谷歌身份验证器Google Authenticator是谷歌推出的一款动态口令工具,办理大家各平台账户遭到恶意攻击的问题,一样平常在相关的服务平台登陆中除了用正常用户名和密码外,需要再输入一次谷歌认证器天生的动态口令才气验证成功,相当于输入二次密码,以到达账户的高安全性。 例如生意业务所、金融平台、以及一些钱包等项目等等,都会使用谷歌身份验证器Google Authenticator来做二次认证,开启谷歌身份验证之后,登录账户,除了输入用户名和密码,还需要输入谷歌验证器上的动态密码。谷歌验证器上的动态密码,也称为一次性密码,密码按照时间或使用次数不停动态变革(默认 30 秒变更一次) 代码参考:https://github.com/PHPGangsta/GoogleAuthenticator 关键代码: [code]<?php // https://github.com/PHPGangsta/GoogleAuthenticator error_reporting(0);// 关闭错误陈诉 session_start(); // 启动session require_once 'PHPGangsta/GoogleAuthenticator.php'; $ga = new PHPGangsta_GoogleAuthenticator(); // $secret = $ga->createSecret(); // 自界说安全密钥 $secret = "62H6TMAXQTZBVTRB"; // 手机端扫描二维码获取动态口令 $qrCodeUrl = $ga->getQRCodeGoogleUrl('username', $secret); echo "二维码地址: ".$qrCodeUrl."\n\n"; // 输出动态口令 $oneCode = $ga->getCode($secret); echo "本次登录的动态口令:'$oneCode'\n"; // 动态口令认证 $checkResult = $ga->verifyCode($secret, $password,2); // 2 = 2*30sec clock tolerance if ($checkResult) { $_SESSION['username'] = $username; echo "<h1>登录成功!</h1>"; header("Refresh: 5; url=main.php"); exit; } else { echo "<h1>登录失败!</h1>"; header("Refresh: 3; url=login.html"); exit; } ?> [/code]使用方法: 手机端安装 Microsoft Authenticator 下载地址:https://www.microsoft.com/en-us/security/mobile-authenticator-app 将以上代码天生的二维码地址在浏览器中访问 手机端扫描二维码获取动态验证码 代码示例: login.html [code]<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>系统运维管理平台</title> <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" /> </head> <body> <div id="login"> <h1>Login</h1> <form method="post" action="login.php"> <input type="text" required="required" placeholder="用户名" name="username"></input> <input type="password" required="required" placeholder="密码" name="password"></input> <button class="but" type="submit">登录</button> </form> </div> </body> </html> [/code]login.php [code]<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>系统运维管理平台</title> <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" /> </head> <body> <div id="login"> <?php // https://github.com/PHPGangsta/GoogleAuthenticator error_reporting(0);// 关闭错误陈诉 session_start(); // 启动session require_once 'PHPGangsta/GoogleAuthenticator.php'; $ga = new PHPGangsta_GoogleAuthenticator(); // $secret = $ga->createSecret(); # 自界说安全密钥 $secret = "62H6TMAXQTZBVTRB"; // $qrCodeUrl = $ga->getQRCodeGoogleUrl('admin', $secret); // echo "二维码: ".$qrCodeUrl."\n\n"; // 查抄用户是否已经登录 if (isset($_SESSION['username'])) { // 用户已登录,显示用户信息或其他操纵 header("Refresh: 3; url=main.php"); } else { if(!isset($_SESSION['num'])){//isset() — 检测num变量是否设置。 $_SESSION['num'] = 0; } // 密码输入错误3次,将不答应登录! if($_SESSION['num']<3){ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = $_POST['username']; $password = $_POST['password']; //此处应该从数据库中查询是否存在系统用户,再举行口令验证 if($username){ $oneCode = $ga->getCode($secret); echo "本次登录的动态口令:'$oneCode'\n"; $checkResult = $ga->verifyCode($secret, $password,2); // 2 = 2*30sec clock tolerance if ($checkResult) { $_SESSION['username'] = $username; echo "<h1>登录成功!</h1>"; header("Refresh: 5; url=main.php"); exit; } else { $_SESSION['num']++; echo "<h1>登录失败!</h1>"; header("Refresh: 3; url=login.html"); exit; } }else{ echo "<h1>登录失败!</h1>"; header("Refresh: 3; url=login.html"); exit; } } else { header("Location: login.html"); exit; } }else{ echo "<h1>密码输入错误已超过3次,系统已不答应登录!</h1>"; header("Refresh: 3; url=login.html"); exit; } } ?> </div> </body> </html> [/code]main.php [code]<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>系统运维管理平台</title> <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" /> </head> <body> <div id="login"> <?php session_start(); // 启动session if (isset($_SESSION['username'])) { echo "<h2>".$_SESSION['username']."您已登录!</h2>"; echo "<h2><a href='logout.php'>退出登录</a></h2>"; } else{ header("Refresh: 3; url=login.html"); } ?> </body> </html> [/code]logout.php [code]<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>系统运维管理平台</title> <link rel="stylesheet" type="text/css" href="login.css" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" /> </head> <body> <div id="login"> <?php session_start(); if(isset($_SESSION['username'])) { session_destroy(); } header("Refresh: 3; url=login.html"); ?> </body> </html> [/code]login.css [code]html{ width: 100%; height: 100%; overflow: hidden; font-style: sans-serif; } body{ width: 100%; height: 100%; font-family: 'Open Sans',sans-serif; margin: 0; background-color: #4A374A; } #login{ position: absolute; top: 50%; left:50%; margin: -150px 0 0 -150px; width: 300px; height: 300px; } #login h1,h2{ color: #fff; /* text-shadow:0 0 10px; */ letter-spacing: 1px; text-align: center; } h1,h2{ font-size: 2em; margin: 0.67em 0; } input{ width: 278px; height: 18px; margin-bottom: 10px; outline: none; padding: 10px; font-size: 13px; color: #fff; /* text-shadow:1px 1px 1px; */ border-top: 1px solid #312E3D; border-left: 1px solid #312E3D; border-right: 1px solid #312E3D; border-bottom: 1px solid #56536A; border-radius: 4px; background-color: #2D2D3F; } .but{ width: 300px; min-height: 20px; display: block; background-color: #4a77d4; border: 1px solid #3762bc; color: #fff; padding: 9px 14px; font-size: 15px; line-height: normal; border-radius: 5px; margin: 0; } [/code]以上就是php实现动态口令认证的示例代码的具体内容,更多关于php动态口令认证的资料请关注脚本之家其它相关文章! 来源:https://www.jb51.net/program/315790i84.htm 免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作! |
/6 
|手机版|小黑屋|梦想之都-俊月星空
( 粤ICP备18056059号 )|网站地图
GMT+8, 2025-7-1 20:38 , Processed in 0.028965 second(s), 18 queries .
Powered by Mxzdjyxk! X3.5
© 2001-2025 Discuz! Team.
