防机器登录验证码的实现 与 输入匹配验证

 代码：

login.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录验证</title>
<script type="text/javascript">
function changeImage() {
var img = document.getElementsByTagName("img")[0];
img.src="${pageContext.request.contextPath }/ImageServlet?time="+new Date().getTime();//这个目的是防止缓存不刷新验证码
} 

function check(){
	var uname = document.getElementById("uname").value;
	var upassword = document.getElementById("upassword").value;
	var verifycode = document.getElementById("verifycode").value;
	 var validateCode = '<%=session.getAttribute("validateCode")%>'
	if(uname==""){
		alert("用户名为空！");
		return false;
	}
	if(upassword==""){
		alert("密码为空！");
		return false;
	}
	if(verifycode==""){
		alert("请填写验证码！");
		return false;
	}
	if(validateCode.equals(verifycode)){
		alert("验证码错误！");
		return false;
	}
}
if(window.top!=window){
	 window.top.location = "Login";
}
</script>
</head>
<body>
  <center>
     <h1>用户登录</h1>
     <hr/>
     <%
        Object validateCode = session.getAttribute("validateCode");
        System.out.println("你的验证码是："+validateCode);
     %>
     <form action="Login" method="post" οnsubmit="return check()">
        <table border="0" width="360px">
           <tr>
             <td align="right">用户名:</td>
             <td><input type="text" id="uname" name="username" style="width: 180px"/></td>
           </tr>
           <tr>
             <td align="right">密    码:</td>
             <td><input type="password" id="upassword" name="password" style="width: 180px"/></td>
           </tr>
           <tr>
             <td align="right">验证码:</td>
             <td><input type="text" id="verifycode" style="width: 180px" name="verifycode"/></td>
             <td><img alt="换一张看看" src="/Siemens/ImageServlet"  align="left" οnclick="changeImage()" /></td>
           </tr>
           <tr>
              <td><input type="radio" name="kind" value="员工" checked="checked">员工</td>
              <td><input type="radio" name="kind" value="管理员">管理员</td>
           </tr>
           <tr>
             <td align="right"><input type="submit" value="登录"/></td>
             <td><input type="reset" value="重置"/></td>
           </tr>
           <tr>
             <td></td>
             <td><font color="red">${message}</font></td>
           </tr>
           <tr>
              <td></td>
              <td><font color="red">${verify}</font></td>
           </tr>
        </table>
     </form>
  </center>
</body>
</html>

ImageServlet.java (生成验证码图片的servlet)

package com.servlet;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics2D;
import java.awt.image.BufferedImage;
import java.util.Random;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@WebServlet("/ImageServlet")
public class ImageServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
	 // 验证码图片的宽度。 
    private int width = 100; 
    // 验证码图片的高度。 
    private int height = 25; 
    // 验证码字符个数 
    private int codeCount = 4; 
 
    private int x = 0; 
    // 字体高度 
    private int fontHeight; 
    private int codeY; 
    char[] codeSequence = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 
            'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 
            'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' }; 
 
    /** 
     * 初始化验证图片属性 
     */ 
    public void init() throws ServletException { 
        // 从web.xml中获取初始信息 
        // 宽度 
        String strWidth = this.getInitParameter("width"); 
        // 高度 
        String strHeight = this.getInitParameter("height"); 
        // 字符个数 
        String strCodeCount = this.getInitParameter("codeCount"); 
        // 将配置的信息转换成数值 
        try { 
            if (strWidth != null && strWidth.length() != 0) { 
                width = Integer.parseInt(strWidth); 
            } 
            if (strHeight != null && strHeight.length() != 0) { 
                height = Integer.parseInt(strHeight); 
            } 
            if (strCodeCount != null && strCodeCount.length() != 0) { 
                codeCount = Integer.parseInt(strCodeCount); 
            } 
        } catch (NumberFormatException e) { 
        	e.printStackTrace();
        } 
        x = width / (codeCount + 1); 
        fontHeight = height - 2; 
        codeY = height - 4; 
    } 
 
