注册页面被人疯狂的注册 前段时一天都在10个内,昨天有100多个,今天到现在也差不多100个了.这明显不正常但是我已经加了验证码的.... 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 /// <summary> /// 生成验证图片 /// </summary> /// <param name="checkCode">验证字符</param> private void checkCodes(string checkCode) { int iwidth = (int)(checkCode.Length * 13); System.Drawing.Bitmap image = new System.Drawing.Bitmap(iwidth, 23); Graphics g = Graphics.FromImage(image); g.Clear(Color.White); //定义颜色 Color[] c = { Color.Black, Color.Red, Color.DarkBlue, Color.Green, Color.Orange, Color.Brown, Color.DarkCyan, Color.Purple }; //定义字体 string[] font = { "Verdana", "Microsoft Sans Serif", "Comic Sans MS", "Arial", "宋体" }; Random rand = new Random(); //随机输出噪点 for (int i = 0; i < 50; i++) { int x = rand.Next(image.Width); int y = rand.Next(image.Height); g.DrawRectangle(new Pen(Color.LightGray, 0), x, y, 1, 1); } //输出不同字体和颜色的验证码字符 for (int i = 0; i < checkCode.Length; i++) { int cindex = rand.Next(7); int findex = rand.Next(5); Font f = new System.Drawing.Font(font[findex], 10, System.Drawing.FontStyle.Bold); Brush b = new System.Drawing.SolidBrush(c[cindex]); int ii = 4; if ((i + 1) % 2 == 0) { ii = 2; } g.DrawString(checkCode.Substring(i, 1), f, b, 3 + (i * 12), ii); } //画一个边框 g.DrawRectangle(new Pen(Color.Black, 0), 0, 0, image.Width - 1, image.Height - 1); //输出到浏览器 System.IO.MemoryStream ms = new System.IO.MemoryStream(); image.Save(ms, System.Drawing.Imaging.ImageFormat.Jpeg); HttpContext.Current.Response.ClearContent(); //Response.ClearContent(); HttpContext.Current.Response.ContentType = "image/Jpeg"; HttpContext.Current.Response.BinaryWrite(ms.ToArray()); g.Dispose(); image.Dispose(); } 大家来围观验证码:<span id="labVali" style="display:inline-block;color:Red;font-size:12pt;width:60px;">8jem6j</span>SPAN里的内容就是验证码 这个验证码在HTML里不过是显式的字符串 我们做注册机的时候抓取到这个HTML文件后 用正则表达式提取下验证码不过1行代码的事而已然后把这个字符串填充到HTTP的BODY里POST给你的服务器 你的服务器就认为这是个正确的验证了 行 49: //大类别行 50: SqlCommand com_BId = new SqlCommand("select top 1 * from bigclass where bigclassid=" + Request["bigclassid"], mycon);行 51: SqlDataReader dr_BId = com_BId.ExecuteReader(); 楼主哎 你这个代码明显能注入的 判断IP,同一IP一段时间内只能注册一次。提高验证码安全等级用图片参考,还可使用邮箱验证 验证码太简单了以下是一个我自己写着玩的验证码编辑类,可以直接用 #region Constructor /// <summary> /// constructor /// </summary> public VryImgGen() { rnd = new Random(unchecked((int)DateTime.Now.Ticks)); } #endregion #region "" /// <summary> /// Random object /// </summary> private Random rnd; int length = 5; /// <summary> /// provide a default vrycode length /// </summary> public int Length { get { return length; } set { length = value; } } int fontSize = 28; /// <summary> /// Font Size /// </summary> public int FontSize { get { return fontSize; } set { fontSize = value; } } int padding = 4; /// <summary> /// just like cellpadding /// </summary> public int Padding { get { return padding; } set { padding = value; } } bool chaos = true; /// <summary> /// Does I need some small points to unclear the image /// </summary> public bool Chaos { get { return chaos; } set { chaos = value; } } Color chaosColor = Color.Black; /// <summary> /// The color of these small points /// </summary> public Color ChaosColor { get { return chaosColor; } set { chaosColor = value; } } Color backgroundColor = Color.Yellow; /// <summary> /// Background Color /// </summary> public Color BackgroundColor { get { return backgroundColor; } set { backgroundColor = value; } } Color[] colors = { Color.Black, Color.Red, Color.DarkBlue, Color.Green, Color.Orange, Color.Brown, Color.DarkCyan, Color.Purple }; /// <summary> /// colors /// </summary> public Color[] Colors { get { return colors; } set { colors = value; } } string[] fonts = { "Arial", "Georgia" }; /// <summary> /// fonts /// </summary> public string[] Fonts { get { return fonts; } set { fonts = value; } } #endregion #region Twist the image private const double PI = 3.1415926535897932384626433832795; private const double PI2 = 6.283185307179586476925286766559; /// <summary> /// Twist the image /// </summary> /// <param name="srcBmp">source bmp</param> /// <param name="bXDir">width or height</param> /// <param name="dMultValue"></param> /// <param name="dPhase"></param> /// <returns></returns> public System.Drawing.Bitmap TwistImage(Bitmap srcBmp, bool bXDir, double dMultValue, double dPhase) { System.Drawing.Bitmap destBmp = new Bitmap(srcBmp.Width, srcBmp.Height); // Use graphics Device Interface(GDI) to format the pic System.Drawing.Graphics graph = System.Drawing.Graphics.FromImage(destBmp); graph.FillRectangle(new SolidBrush(System.Drawing.Color.Yellow), 0, 0, destBmp.Width, destBmp.Height); graph.Dispose(); double dBaseAxisLen = bXDir ? (double)destBmp.Height : (double)destBmp.Width; for (int i = 0; i < destBmp.Width; i++) { for (int j = 0; j < destBmp.Height; j++) { double dx = 0; dx = bXDir ? (PI2 * (double)j) / dBaseAxisLen : (PI2 * (double)i) / dBaseAxisLen; dx += dPhase; double dy = Math.Sin(dx); // Get the twisted x & y int nOldX = 0, nOldY = 0; nOldX = bXDir ? i + (int)(dy * dMultValue) : i; nOldY = bXDir ? j : j + (int)(dy * dMultValue); //Get the old bmp(i,j)'s color System.Drawing.Color color = srcBmp.GetPixel(i, j); //Set color if (nOldX >= 0 && nOldX < destBmp.Width && nOldY >= 0 && nOldY < destBmp.Height) { destBmp.SetPixel(nOldX, nOldY, color); } } } return destBmp; } #endregion #region create image /// <summary> /// Create Image /// </summary> /// <param name="code">Verify Code</param> /// <returns></returns> public Bitmap CreateImage(string code) { int fSize = FontSize; int fWidth = fSize + Padding; int imageWidth = (int)(code.Length * fWidth) + 4 + Padding * 2; int imageHeight = fSize * 2 + Padding * 2; //Create a new bmp with the given width & height System.Drawing.Bitmap image = new System.Drawing.Bitmap(imageWidth, imageHeight); //Use graphics Device Interface(GDI) to format the bmp Graphics g = Graphics.FromImage(image); g.Clear(BackgroundColor); #region Draw some unclear effect to the pic //draw some unclear effect if (this.Chaos) { Pen pen = new Pen(ChaosColor, 0); //I can dicide the number of points int c = Length * 30; for (int i = 0; i < c; i++) { int x = rnd.Next(image.Width); int y = rnd.Next(image.Height); //draw a rectangle with the special with and height g.DrawRectangle(pen, x, y, 1, 1); } } #endregion int left = 0, top = 0, top1 = 1, top2 = 1; int n1 = (imageHeight - FontSize - Padding * 2); int n2 = n1 / 4; top1 = n2; top2 = n2 * 2; Font f; //use this to set font Brush b; //use this to set color int colorIndex, fontIndex; //draw each char for (int i = 0; i < code.Length; i++) { colorIndex = rnd.Next(Colors.Length - 1); fontIndex = rnd.Next(Fonts.Length - 1); f = new System.Drawing.Font(Fonts[fontIndex], fSize, System.Drawing.FontStyle.Bold); b = new System.Drawing.SolidBrush(Colors[colorIndex]); if (i % 2 == 1) { top = top2; } else { top = top1; } left = i * fWidth; g.DrawString(code.Substring(i, 1), f, b, left, top); } //Draw rectangle to pic g.DrawRectangle(new Pen(Color.Gainsboro, 0), 0, 0, image.Width - 1, image.Height - 1); g.Dispose(); //Twist the image image = TwistImage(image, true, 8, 4); return image; } #endregion #region create verify code /// <summary> /// Create Verify Code /// </summary> /// <param name="codeLen">total code length</param> /// <returns></returns> public string CreateVerifyCode(int codeLen) { char[] chs = new char[codeLen]; //Get Random Char for (int i = 0; i < codeLen; i++) { if (chs[i] == '\0') chs[i] = CreateEnOrNumChar(); } return new string(chs, 0, chs.Length); } /// <summary> /// provide a default length verify code /// </summary> /// <returns></returns> public string CreateVerifyCode() { return CreateVerifyCode(Length); } /// <summary> /// Create English Or number char /// </summary> /// <returns>English Or number char</returns> protected char CreateEnOrNumChar() { int rndNumber = rnd.Next(48, 122); if ((58 <= rndNumber && rndNumber <= 64) || (91 <= rndNumber && rndNumber <= 96)) { return CreateEnOrNumChar(); } return (char)rndNumber; } #endregion #region maybe I need Chinese characters ///// <summary> ///// CreateZhChar ///// </summary> ///// <returns></returns> //protected char CreateZhChar() //{ // if (ChineseChars.Length > 0) // { // return ChineseChars[rnd.Next(0, ChineseChars.Length)]; // } // //new Chinese Chars // else // { // byte[] bytes = new byte[2]; // bytes[0] = (byte)rnd.Next(0xb0, 0xf8); // bytes[1] = (byte)rnd.Next(0xa1, 0xff); // string str1 = Encoding.GetEncoding("gb2312").GetString(bytes); // return str1[0]; // } //} #endregion这个是页面调用: VryImgGen gen = new VryImgGen(); string verifyCode = gen.CreateVerifyCode(5); //Store it in session(Application,cash,viewstate,cookie...) Session["VerifyCode"] = verifyCode.ToUpper(); Bitmap bitmap = gen.CreateImage(verifyCode); System.IO.MemoryStream ms = new System.IO.MemoryStream(); bitmap.Save(ms, System.Drawing.Imaging.ImageFormat.Png); System.Drawing.Image thmbnail = bitmap.GetThumbnailImage(100, 40, null, new IntPtr()); thmbnail.Save("C:\\Documents and Settings\\v-user\\Desktop\\VerifyCode\\Images\\thumnail.jpeg", System.Drawing.Imaging.ImageFormat.Jpeg); thmbnail.Dispose(); bitmap.Dispose(); ms.Dispose(); ms.Close(); //set the image path this.Image1.ImageUrl = "~/Images/thumnail.jpeg"; 看了你的网页有个建议级联的drowdownlist刷新很不友好,可以使用锚点定位,就是刷新后让scroll bar的位置不变 做成图片吧,现在这个<span id="labVali" style="display: inline-block; color: Red; font-size: 12pt; width: 60px;">6abeb6</span>用webbrowser取值太轻松了 //如果string tmp = Request["bigclassid"];int tmp2;if(!int.TryParse(tmp,out tmp2)) {报错,不是数字}SqlCommand com_BId = new SqlCommand("select top 1 * from bigclass where bigclassid=" + tmp, mycon); <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJLTEyNTAwNzIwD2QWAgIBD2QWHgIDDw8WAh4EVGV4dAUGNzI4MTQ2ZGQCBQ8WAh8ABZccPHRyPjx0ZCBhbGlnbj0nY2VudGVyJz48YSBocmVmPSdidXlzaG93XzEuYXNweD9pbmZvc29ydD0yJm1lbWlkPTg0OTE3JmlkPTU2ODEyJyB0YXJnZXQ9J19ibGFuayc+6L+z48YSBocmVmPSdidXlzaG93XzEuYXNweD9pbmZvc29ydD0xJm1lbWlkPTg0NzU3JmlkPTU2NDg4JyB0YXJnZXQ9J19ibGFuayc++aciDE15pel6L+e5o6l5Zmo572R5LiK5oql5Lu3PC9hPiAgIDwvdGQ+" />这个太长了。 