本帖最后由 liuzhly 于 2010-4-2 10:37 编辑
2010年4月12日 9:57 最新修改newfarmc.php,图片验证~~
在内网建立开心农场,竟然发现有人用外挂,真是生气,所以想出这么法子来禁止,如下:
1、首先在UCHOME_SPACE表增加字段:newfarm ,类型,int 默认值:0 ,用于沉迷当前更新存放时间
2、模版文件:template/default/newfarm.htm 找到添加如下代码:
<table border="1" cellpadding="0" cellspacing="0" >
<tr>
<td><div class="links">
<a href="myfarm.htm" class="link1" target="myfarm"></a>
<a href="mymc.htm" class="link2" target="myfarm"> </a>
<a href="newfarm.php" class="link3"></a>
<a href="cp.php?ac=invite" class="link4"> </a>
<a href="newfarm/fb.htm" class="link5" target="myfarm"> </a>
<a href="myfarmqp.htm" class="link6" target="_blank" onclick='location.assign("space.php?do=home")'>
</div>
</td>
<td>
<div><IFRAME border=0 frameBorder=0 frameSpacing=0 height=20 width=220 marginHeight=0 marginWidth=0 scrolling=no vspale=0 src=newfarm/newfarmc.php></IFRAME></div>
</td>
</tr>
</table>
</div>
3、在 newfarm 下新建PHP文件,文件名:newfarmc.php,内容如下:
<?php
header ( "Expires: Mon, 26 Jul 1997 05:00:00 GMT" );
header ( "Last-Modified: " . gmdate ( "D, d M Y H:i:s" ) . " GMT" );
header ( "Cache-Control: no-store, no-cache, must-revalidate" );
header ( "Cache-Control: post-check=0, pre-check=0", false );
header ( "Pragma: no-cache" );
function ChkPost(){
global $_SERVER;
if (empty($_SERVER['HTTP_REFERER'])) {
return false;
}
if (7 === strpos($_SERVER['HTTP_REFERER'],$_SERVER['SERVER_NAME']) OR 7 === strpos($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST'])) {
return true;
}
return false;
}
if( ChkPost() === false ){ //禁止站外提交
exit();
}
function showCode($str,$vtype = 0){
if($vtype != 1){return;}
header("Content-type: image/png");
$im = imagecreate(40, 14) or die("Cannot Initialize new GD image stream");
$clr = ImageColorAllocate($im, 255, 255, 204);
$fnt = $_SERVER['DOCUMENT_ROOT'] . "\\fonts\\symbol.ttf";
$black = imagecolorallocate($im, mt_rand( 0, 255 ), mt_rand( 0, 255 ), mt_rand( 0, 255 ));
for($i=0;$i<60;$i++) {
$mt_randcolor = ImageColorallocate($im,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255)); //创建调色板,定义颜色
if($i < 2){
imageline($im, mt_rand(1, 40), mt_rand(1, 14), mt_rand(1, 40), mt_rand(1, 14), $mt_randcolor);// 画N干扰线
}else{
imagesetpixel($im, mt_rand()%70 , mt_rand()%30 , $mt_randcolor); //在图片中用mt_randcolor定义的颜色画点
}
}
ImageTTFText($im, 11, 0, 4, 12, $black, $fnt, $str);
imagePNG($im);
imagedestroy($im);
exit();
}
include_once( "../common.php" );
$chk_time = 10800; //检测时间10800
$view_time = 300; //提前时间
$space = getspace( $_SGLOBAL['supe_uid'] );
$chk_codetime = $space[newfarm] - 15284; //时间错位,各位自己随便修改成自己的,防止被别人猜到
$time_now = date('iH',$chk_codetime);
$newfarm_code = $_REQUEST['nc'.$view_time];
if($space[newfarm] == 0){
$_SGLOBAL['db']->query( "UPDATE ".tname( "space" )." set newfarm=".$_SGLOBAL['timestamp']." where uid=".$_SGLOBAL['supe_uid'] );
