單獨調用騰訊云行為驗證碼 · 技術-開發筆記

單獨調用騰訊云行為驗證碼 ## **html前端** ~~~ <script src="https://ssl.captcha.qq.com/TCaptcha.js"></script> ~~~ ~~~ <script> var captcha1 = new TencentCaptcha('你的appId', function (res) { if (res.ret === 0) { $.post("{:url('login/doCaptcha')}", { aid: res.appid, randstr: res.randstr, ticket: res.ticket }, function (res2) { //驗證成功的邏輯 }); } captcha1.show(); // 顯示驗證碼 </script> ~~~ ## **PHP后端** ~~~ //騰訊驗證碼驗證 public function doCaptcha() { $params = $this->request->param(); // 進行在線驗證 $host = 'captcha.tencentcloudapi.com'; $params = [ 'CaptchaType' => 9, 'Ticket' => $params['ticket'], 'UserIp' => request()->ip(0, true), 'Randstr' => $params['randstr'], 'CaptchaAppId' => (int)$params['aid'], 'AppSecretKey' => 'aaaaaaaaaaaaaaaaaaaaaaa**' ]; $headers = $this->makeHeader($host, $params); try { $result = self::curl_post('https://'.$host, json_encode($params), $headers); } catch (Exception $e) { $this->error($e->getCode(), ['code' => '']); } $result = json_decode($result, true); if (empty($result) || ! isset($result['Response']) || ! isset($result['Response']['CaptchaCode']) || $result['Response']['CaptchaCode'] != 1) { $this->error(isset($result['Response']) && isset($result['Response']['CaptchaMsg']) && ! empty($result['Response']['CaptchaMsg']) ? $result['Response']['CaptchaMsg'] : "驗證失敗，請重試", ['code' => '']); } } private function makeHeader($host, $params) { $headers = [ 'X-TC-Action' => 'DescribeCaptchaResult', 'X-TC-Timestamp' => time(), 'X-TC-Version' => '2019-07-22', 'Content-Type' => 'application/json', 'Host' => $host ]; $algo = "TC3-HMAC-SHA256"; $date = gmdate("Y-m-d", $headers["X-TC-Timestamp"]); $service = 'captcha'; $canonicalUri = '/'; $reqmethod = 'POST'; $canonicalQueryString = ''; $canonicalHeaders = "content-type:".$headers["Content-Type"]."\n"."host:".$headers["Host"]."\n"; $signedHeaders = "content-type;host"; $payloadHash = hash("SHA256", json_encode($params)); $canonicalRequest = $reqmethod."\n".$canonicalUri."\n".$canonicalQueryString."\n".$canonicalHeaders."\n".$signedHeaders."\n".$payloadHash; $credentialScope = $date."/".$service."/tc3_request"; $hashedCanonicalRequest = hash("SHA256", $canonicalRequest); $str2sign = $algo."\n".$headers["X-TC-Timestamp"]."\n".$credentialScope."\n".$hashedCanonicalRequest; $secretKey = 'ccccccccccccccccccccccc'; $signature = $this->signTC3($secretKey, $date, $service, $str2sign); $sid = 'bbbbbbbbbbbbbbbbbbbb'; $auth = $algo." Credential=".$sid."/".$credentialScope.", SignedHeaders=content-type;host, Signature=".$signature; $headers["Authorization"] = $auth; $temp = []; foreach ($headers as $key => $value) { array_push($temp, $key.':'.$value); } return $temp; } protected function signTC3($skey, $date, $service, $str2sign) { $dateKey = hash_hmac("SHA256", $date, "TC3".$skey, true); $serviceKey = hash_hmac("SHA256", $service, $dateKey, true); $reqKey = hash_hmac("SHA256", "tc3_request", $serviceKey, true); return hash_hmac("SHA256", $str2sign, $reqKey); } protected function curl_post($post_url, $post_data, $header = []) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); curl_setopt($ch, CURLOPT_URL, $post_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $output = curl_exec($ch); curl_close($ch); return $output; } ~~~