php防止恶意注册与暴力破解的实例代码

发布时间:2020-01-02编辑:脚本学堂
本文分享二个php实现的防止恶意注册与暴力破解密码的代码,有需要的朋友研究下吧。

1,防止外站提交数据,验证数据提交页面的来源是否为本站。
(另外一种方法,可以随机input的name名称,也是可行的。)
 

复制代码 代码示例:
<?php 
session_start(); 
 
if ($_POST["submit"] == "go"){ 
    //check token 
    if ($_POST["token"] == $_SESSION["token"]){ 
        //continue processing…. 
    }else{ 
        //stop all processing! remote form posting attempt! 
    } 

$token = md5(uniqid(rand(), true)); 
$_SESSION["token"]= $token; 
?> 
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="post"> 
<p><label for="name">Name</label> 
<input type="text" name="name" id="name" size="20″ maxlength="40″/></p> 
<input type="hidden" name="token" value="<?php echo $token;?>"/> 
<p><input type="submit" name="submit" value="go"/></p> 
</form>

2,IP及IP段进行访问限制,防止恶意注册与暴力破解。
 

复制代码 代码示例:

<?php 
$oblock_ip = new block_ip(); 
$boolean = $oblock_ip->checkip();

/**
* 对IP地址或IP段限制访问
* by www.jb200.com
*/
class block_ip { 
    var $block_ip = array("192.168.1.1","210.10.2.1-20","222.34.4.*"); 
 
    function __construct(){ 
    } 
 
    function __destruct(){ 
    } 
 
    private function makepregip($str){ 
        if (strstr($str,"-")) { 
            $aip = explode(".",$str); 
            foreach ($aip as $k=>$v) { 
                if (!strstr($v,"-")) { 
                    $preg_limit .= makepregip($v); 
                }       else{ 
                    $aipnum = explode("-",$v); 
                    for($i=$aipnum[0];$i<=$aipnum[1];$i++){ 
                        $preg .=$preg?"|".$i:"[".$i; 
                    } 
                    $preg_limit .=strrpos($preg_limit,".",1)==(strlen($preg_limit)-1)?$preg."]":".".$preg."]"; 
                } 
            } 
        }else{ 
            $preg_limit .= $str."."; 
        } 
        return $preg_limit; 
    } 
 
    private function getallblockip(){ 
        if ($this->block_ip) { 
            foreach ($this->block_ip as $k=>$v) { 
                $ipaddres = $this->makepregip($v->start_ip); 
                $ip = str_ireplace(".",".",$ipaddres); 
                $ip  = str_replace("*","[0-9]{1,3}",$ip); 
                $ipaddres  = "/".$ip."/"; 
                $ip_list[] = $ipaddres; 
            } 
        } 
        return $ip_list; 
    } 
 
    public function checkip() { 
        $iptable = $this->getallblockip(); 
        $isjoined = true; 
        //取得用户ip 
        $ip = $this->get_client_ip(); 
        $ip = trim($ip); 
        //剔除黑名单中的ip区段 
        if ($iptable) { 
            foreach($iptable as $value) { 
                if (preg_match("{$value}",$ip)) { 
                    $isjoined = false; 
                    break
                } 
            } 
        } 
        //如果在ip黑名单中,则执行如下操作 
        if( !$isjoined ){ 
            echo "ip error"; 
            exit; 
        } 
    } 
 
    private function get_client_ip(){ 
        if (getenv("http_client_ip") && strcasecmp(getenv("http_client_ip"), "unknown")) 
            $ip = getenv("http_client_ip"); 
        else if (getenv("http_x_forwarded_for") && strcasecmp(getenv("http_x_forwarded_for"), "unknown")) 
            $ip = getenv("http_x_forwarded_for"); 
        else if (getenv("remote_addr") && strcasecmp(getenv("remote_addr"), "unknown")) 
            $ip = getenv("remote_addr"); 
        else if (isset($_server['remote_addr']) && $_server['remote_addr'] && strcasecmp($_server['remote_addr'], "unknown")) 
            $ip = $_server['remote_addr']; 
        else 
            $ip = "unknown"; 
        return($ip); 
    } 

?>