使用google验证码防止注册机/发帖机for discuz7.2

http://bbs.mudbest.com目前已经采用google验证码方案,平时注册机/发帖机 盯得比较紧,点触验证码感觉还行,只是广告不太喜欢,看到google提供了一个验证码的接口。想到将将原来的discuz默认验证码更换掉成google的验证码,就是用户体验不怎么好。

1、首先到https://www.google.com/recaptcha/admin/create 注册应用。 2、打开http://code.google.com/p/recaptcha/downloads/list?q=label:phplib-Latest ,下载接口文件。 3、拿到注册应用后得到公用key和私有key。

google验证码

代码修改部分:

//打开discuz7.2的/include/common.inc.php文件。
require_once DISCUZ_ROOT.'./include/global.func.php';
//加载google验证码核心文件
//并设置好应用的 公有key 和 私有key
//>>>>>>>>>>>>>>>>>加载google验证码部分<<<<<<<<<<<<<<<<<<<<
require_once(DISCUZ_ROOT.'./include/recaptchalib.php');
$publickey = "6LcC8-wSAAAAAHxRk***pMW12312krfNqscyC_C1";
$privatekey = "6LcC8-wSAAAAADG***-Uy53434p0IKvgzGJG2toMD";
//>>>>>>>>>>>>>>>>>加载google验证码部分<<<<<<<<<<<<<<<<<<<<

打开discuz7.2的/include/global.func.php文件,将函数修改如下:

function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) {
    $publickey = "6LcC8-wSAAAAAHxRk***pMW12312krfNqscyC_C1";
        $privatekey = "6LcC8-wSAAAAADG***-Uy53434p0IKvgzGJG2toMD";
    # the response from reCAPTCHA
    $resp = null;
    # the error code from reCAPTCHA, if any
    $error = null;

    if(empty($GLOBALS[$var])) {
        return FALSE;
    } else {
        global $_SERVER, $seclevel, $seccode, $seccodedata, $seccodeverify, $secanswer, $_DCACHE, $_DCOOKIE, $timestamp, $discuz_uid;
        if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) ||
            preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])))) {
                if($seccodecheck) {

                        $resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);

                        if (!$resp->is_valid) {
                            showmessage('submit_seccode_invalid');
                            //echo "You got it!";
                        } 
                        /*
                        else {
                            # set the error code so that we can display it
                            $error = $resp->error;
                        }
                        */

                    /*
                    if(!$seclevel) {
                        $key = $seccodedata['type'] != 3 ? '' : $_DCACHE['settings']['authkey'].date('Ymd');
                        list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secc'], 'DECODE', $key));
                        if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
                            showmessage('submit_seccode_invalid');
                        }
                        dsetcookie('secc', '');
                    } else {
                        $tmp = substr($seccode, 0, 1);
                    }
                    seccodeconvert($seccode);
                    if(strtoupper($seccodeverify) != $seccode) {
                        showmessage('submit_seccode_invalid');
                    }
                $seclevel && $seccode = random(6, 1) + $tmp * 1000000;

                */
                }
            if($secqaacheck) {
                    if(!$seclevel) {
                        list($seccode, $expiration, $seccodeuid) = explode("\t", authcode($_DCOOKIE['secq'], 'DECODE'));
                        if($seccodeuid != $discuz_uid || $timestamp - $expiration > 600) {
                            showmessage('submit_secqaa_invalid');
                        }
                        dsetcookie('secq', '');
                    }
                    require_once DISCUZ_ROOT.'./forumdata/cache/cache_secqaa.php';
                    if(md5($secanswer) != $_DCACHE['secqaa'][substr($seccode, 0, 1)]['answer']) {
                            showmessage('submit_secqaa_invalid');
                    }
                $seclevel && $seccode = random(1, 1) * 1000000 + substr($seccode, -6);
                }
            return TRUE;
        } else {
            showmessage('submit_invalid');
        }
    }
}

打开discuz7.2的/templates/default/post.htm模板文件,修改以下部分:

<!--
此部分代码是由下面移到上面
-->
<!--{if $action != 'edit' && ($secqaacheck || $seccodecheck)}-->{template seccheck}<!--{/if}-->

<button type="submit" id="postsubmit" prompt="post_submit"  value="true" name="{if $action == 'newthread'}topicsubmit{elseif $action == 'reply'}replysubmit{elseif $action == 'edit'}editsubmit{/if}" tabindex="1">
<!--{if $action == 'newthread'}-->
    <!--{if $special == 0}-->{lang post_newthread}
    <!--{elseif $special == 1}-->{lang post_newthreadpoll}
    <!--{elseif $special == 2}-->{lang post_newthreadtrade}
    <!--{elseif $special == 3}-->{lang post_newthreadreward}
    <!--{elseif $special == 4}-->{lang post_newthreadactivity}
    <!--{elseif $special == 5}-->{lang post_newthreaddebate}
    <!--{elseif $special == 127}-->
        <!--{if $buttontext}-->$buttontext<!--{else}-->{lang post_newthread}<!--{/if}-->
    <!--{/if}-->
<!--{elseif $action == 'reply' && !empty($addtrade)}-->{lang trade_add_post}
<!--{elseif $action == 'reply'}-->{lang join_thread}
<!--{elseif $action == 'edit'}-->{lang edit_thread}
<!--{/if}-->
</button>

修改seccheck.php文件,如果想以后能还原,建议备份该模板文件,该文件全部最终代码如下。

<style>
    #recaptcha_table{
        table-layout:auto;
    }
</style>
{eval echo recaptcha_get_html($publickey)}
5555 444

至此,google验证码已经在使用了。

Leave a Reply

(will not be published)