1.没有验证码带来的问题?
1.对特定用户不断登录破解密码
2.对某个网站创建账户
3.对某个网站提交垃圾数据
4.3对某个网站刷票
2.验证码定义:
区分用户是电脑还是人的公共全自动程序。如:登录,是人为还是电脑自动登录。
防止: 恶意破解密码、刷票等。
3.servlet 实现验证码?
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<script type="text/javascript">
function reloadCode(){
document.getElementById("imagescode").src="<%=request.getContextPath()%>/servlet/ImageServlet?d="+new Date().getTime();
}
</script>
</head>
<body>
<form action="<%=request.getContextPath()%>/servlet/LoginServlet" method="get">
验证码:<input type="text" name="checkcode"><img alt="验证码" id="imagescode" src="<%=request.getContextPath()%>/servlet/ImageServlet">
<a href="javascript:reloadCode();">看不清楚</a><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
package cn.lanz.images;
import java.awt.Color;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ImageServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
BufferedImage bi=new BufferedImage(68, 32, BufferedImage.TYPE_INT_BGR);
Graphics g=bi.getGraphics();
Color c=new Color(200,150,255);
g.setColor(c);
g.fillRect(0, 0, 68, 32);
char[] ch="ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
Random r=new Random();
int len=ch.length,index;
StringBuffer sb=new StringBuffer();
for(int i=0;i<4;i++){
index=r.nextInt(len);
g.setColor(new Color(r.nextInt(79),r.nextInt(135),r.nextInt(202)));
g.drawString(ch[index]+"", (i*15)+3, 18);
sb.append(ch[index]);
}
request.getSession().setAttribute("piccode", sb.toString());
ImageIO.write(bi, "JPG", response.getOutputStream());
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
}
}
package cn.lanz.images;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginServlet extends HttpServlet{
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
String piccode=request.getSession().getAttribute("piccode").toString();
String checkcode=request.getParameter("checkcode");
checkcode=checkcode.toUpperCase();//转为小写
PrintWriter pw=response.getWriter();
if(checkcode.equals(piccode)){
pw.println("验证码正确!");
}else{
pw.println("验证码错误!");
}
pw.flush();
pw.close();
}
}
4.用Jcaptche组件实现验证码