSON(refres_url, function (data) { $('.captcha').attr('src', data.img_url) $('#id_capt_0').val(data.haskey) }) }) })
