session与验证码
验证码的实现:
在不同的用户访问时,用户每访问一次,在服务器段生成一个验证码,这样造成了,客户端的验证码是不变的,而服务器段是随着用户访问而生成,客户端与服务器段验证码对应不上。针对以上情况,具体的实现方式是,在用户每次访问时,将生成的验证码以cookie的形式写到浏览器端,当用户提交时,携带者cookie到服务器端,然后与保存在服务器段的session信息比较。相同则说明正确。
# -*- coding:utf-8 -*- import tornado.ioloop import tornado.web import time import io import hashlib import check_code SERVER_SESSION_DICT = {} # 存储session class Session(object): def __init__(self, handler): self.handler = handler @staticmethod def get_random_str(): """ :return: 随机字符串 """ obj = hashlib.md5() obj.update(bytes(str(int(time.time())), encoding='utf8')) value = obj.hexdigest() return value def __setitem__(self, key, value): """ :param key: :param value: :return: """ ret = self.handler.get_cookie("___cookie___", None) # 获取浏览器端session串 # 如果客户端存在ret,判断服务器端是否存在,存在 则重新写入session内容,不存在 则 在服务器端创建user的session信息 # 如果客户端不存在,在服务器端创建user的session信息 并把session串写入浏览器端 if ret: if ret in SERVER_SESSION_DICT.keys(): SERVER_SESSION_DICT[ret][key] = value else: # 创建user自己的字段 SERVER_SESSION_DICT[ret] = {} SERVER_SESSION_DICT[ret][key] = value else: ret = Session.get_random_str() # 创建user自己的字段 SERVER_SESSION_DICT[ret] = {} SERVER_SESSION_DICT[ret][key] = value # 向浏览器端写入cookie self.handler.set_cookie("___cookie___", ret, expires=time.time() + 1200) def __getitem__(self, key): random_str = self.handler.get_cookie("___cookie___", None) value = SERVER_SESSION_DICT.get(random_str, None) if value: return SERVER_SESSION_DICT[random_str][key] else: return None class BaseHandler(tornado.web.RequestHandler): def initialize(self): self.session = Session(self) class IndexHandler(BaseHandler): def get(self): username = self.get_argument('username', None) if username in ['alex', 'eric', 'seven']: self.session['is_login'] = True self.render('index.html') else: self.write("登录失败") def post(self): pass class ManagerHandler(BaseHandler): def get(self): ret = self.session['is_login'] print(ret) if ret: self.render('manager.html') else: self.redirect('/login') def post(self): pass # 登录处理类 class LoginHandler(BaseHandler): def get(self, *args, **kwargs): self.render('login.html') def post(self, *args, **kwargs): username = self.get_argument('username', None) pwd = self.get_argument('password', None) yzm = self.get_argument('YZM', None) code = self.session['PicCode'] if code.upper() == yzm.upper(): self.write('验证码正确') else: self.write('验证码错误') # 生成图片验证码类 class PicHandler(BaseHandler): def get(self): """ :return: 生成图片并返回 """ mstream = io.BytesIO() img, code = check_code.create_validate_code() # 创建图片 并写入验证码 print(code) img.save(mstream, "GIF") # 将图片对象写到mstream self.session['PicCode'] = code self.write(mstream.getvalue()) settings = { "cookie_secret": "bZJc2sWbQLKos6GkHn/VB9oXwQt8S0R0kRvJ5/xJ89E=" } # 路由映射 对应关系 application = tornado.web.Application( [ (r"/index", IndexHandler), (r"/manager", ManagerHandler), (r"/login", LoginHandler), (r"/pic", PicHandler), ],**settings) if __name__ == "__main__": application.listen(8008) tornado.ioloop.IOLoop.instance().start()
#!