mygod!怎么说在源文件里也不能让别人看到啊 新建登陆名的权限问题,在线等 关于句柄的获取 (0分求解,我分用完了,我得到的分都不能用,也不知道为啥):怎样获得DLL的返回值以及参数 等待ing... 我现在在用c#做控件,要做一个控件,三种样式,我得系统是win2003 ,我如何能够获得当前正在使用得桌面主题 不把数据装入DataTabls,DataGrid中如何得到某行某列的数据,急! Excel问题 C/S webBrowser 从自定义webBorwser中打开新页面 聊个MVC的话题 web api有用吗 关于DataGridView 谁有好的c#书籍和相关网站 1C#面试题 c#中如何把日期型设置为空
/// <summary>
/// 生成验证图片
/// </summary>
/// <param name="checkCode">验证字符</param>
private void checkCodes(string checkCode)
{
int iwidth = (int)(checkCode.Length * 13);
System.Drawing.Bitmap image = new System.Drawing.Bitmap(iwidth, 23);
Graphics g = Graphics.FromImage(image);
g.Clear(Color.White);
//定义颜色
Color[] c = { Color.Black, Color.Red, Color.DarkBlue, Color.Green, Color.Orange, Color.Brown, Color.DarkCyan, Color.Purple };
//定义字体
string[] font = { "Verdana", "Microsoft Sans Serif", "Comic Sans MS", "Arial", "宋体" };
Random rand = new Random();
//随机输出噪点
for (int i = 0; i < 50; i++)
{
int x = rand.Next(image.Width);
int y = rand.Next(image.Height);
g.DrawRectangle(new Pen(Color.LightGray, 0), x, y, 1, 1);
} //输出不同字体和颜色的验证码字符 for (int i = 0; i < checkCode.Length; i++)
{
int cindex = rand.Next(7);
int findex = rand.Next(5); Font f = new System.Drawing.Font(font[findex], 10, System.Drawing.FontStyle.Bold);
Brush b = new System.Drawing.SolidBrush(c[cindex]);
int ii = 4;
if ((i + 1) % 2 == 0)
{
ii = 2;
}
g.DrawString(checkCode.Substring(i, 1), f, b, 3 + (i * 12), ii);
}
//画一个边框 g.DrawRectangle(new Pen(Color.Black, 0), 0, 0, image.Width - 1, image.Height - 1); //输出到浏览器
System.IO.MemoryStream ms = new System.IO.MemoryStream();
image.Save(ms, System.Drawing.Imaging.ImageFormat.Jpeg);
HttpContext.Current.Response.ClearContent();
//Response.ClearContent();
HttpContext.Current.Response.ContentType = "image/Jpeg";
HttpContext.Current.Response.BinaryWrite(ms.ToArray());
g.Dispose();
image.Dispose();
}
抓取到这个HTML文件后 用正则表达式提取下验证码不过1行代码的事而已
然后把这个字符串填充到HTTP的BODY里POST给你的服务器 你的服务器就认为这是个正确的验证了
行 49: //大类别
行 50: SqlCommand com_BId = new SqlCommand("select top 1 * from bigclass where bigclassid=" + Request["bigclassid"], mycon);
行 51: SqlDataReader dr_BId = com_BId.ExecuteReader();
楼主哎 你这个代码明显能注入的
提高验证码安全等级用图片参考,还可使用邮箱验证
以下是一个我自己写着玩的验证码编辑类,可以直接用 #region Constructor
/// <summary>
/// constructor
/// </summary>
public VryImgGen()
{
rnd = new Random(unchecked((int)DateTime.Now.Ticks));
}
#endregion #region ""
/// <summary>
/// Random object
/// </summary>
private Random rnd; int length = 5;
/// <summary>
/// provide a default vrycode length
/// </summary>
public int Length
{
get { return length; }
set { length = value; }
} int fontSize = 28;
/// <summary>
/// Font Size
/// </summary>
public int FontSize
{
get { return fontSize; }
set { fontSize = value; }
} int padding = 4;
/// <summary>
/// just like cellpadding
/// </summary>
public int Padding
{
get { return padding; }
set { padding = value; }
} bool chaos = true;
/// <summary>
/// Does I need some small points to unclear the image
/// </summary>
public bool Chaos
{
get { return chaos; }
set { chaos = value; }
} Color chaosColor = Color.Black;