$space[newfarm] =$_SGLOBAL['timestamp'];
}
$q_code = $_REQUEST['q'.$chk_codetime];
showCode($time_now,$q_code); //检测显示图片验证码
if($newfarm_code !=''){
$last_time = $_SGLOBAL['timestamp'] - $space[newfarm];
if($time_now == $newfarm_code && $last_time > $chk_time - $view_time){
$_SGLOBAL['db']->query( "UPDATE ".tname( "space" )." set newfarm=".$_SGLOBAL['timestamp']." where uid=".$_SGLOBAL['supe_uid'] );
$space[newfarm] =$_SGLOBAL['timestamp'];
}
}
$time_left = $chk_time - ($_SGLOBAL['timestamp'] - $space[newfarm]);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> 开心农场 </TITLE>
<META NAME="Generator" CONTENT="EditPlus">
<META NAME="Author" CONTENT="">
<META NAME="Keywords" CONTENT="">
<META NAME="Description" CONTENT="">
<style type="text/css">
body,div{font-size:12px;}
</style>
<script LANGUAGE="JScript.Encode" src="loads.js?<?=$time_left.$view_time?>"></script> <!-- 附件包含load.js -->
</HEAD>
<BODY oncontextmenu=window.event.returnValue=false ondragstart=window.event.returnValue=false onselectstart=event.returnValue=false>
<form action=newfarmc.php name="form1" method=post>
<div id="mess1<?=$time_left.$view_time?>" style="display:none;font-size:12px;padding-top:3;color:#626262">提示:开心农场防沉迷系统已经启动...</div>
<div id="mess2<?=$time_left.$view_time?>" style="display:none;font-size:12px;padding-top:3;color:#626262">提示:请输入验证码<span onclick="this.innerHTML=' <img src=\'<?=$_SERVER['SCRIPT_NAME']?>?q<?=$chk_codetime?>=1\' border=0 align=absmiddle style=\'cursor:hand;\' alt=\'点击刷新\'> ';">[<span style="color:red;background:#FFFFCC;cursor:hand">点击获取</span>]</span><INPUT TYPE="text" NAME="nc<?=$view_time?>" VALUE="" size=3 style="height:16px;" maxlength=4 onkeyup="if(this.value.length==4){document.getElementById('submit<?=$time_left.$view_time?>').disabled=false;}else{document.getElementById('submit<?=$time_left.$view_time?>').disabled=true;}"><INPUT name="submit<?=$time_left.$view_time?>" TYPE="submit" VALUE="OK" disabled style="font:12px;height:17px;"></div>
</form>
</BODY>
</HTML>
4、然后打开 newfarmjosn.php 和 newmc.php ,找到如下:
$space = getspace( $_SGLOBAL['supe_uid'] );
在下面增加:
if($_SGLOBAL['timestamp'] - $space[newfarm] > 10800){ //防沉迷3小时间隔
exit();
}
这样就OK了,如果用户不输入验证,系统将无法操作....
推荐:把此句分开增加到每个IF的前面,或者仅仅增加到 种菜、偷菜、翻地、浇水、捉虫、除草 这几个地方,因为如果加在头部,用户加载的时候就会出现重试,只有输入注册码才能显示,不过这样也不错,呵呵!可以增加提示如下:
if($_SGLOBAL['timestamp'] - $space[newfarm] > 10800){ //防沉迷
echo "{\"farmlandIndex\":".$_REQUEST['place'].",\"code\":0,\"poptype\":1,\"direction\":\"\\u8BF7\\u8F93\\u5165\\u9A8C\\u8BC1\\u7801\\u7EE7\\u7EED...\"}";
exit();
}
那样如果用户点击任意一种,系统会提示:请输入验证码继续操作 ...
fonts 是字体文件,图片验证所使用的字体文件,见上面代码蓝色字体,将 fonts 文件夹复制到 UCHOME 文件夹下即可!!
讨论:请高手们批评指正,之所以不用session,主要是想节省资源..... |