1、html代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/login" method="post">
<p><input name="user" type="text" placeholder="用户"></p>
<p><input name="pwd" type="text" placeholder="密码"></p>
<p><input name="code" type="text" placeholder="验证码">
<img src="/check_code" onclick="ChangeCode();" id="imgCode">
</p>
<p><input type="submit" value="submit"></p>
<h3>{{status}}</h3>
</form>
<script> function ChangeCode() {
var code=document.getElementById('imgCode');
// sec 加问号就会再次发送请求
code.src+='?'
}
</script>
</body>
</html>
2、生成验证码模块代码,要依赖于字体文件Monaco.ttf
#!/usr/bin/env python
#coding:utf-8 import random
from PIL import Image, ImageDraw, ImageFont, ImageFilter _letter_cases = "abcdefghjkmnpqrstuvwxy" # 小写字母,去除可能干扰的i,l,o,z
_upper_cases = _letter_cases.upper() # 大写字母
_numbers = ''.join(map(str, range(3, 10))) # 数字
init_chars = ''.join((_letter_cases, _upper_cases, _numbers)) def create_validate_code(size=(120, 30),
chars=init_chars,
img_type="GIF",
mode="RGB",
bg_color=(255, 255, 255),
fg_color=(0, 0, 255),
font_size=18,
font_type="Monaco.ttf",
length=4,
draw_lines=True,
n_line=(1, 2),
draw_points=True,
point_chance = 2):
'''
@todo: 生成验证码图片
@param size: 图片的大小,格式(宽,高),默认为(120, 30)
@param chars: 允许的字符集合,格式字符串
@param img_type: 图片保存的格式,默认为GIF,可选的为GIF,JPEG,TIFF,PNG
@param mode: 图片模式,默认为RGB
@param bg_color: 背景颜色,默认为白色
@param fg_color: 前景色,验证码字符颜色,默认为蓝色#0000FF
@param font_size: 验证码字体大小
@param font_type: 验证码字体,默认为 ae_AlArabiya.ttf
@param length: 验证码字符个数
@param draw_lines: 是否划干扰线
@param n_lines: 干扰线的条数范围,格式元组,默认为(1, 2),只有draw_lines为True时有效
@param draw_points: 是否画干扰点
@param point_chance: 干扰点出现的概率,大小范围[0, 100]
@return: [0]: PIL Image实例
@return: [1]: 验证码图片中的字符串
''' width, height = size # 宽, 高
img = Image.new(mode, size, bg_color) # 创建图形
draw = ImageDraw.Draw(img) # 创建画笔 def get_chars():
'''生成给定长度的字符串,返回列表格式'''
return random.sample(chars, length) def create_lines():
'''绘制干扰线'''
line_num = random.randint(*n_line) # 干扰线条数 for i in range(line_num):
# 起始点
begin = (random.randint(0, size[0]), random.randint(0, size[1]))
#结束点
end = (random.randint(0, size[0]), random.randint(0, size[1]))
draw.line([begin, end], fill=(0, 0, 0)) def create_points():
'''绘制干扰点'''
chance = min(100, max(0, int(point_chance))) # 大小限制在[0, 100] for w in range(width):
for h in range(height):
tmp = random.randint(0, 100)
if tmp > 100 - chance:
draw.point((w, h), fill=(0, 0, 0)) def create_strs():
'''绘制验证码字符'''
c_chars = get_chars()
strs = ' %s ' % ' '.join(c_chars) # 每个字符前后以空格隔开 font = ImageFont.truetype(font_type, font_size)
font_width, font_height = font.getsize(strs) draw.text(((width - font_width) / 3, (height - font_height) / 3),
strs, font=font, fill=fg_color) return ''.join(c_chars) if draw_lines:
create_lines()
if draw_points:
create_points()
strs = create_strs() # 图形扭曲参数
params = [1 - float(random.randint(1, 2)) / 100,
0,
0,
0,
1 - float(random.randint(1, 10)) / 100,
float(random.randint(1, 2)) / 500,
0.001,
float(random.randint(1, 2)) / 500
]
img = img.transform(size, Image.PERSPECTIVE, params) # 创建扭曲 img = img.filter(ImageFilter.EDGE_ENHANCE_MORE) # 滤镜,边界加强(阈值更大) return img, strs
3、tornado处理程序
#!/usr/bin/env python
# -*- coding:utf-8 -*- import tornado.ioloop
import tornado.web
import session import io
import check_code class BaseHandler(tornado.web.RequestHandler):
def initialize(self):
self.session=session.Session(self) class loginHandler(BaseHandler):
def get(self):
self.render('login.html',status='')
def post(self, *args, **kwargs):
user=self.get_argument('user',None)
pwd=self.get_argument('pwd',None)
code=self.get_argument('code',None)
check_code=self.session['CheckCode']
if code.upper()==check_code.upper():
self.write('验证码正确')
else:
self.render('login.html',status='验证码错误') class check_codeHandler(BaseHandler):
def get(self, *args, **kwargs):#生成图片并返回
mstream=io.BytesIO()
#创建图片 并写入验证码
img,code=check_code.create_validate_code()
#讲图片对象写入到mastream
img.save(mstream,'GIF')
self.session['CheckCode']=code
#为每个用户保存验证码
self.write(mstream.getvalue())
#返回图片给客户端
class XsrfHandler(BaseHandler):
def get(self, *args, **kwargs):
self.render('xsrf.html')
def post(self, *args, **kwargs):
self.write('xsrf.post') settings={
'template_path':'views',
'static_path':'static',
'xsrf_cookies':True,
#是否开启xsrf跨站请求伪造
# 'cookie_'
}
application=tornado.web.Application([
(r'/login',loginHandler),
(r'/check_code',check_codeHandler),
(r'/xsrf',XsrfHandler),
],**settings) if __name__ == '__main__':
application.listen(8888)
tornado.ioloop.IOLoop.instance().start()