/// <summary>
/// The color of these small points
/// </summary>
public Color ChaosColor
{
get { return chaosColor; }
set { chaosColor = value; }
} Color backgroundColor = Color.Yellow;
/// <summary>
/// Background Color
/// </summary>
public Color BackgroundColor
{
get { return backgroundColor; }
set { backgroundColor = value; }
} Color[] colors = { Color.Black, Color.Red, Color.DarkBlue, Color.Green, Color.Orange, Color.Brown, Color.DarkCyan, Color.Purple };
/// <summary>
/// colors
/// </summary>
public Color[] Colors
{
get { return colors; }
set { colors = value; }
} string[] fonts = { "Arial", "Georgia" }; /// <summary>
/// fonts
/// </summary>
public string[] Fonts
{
get { return fonts; }
set { fonts = value; }
}
#endregion #region Twist the image private const double PI = 3.1415926535897932384626433832795;
private const double PI2 = 6.283185307179586476925286766559; /// <summary>
/// Twist the image
/// </summary>
/// <param name="srcBmp">source bmp</param>
/// <param name="bXDir">width or height</param>
/// <param name="dMultValue"></param>
/// <param name="dPhase"></param>
/// <returns></returns>
public System.Drawing.Bitmap TwistImage(Bitmap srcBmp, bool bXDir, double dMultValue, double dPhase)
{
System.Drawing.Bitmap destBmp = new Bitmap(srcBmp.Width, srcBmp.Height); // Use graphics Device Interface(GDI) to format the pic
System.Drawing.Graphics graph = System.Drawing.Graphics.FromImage(destBmp);
graph.FillRectangle(new SolidBrush(System.Drawing.Color.Yellow), 0, 0, destBmp.Width, destBmp.Height);
graph.Dispose(); double dBaseAxisLen = bXDir ? (double)destBmp.Height : (double)destBmp.Width; for (int i = 0; i < destBmp.Width; i++)
{
for (int j = 0; j < destBmp.Height; j++)
{
double dx = 0;
dx = bXDir ? (PI2 * (double)j) / dBaseAxisLen : (PI2 * (double)i) / dBaseAxisLen;
dx += dPhase;
double dy = Math.Sin(dx); // Get the twisted x & y
int nOldX = 0, nOldY = 0;
nOldX = bXDir ? i + (int)(dy * dMultValue) : i;
nOldY = bXDir ? j : j + (int)(dy * dMultValue); //Get the old bmp(i,j)'s color
System.Drawing.Color color = srcBmp.GetPixel(i, j);
//Set color
if (nOldX >= 0 && nOldX < destBmp.Width
&& nOldY >= 0 && nOldY < destBmp.Height)
{
destBmp.SetPixel(nOldX, nOldY, color);
}
}
} return destBmp;
} #endregion #region create image
/// <summary>
/// Create Image
/// </summary>
/// <param name="code">Verify Code</param>
/// <returns></returns>
public Bitmap CreateImage(string code)
{
int fSize = FontSize;
int fWidth = fSize + Padding; int imageWidth = (int)(code.Length * fWidth) + 4 + Padding * 2;
int imageHeight = fSize * 2 + Padding * 2; //Create a new bmp with the given width & height
System.Drawing.Bitmap image = new System.Drawing.Bitmap(imageWidth, imageHeight); //Use graphics Device Interface(GDI) to format the bmp
Graphics g = Graphics.FromImage(image); g.Clear(BackgroundColor); #region Draw some unclear effect to the pic
//draw some unclear effect
if (this.Chaos)
{
Pen pen = new Pen(ChaosColor, 0);
//I can dicide the number of points
int c = Length * 30; for (int i = 0; i < c; i++)
{
int x = rnd.Next(image.Width);
int y = rnd.Next(image.Height);
//draw a rectangle with the special with and height
g.DrawRectangle(pen, x, y, 1, 1);
}
}
#endregion int left = 0, top = 0, top1 = 1, top2 = 1; int n1 = (imageHeight - FontSize - Padding * 2);
