Captcha
Captcha copied to clipboard
Sometimes, the results of getPhrase and inline are partly inconsistent
Why sometimes the characters of getPhrase () and the characters in inline () are inconsistent, not all are wrong, but the case of one of the letters is inconsistent.
E.g: The image base64 from inline () is processed in the browser, and the result displayed is YF7B But the result of getPhrase () is Yf7B
why? Is it a browser issue or a code design issue?
Maybe it is because of one of the fonts used here Actually, I recommend you don't check the user phrase using case sensitive method The same tolerance can apply for 0/O and 1/l
See: https://github.com/Gregwar/Captcha/blob/master/src/Gregwar/Captcha/PhraseBuilder.php#L71
Maybe it is because of one of the fonts used here Actually, I recommend you don't check the user phrase using case sensitive method The same tolerance can apply for 0/O and 1/l
I want to use session for cookies on the client, and then compare the hash value of the verification code. Rest assured, the server will still compare again, except that when the normal client judges, there is one less connection request. So I have to know in advance what exactly it is, and there is a case where the case is not absolutely consistent.
In that case just call doNiceize() before you hash in both generating and checking process and it will result in the same hash
However check the possible combinations, if you have 5 characters 36^5 is around 60M, it is not really hard to brute force this hash
In that case just call doNiceize() before you hash in both generating and checking process and it will result in the same hash
However check the possible combinations, if you have 5 characters 36^5 is around 60M, it is not really hard to brute force this hash
In this way, can the correct capitalization of letters be displayed in the picture?
The client enters five letters, the same md5 processing is performed on the client, and then the string value is compared. As for the number of characters you say, if you say too little, then execute 1000 times? Is it okay?
Actually, injecting a secret salt before hashing is also a solution
<?php
$salt = 'SomethingSecret';
$hash = sha1($salt.$phrase);
Actually, injecting a secret salt before hashing is also a solution
<?php $salt = 'SomethingSecret'; $hash = sha1($salt.$phrase);
Off the topic, how to ensure that the case of the characters in the picture is consistent with the phrase.