    protected void service(HttpServletRequest req, HttpServletResponse resp) 
            throws ServletException, java.io.IOException { 
        // 定义图像buffer 
        BufferedImage buffImg = new BufferedImage(width, height, 
                BufferedImage.TYPE_INT_RGB); 
        Graphics2D g = buffImg.createGraphics(); 
        // 创建一个随机数生成器类 
        Random random = new Random(); 
        // 将图像填充为白色 
        g.setColor(Color.WHITE); 
        g.fillRect(0, 0, width, height); 
        // 创建字体，字体的大小应该根据图片的高度来定。 
        Font font = new Font("Fixedsys", Font.PLAIN, fontHeight); 
        // 设置字体。 
        g.setFont(font); 
        // 画边框。 
        g.setColor(Color.BLACK); 
        g.drawRect(0, 0, width - 1, height - 1); 
        // 随机产生160条干扰线，使图象中的认证码不易被其它程序探测到。 
        g.setColor(Color.BLACK); 
        for (int i = 0; i < 160; i++) { 
            int x = random.nextInt(width); 
            int y = random.nextInt(height); 
            int xl = random.nextInt(12); 
            int yl = random.nextInt(12); 
            g.drawLine(x, y, x + xl, y + yl); 
        } 
        // randomCode用于保存随机产生的验证码，以便用户登录后进行验证。 
        StringBuffer randomCode = new StringBuffer(); 
        int red = 0, green = 0, blue = 0; 
        // 随机产生codeCount数字的验证码。 
        for (int i = 0; i < codeCount; i++) { 
            // 得到随机产生的验证码数字。 
            String strRand = String.valueOf(codeSequence[random.nextInt(36)]); 
            // 产生随机的颜色分量来构造颜色值，这样输出的每位数字的颜色值都将不同。 
            red = random.nextInt(255); 
            green = random.nextInt(255); 
            blue = random.nextInt(255); 
            // 用随机产生的颜色将验证码绘制到图像中。 
            g.setColor(new Color(red, green, blue)); 
            g.drawString(strRand, (i + 1) * x, codeY); 
            // 将产生的四个随机数组合在一起。 
            randomCode.append(strRand); 
        } 
        // 将四位数字的验证码保存到Session中。 
        HttpSession session = req.getSession(); 
        session.setAttribute("validateCode", randomCode.toString()); 
        // 禁止图像缓存。 
        resp.setHeader("Pragma", "no-cache"); 
        resp.setHeader("Cache-Control", "no-cache"); 
        resp.setDateHeader("Expires", 0); 
        resp.setContentType("image/jpeg"); 
        // 将图像输出到Servlet输出流中。 
        ServletOutputStream sos = resp.getOutputStream(); 
        ImageIO.write(buffImg, "jpeg", sos); 
        sos.close(); 
    } 
}

登录验证

Login.java

package com.servlet;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.bean.User;
import com.dao.UserDao;
@WebServlet("/Login")
public class Login extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    public Login() {
        super();
        // TODO Auto-generated constructor stub
    }

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doPost(request, response); 
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		//设置编码  
        request.setCharacterEncoding("utf-8");  
        response.setCharacterEncoding("utf-8");  
        response.setHeader("Content-Type","text/html; charset=utf-8");  
        HttpSession session = request.getSession();
        String validation_code = (String)session.getAttribute("validateCode");
        
        String user_name = request.getParameter("username");
        String user_password = request.getParameter("password");
        String user_kind = request.getParameter("kind");
        String verifycode = request.getParameter("verifycode");
        
        UserDao dao = new UserDao();
        User user = dao.login(user_name, user_password, user_kind);
        System.out.println("用户"+user+user_name+user_password+user_kind);
        //request.getSession().setAttribute("username", user_name);
        if(!verifycode.equalsIgnoreCase(validation_code)){
        	request.getSession().setAttribute("verify", "验证码错误，请重新输入！");  //输入的验证码与图片的验证码不一致
        	response.sendRedirect(request.getContextPath()+"/login.jsp");
        }
        else{
        if(user != null){
        	request.getSession().setAttribute("user", user);
        	if(user_kind.equals("管理员")){
        		request.getRequestDispatcher("jsp/ManagerMainPage.jsp").forward(request, response);
        		//response.sendRedirect("jsp/ManagerMainPage.jsp");
				return; 
        	}
        	else{
        		request.getRequestDispatcher("jsp/EmployeeMainPage.jsp").forward(request, response);
        		//response.sendRedirect("jsp/EmployeeMainPage.jsp");
				return;
        	}
        }
        else{
        	request.getSession().setAttribute("message", "用户名或密码错误！");   //登录信息验证错误
			//response.getWriter().write("<script language='javascript'>alert('用户名或密码不正确！')</script>");
			//request.getRequestDispatcher("/login.jsp").forward(request, response);
			response.sendRedirect(request.getContextPath()+"/login.jsp");
        }
	 }
  }
}

截图：

#密码正确，验证码匹配，登录成功