Java 简单的登录验证码

时间:2022-01-13 00:08:26

  1 验证码的作用

  验证码是为了区分人与机器,如果没有验证码机制,web网站或者应用会遇到很多问题,具体如下:

  ① 网站容易被暴力登录攻破密码,可以制作一个自动程序不断的尝试登录,密码很容易被破解,系统容易瘫痪;

  ② 黑客可以创建自动程序不断的注册账户,不断的发帖,不断的刷票,消耗服务器资源,产生大量垃圾信息;

  验证码分为两部分:图片与输入框

<html><br/>

<image src='images/logo1.jpg' /><hr/>

<head><br/><title>登录</title> <br/><h1> 欢迎登录</h1></head> <br/>

<body> <br/>

<form action='/LoginValid/LoginVerify' method='post' >

用户id:<input type='text' name='userid' value=''> <br/>

用户密码:<input type='password' name='password' value=''> <br/>

<br/>

验证码:<input type='text' name='inputCode' value='' />  <img src='/LoginValid/CreateCode2' /><br/>

<input type='submit' value='登录' /><br/>

</form>

</body> <br/>

</html>

CreateCode实时生成图片

     private static final int IMG_W=82;

     private static final int IMG_H=25;

     private static final int NUM_CHS=5;

     private static char[] chs = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890".toCharArray();

     private static Random rand = new Random();

     public void doGet(HttpServletRequest request, HttpServletResponse response)

             throws ServletException, IOException {

         //禁止浏览器缓存随机图片

         response.setDateHeader("Expires",-1);

         response.setHeader("Cache-Control", "no-cache");

         response.setHeader("Pragma", "no-cache");

         //通知客户端以图片的方式打开发送过去的数据

         response.setHeader("Content-Type", "image/jpeg");

         //创建image对象

         BufferedImage image = new BufferedImage(IMG_W, IMG_H, BufferedImage.TYPE_INT_RGB);

         Graphics g = image.getGraphics();

         //验证码图片背景颜色

         Color co = new Color(200,200,255);

         g.setColor(co);

         g.fillRect(0, 0, IMG_W, IMG_H);

         //保存验证码字符

         StringBuilder sb = new StringBuilder();

         int index=0;

         for(int i=0; i<NUM_CHS; i++)

         {

             //获取随机一个下标

             index = rand.nextInt(chs.length);

             //给画笔随机一个颜色

             g.setColor(new Color(rand.nextInt(88),rand.nextInt(210),rand.nextInt(150)));

             //画出字符

             g.drawString(chs[index]+"", 15*i+3, 18);

             sb.append(chs[index]);

         }

         //将验证码保存至session

         request.getSession().setAttribute("checkCode", sb.toString());

         ImageIO.write(image, "jpg", response.getOutputStream());

     }

  验证用户输入的验证码与session里保存的是否一致:

     public void doGet(HttpServletRequest request, HttpServletResponse response)

             throws ServletException, IOException {

         response.setContentType("text/html;charset=utf-8");

         request.setCharacterEncoding("utf-8");

         PrintWriter out = response.getWriter();

         HttpSession session = request.getSession();

         String seCode = (String)session.getAttribute("checkCode");

         String inputCode = (String)request.getParameter("inputCode");

         if(seCode.equals(inputCode))

         {

             request.getRequestDispatcher("/Main").forward(request, response);

         }

         else

         {

             request.getRequestDispatcher("/Err").forward(request, response);

         }

     }

相关文章