/usr/bin/env python import random from PIL import Image, ImageDraw, ImageFont, ImageFilter _letter_cases = "abcdefghjkmnpqrstuvwxy" # 小写字母,去除可能干扰的i,l,o,z _upper_cases = _letter_cases.upper() # 大写字母 _numbers = ''.join(map(str, range(3, 10))) # 数字 init_chars = ''.join((_letter_cases, _upper_cases, _numbers)) def create_validate_code(size=(120, 30), chars=init_chars, img_type="GIF", mode="RGB", bg_color=(255, 255, 255), fg_color=(0, 0, 255), font_size=18, font_type="Monaco.ttf", length=4, draw_lines=True, n_line=(1, 2), draw_points=True, point_chance = 2): ''' @todo: 生成验证码图片 @param size: 图片的大小,格式(宽,高),默认为(120, 30) @param chars: 允许的字符集合,格式字符串 @param img_type: 图片保存的格式,默认为GIF,可选的为GIF,JPEG,TIFF,PNG @param mode: 图片模式,默认为RGB @param bg_color: 背景颜色,默认为白色 @param fg_color: 前景色,验证码字符颜色,默认为蓝色#0000FF @param font_size: 验证码字体大小 @param font_type: 验证码字体,默认为 ae_AlArabiya.ttf @param length: 验证码字符个数 @param draw_lines: 是否划干扰线 @param n_lines: 干扰线的条数范围,格式元组,默认为(1, 2),只有draw_lines为True时有效 @param draw_points: 是否画干扰点 @param point_chance: 干扰点出现的概率,大小范围[0, 100] @return: [0]: PIL Image实例 @return: [1]: 验证码图片中的字符串 ''' width, height = size # 宽, 高 img = Image.new(mode, size, bg_color) # 创建图形 draw = ImageDraw.Draw(img) # 创建画笔 def get_chars(): '''生成给定长度的字符串,返回列表格式''' return random.sample(chars, length) def create_lines(): '''绘制干扰线''' line_num = random.randint(*n_line) # 干扰线条数 for i in range(line_num): # 起始点 begin = (random.randint(0, size[0]), random.randint(0, size[1])) #结束点 end = (random.randint(0, size[0]), random.randint(0, size[1])) draw.line([begin, end], fill=(0, 0, 0)) def create_points(): '''绘制干扰点''' chance = min(100, max(0, int(point_chance))) # 大小限制在[0, 100] for w in range(width): for h in range(height): tmp = random.randint(0, 100) if tmp > 100 - chance: draw.point((w, h), fill=(0, 0, 0)) def create_strs(): '''绘制验证码字符''' c_chars = get_chars() strs = ' %s ' % ' '.join(c_chars) # 每个字符前后以空格隔开 font = ImageFont.truetype(font_type, font_size) font_width, font_height = font.getsize(strs) draw.text(((width - font_width) / 3, (height - font_height) / 3), strs, font=font, fill=fg_color) return ''.join(c_chars) if draw_lines: create_lines() if draw_points: create_points() strs = create_strs() # 图形扭曲参数 params = [1 - float(random.randint(1, 2)) / 100, 0, 0, 0, 1 - float(random.randint(1, 10)) / 100, float(random.randint(1, 2)) / 500, 0.001, float(random.randint(1, 2)) / 500 ] img = img.transform(size, Image.PERSPECTIVE, params) # 创建扭曲 img = img.filter(ImageFilter.EDGE_ENHANCE_MORE) # 滤镜,边界加强(阈值更大) return img, strs
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form method="post" action="/login"> <p>Username:<input type="text" name="username"></p> <p>Password:<input type="password" name="password"></p> <p> 验证码:<input type="text" name="YZM"> <img src="/pic" onclick="ChangePicNum()" id="PicNum"> </p> <p><input type="submit" name="登录"></p> </form> <script> function ChangePicNum() { var code = document.getElementById('PicNum'); code.src += '?'; } </script> </body> </html>
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>Get方式访问</h1> <!--<form action="/login" method="post">--> <!--<p><input type="text" name="username"></p>--> <!--<p><input type="password" name="password"></p>--> <!--<p><input type="submit" name="登录"></p>--> <!--</form>--> </body> </html>
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>manager</h1> </body> </html>
浙公网安备 33010602011771号