思路:
每个用户登录时,将生成的验证码保存到session 中,将用户输入的验证码与session 中取得的值比较
GetImageServlet.java:
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
int width=80;
int height=40;
BufferedImage image=new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
//画边框
Graphics g=image.getGraphics();
g.setColor(Color.BLACK);
g.fillRect(0, 0, width, height);
g.setColor(Color.WHITE);
g.fillRect(1, 1, width-2, height-2);
String str="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
StringBuffer buffer=new StringBuffer();
//画字体
g.setFont(new Font("宋体",Font.BOLD,30));
Random ran=new Random();
for(int i=0;i<4;i++){
g.setColor(new Color(ran.nextInt(255),ran.nextInt(255),ran.nextInt(255)));//设置字体的随机颜色
int num=ran.nextInt(62);
String s=String.valueOf(str.toCharArray()[num]);
buffer.append(s);
g.drawString(s, 20*i, 30);
}
//将字存到 session 中
HttpSession session=request.getSession();
session.setAttribute("num", buffer.toString());
// response.addCookie(arg0)
//画干扰码
for(int i=0;i<10;i++){
g.setColor(new Color(ran.nextInt(255),ran.nextInt(255),ran.nextInt(255)));//设置干扰线的随机颜色
int x1=ran.nextInt(width);
int y1=ran.nextInt(height);
int x2=ran.nextInt(width);
int y2=ran.nextInt(height);
g.drawLine(x1, y1, x2, y2);
}
response.setContentType("image/jpeg");
ImageIO.write(image, "jpg", response.getOutputStream());
}
LoginServlet.java:
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//取得用户提交的验证码
String imgNum=request.getParameter("imgNum");
//取得 session 中保存的正确的验证码
HttpSession session=request.getSession();
String num=(String)session.getAttribute("num");
//比较是否正确
if(imgNum!=null){
if(imgNum.equalsIgnoreCase(num)){//输入正确
System.out.println("验证码正确");
}
else{//输入错误
System.out.println("验证码错误");
}
//验证码只可以用一次
session.removeAttribute("num");
}else{
System.out.println("验证码失效");
}
}
jsp页面:
<form method="post" action="servlet/LoginServlet">
<img src="/yanzhengma/servlet/GetImageServlet" />
<input type="text" name="imgNum"></input><br/>
<input type="submit" />
</form>
上面这种情况成功的前提是浏览器的cookie 没有被禁用,如果浏览器的 cookie 被禁用了,那么表单的URL 和 图片的 URL 都要被重写,这样才可以成功,如果不是都被重写了,是错误的