实现MD5加密登录的相关信息,以跟自由的方式进行加密,以防止网络数据抓取和数据库泄露的数据安全手段。
package com.xxxx.seckill.utils;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.stereotype.Component;
/**
* @author heyanfeng
* @version 1.0
* @description: MD5加密工具类
* @date 2022/7/29 14:02
*/
@Component
public class MD5Util {
public static String md5(String src){
return DigestUtils.md5Hex(src);
}
//此处的研是与前端共同规范的用于第一次加密数据,防止明文。
private static final String salt="1a2b3c4d" ;
/**
* 第一次加密,前端的加密数据
* @author yanfeng
* @date 2023-02-07
* @param inputPass
* @return
*/
public static String inputPassToFromPass(String inputPass) {
String str = "" +salt.charAt(0) + salt.charAt(2) + inputPass + salt.charAt(5) + salt.charAt(4);
return md5(str);
}
/**
* 第二次加密,放入数据的加密数据,二次加密为数据库加密,此处的研可以自定义,不传默认以公共的研进行第二次加密
* @author yanfeng
* @date 2023-02-07
* @param formPass
* @param salt
* @return
*/
public static String formPassToDBPass(String formPass,String salt) {
String str = "" +salt.charAt(0) + salt.charAt(2) + formPass + salt.charAt(5) + salt.charAt(4);
return md5(str);
}
/**
* 从前端传来的密码,直接转换为可存入数据库的加密数据
* @author yanfeng
* @date 2023-02-07
* @param inputPass
* @param salt
* @return
*/
public static String inputPassToDBPass(String inputPass, String salt) {
String fromPass = inputPassToFromPass(inputPass);
String dbPass = formPassToDBPass(fromPass, salt);
return dbPass;
}
public static void main(String[] args) {
//d3b1294a61a07da9b49b6e22b2cbd7f9
System.out.println(inputPassToFromPass("123456"));
System.out.println(formPassToDBPass("d3b1294a61a07da9b49b6e22b2cbd7f9", "1a2b3c4d"));
System.out.println(inputPassToDBPass("123456", "1a2b3c4d"));
}
}
Service 接口和实现部分代码块
/**
* @Author heyanfeng
* @Description // 登录
* @Date 11:03 2022/8/1
* @Param [loginVo, request, response]
* @return com.xxxx.seckill.vo.RespBean
**/
RespBean doLogin(LoginVo loginVo, HttpServletRequest request, HttpServletResponse response);
//======================================================================================================
/**
* @Author heyanfeng
* @Description // 登录
* @Date 11:03 2022/8/1
* @Param [loginVo, request, response]
* @return com.xxxx.seckill.vo.RespBean
**/
@Override
public RespBean doLogin(LoginVo loginVo, HttpServletRequest request, HttpServletResponse response) {
String mobile = loginVo.getMobile();
String password = loginVo.getPassword();
//根据手机号获取用户
User user = userMapper.selectById (mobile);
if (null == user){
throw new GlobalException(RespBeanEnum.LOGIN_ERROR);
}
System.out.println("校验密码:"+MD5Util.formPassToDBPass(password, user.getSalt()));
//判断密码是否正确
if (!MD5Util.formPassToDBPass(password , user.getSalt()).equals(user.getPassword())){
throw new GlobalException(RespBeanEnum.LOGIN_ERROR);
}
//生成cookie
String ticket = UUIDUtil.uuid();
//将用户信息存入redis中
redisTemplate.opsForValue().set("user:"+ticket,user);
// request.getSession().setAttribute(ticket,user);
CookieUtil.setCookie(request,response, "userTicket" ,ticket);
return RespBean.success(ticket);
}
controller部分代码块
/**
* @Author heyanfeng
* @Description // 登录功能
* @Date 17:20 2022/7/29
* @Param [loginVo]
* @return com.xxxx.seckill.vo.RespBean
**/
@RequestMapping("doLogin")
@ResponseBody
public RespBean doLogin(@Validated LoginVo loginVo, HttpServletRequest request, HttpServletResponse response){
log.info("{}",loginVo);
return userService.doLogin(loginVo, request,response);
}
html页面部分
<!DOCTYPE html>
<html lang="en"
xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>登录</title>
<!-- jquery -->
<script type="text/javascript" th:src="@{/js/jquery.min.js}"></script>
<!-- bootstrap -->
<link rel="stylesheet" type="text/css" th:href="@{/bootstrap/css/bootstrap.min.css}"/>
<script type="text/javascript" th:src="@{/bootstrap/js/bootstrap.min.js}"></script>
<!-- jquery-validator -->
<script type="text/javascript" th:src="@{/jquery-validation/jquery.validate.min.js}"></script>
<script type="text/javascript" th:src="@{/jquery-validation/localization/messages_zh.min.js}"></script>
<!-- layer -->
<script type="text/javascript" th:src="@{/layer/layer.js}"></script>
<!-- md5.js -->
<script type="text/javascript" th:src="@{/js/md5.min.js}"></script>
<!-- common.js -->
<script type="text/javascript" th:src="@{/js/common.js}"></script>
</head>
<body>
<form name="loginForm" id="loginForm" method="post" style="width:50%; margin:0 auto">
<h2 style="text-align:center; margin-bottom: 20px">用户登录</h2>
<div class="form-group">
<div class="row">
<label class="form-label col-md-4">请输入手机号码</label>
<div class="col-md-5">
<input id="mobile" name="mobile" class="form-control" type="text" placeholder="手机号码" required="true"
/>
<!-- 取消位数限制 minlength="11" maxlength="11"-->
</div>
<div class="col-md-1">
</div>
</div>
</div>
<div class="form-group">
<div class="row">
<label class="form-label col-md-4">请输入密码</label>
<div class="col-md-5">
<input id="password" name="password" class="form-control" type="password" placeholder="密码"
required="true"
/>
<!-- 取消位数限制 minlength="6" maxlength="16"-->
</div>
</div>
</div>
<div class="row">
<div class="col-md-5">
<button class="btn btn-primary btn-block" type="reset" onclick="reset()">重置</button>
</div>
<div class="col-md-5">
<button class="btn btn-primary btn-block" type="submit" onclick="login()">登录</button>
</div>
</div>
</form>
</body>
<script>
function login() {
$("#loginForm").validate({
submitHandler: function (form) {
doLogin();
}
});
}
function doLogin() {
g_showLoading();
var inputPass = $("#password").val();
var salt = g_passsword_salt;
var str = "" + salt.charAt(0) + salt.charAt(2) + inputPass + salt.charAt(5) + salt.charAt(4);
var password = md5(str);
$.ajax({
url: "/login/doLogin",
type: "POST",
data: {
mobile: $("#mobile").val(),
password: password
},
success: function (data) {
layer.closeAll();
if (data.code == 200) {
layer.msg("成功");
console.log(data);
document.cookie = "userTicket=" + data.object;
window.location.href = "/goods/toList";
} else {
layer.msg(data.message);
}
},
error: function () {
layer.closeAll();
}
});
}
</script>
</html>
项目连接 https://gitee.com/yisheng520/seckill