int n2 = n1 / 4;
top1 = n2;
top2 = n2 * 2; Font f; //use this to set font
Brush b; //use this to set color int colorIndex, fontIndex; //draw each char
for (int i = 0; i < code.Length; i++)
{
colorIndex = rnd.Next(Colors.Length - 1);
fontIndex = rnd.Next(Fonts.Length - 1); f = new System.Drawing.Font(Fonts[fontIndex], fSize, System.Drawing.FontStyle.Bold);
b = new System.Drawing.SolidBrush(Colors[colorIndex]); if (i % 2 == 1)
{
top = top2;
}
else
{
top = top1;
} left = i * fWidth; g.DrawString(code.Substring(i, 1), f, b, left, top);
}
//Draw rectangle to pic
g.DrawRectangle(new Pen(Color.Gainsboro, 0), 0, 0, image.Width - 1, image.Height - 1);
g.Dispose(); //Twist the image
image = TwistImage(image, true, 8, 4); return image;
}
#endregion #region create verify code
/// <summary>
/// Create Verify Code
/// </summary>
/// <param name="codeLen">total code length</param>
/// <returns></returns>
public string CreateVerifyCode(int codeLen)
{
char[] chs = new char[codeLen];
//Get Random Char
for (int i = 0; i < codeLen; i++)
{
if (chs[i] == '\0')
chs[i] = CreateEnOrNumChar();
} return new string(chs, 0, chs.Length);
} /// <summary>
/// provide a default length verify code
/// </summary>
/// <returns></returns>
public string CreateVerifyCode()
{
return CreateVerifyCode(Length);
} /// <summary>
/// Create English Or number char
/// </summary>
/// <returns>English Or number char</returns>
protected char CreateEnOrNumChar()
{
int rndNumber = rnd.Next(48, 122);
if ((58 <= rndNumber && rndNumber <= 64) || (91 <= rndNumber && rndNumber <= 96))
{
return CreateEnOrNumChar();
}
return (char)rndNumber;
} #endregion #region maybe I need Chinese characters
///// <summary>
///// CreateZhChar
///// </summary>
///// <returns></returns>
//protected char CreateZhChar()
//{
// if (ChineseChars.Length > 0)
// {
// return ChineseChars[rnd.Next(0, ChineseChars.Length)];
// }
// //new Chinese Chars
// else
// {
// byte[] bytes = new byte[2]; // bytes[0] = (byte)rnd.Next(0xb0, 0xf8);
// bytes[1] = (byte)rnd.Next(0xa1, 0xff); // string str1 = Encoding.GetEncoding("gb2312").GetString(bytes);
// return str1[0];
// }
//}
#endregion
这个是页面调用: VryImgGen gen = new VryImgGen();
string verifyCode = gen.CreateVerifyCode(5);
//Store it in session(Application,cash,viewstate,cookie...)
Session["VerifyCode"] = verifyCode.ToUpper();
Bitmap bitmap = gen.CreateImage(verifyCode);
System.IO.MemoryStream ms = new System.IO.MemoryStream();
bitmap.Save(ms, System.Drawing.Imaging.ImageFormat.Png);
System.Drawing.Image thmbnail = bitmap.GetThumbnailImage(100, 40, null, new IntPtr());
thmbnail.Save("C:\\Documents and Settings\\v-user\\Desktop\\VerifyCode\\Images\\thumnail.jpeg", System.Drawing.Imaging.ImageFormat.Jpeg);
thmbnail.Dispose();
bitmap.Dispose();
ms.Dispose();
ms.Close();
//set the image path
this.Image1.ImageUrl = "~/Images/thumnail.jpeg";
级联的drowdownlist刷新很不友好,可以使用锚点定位,就是刷新后让scroll bar的位置不变
<span id="labVali" style="display: inline-block; color: Red; font-size: 12pt; width: 60px;">6abeb6</span>
用webbrowser取值太轻松了
string tmp = Request["bigclassid"];
int tmp2;
if(!int.TryParse(tmp,out tmp2))
{
报错,不是数字
}
SqlCommand com_BId = new SqlCommand("select top 1 * from bigclass where bigclassid=" + tmp, mycon);