利用Session区域完成登录页面校验(包含验证码校验)

网站登录页面验证码校验,通常是服务器通过一个servlet生成验证码,并将验证码存储到session区域中(而非servletcontent或者request域对象中,前者会导致所有人共用一个验证码,而后者则会导致机器人程序获取验证码刷网页)。

因此,我们可以在session区域中获取验证码,并与客户端提交的验证码进行对比,若一直则连接数据库进行用户名密码校验;反之则跳转至当前页面,并返回“验证码错误”的提示信息

package login;

import java.io.IOException;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;

import domain.User;
import tool.C3p0Utils;

public class LoginServlet extends HttpServlet {
	private static final long serialVersionUID = -4635824266612224486L;

	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

		request.setCharacterEncoding("utf-8");
		//获取客户端输入的验证码
		String checkCode_form = request.getParameter("checkCode");
		//获取生成的验证码,存储在session中
		String checkCode_session = (String) request.getSession().getAttribute("checkcode_session");
		//进行对比,如果一直则输入正确,可以提交表单,不一致则返回错误信息
		if(!checkCode_session.equals(checkCode_form)) {
			//返回错误信息,跳转至登录页
			request.setAttribute("loginInfo", "验证码错误");
			request.getRequestDispatcher("/login.jsp").forward(request, response);
		}else {
			//验证码校验成功,连接数据库校验用户名和密码
			//获取用户名和密码
			String username = request.getParameter("username");
			String password = request.getParameter("password");
			User user = login(username, password);
			//对user进行判断,如果为null则在数据库中没有找到对应的用户
			if(user==null) {
				//返回错误信息,跳转至本页面
				request.setAttribute("loginInfo", "用户名或密码错误");
				request.getRequestDispatcher("/login.jsp").forward(request, response);
			}else {
				//登陆成功,跳转至首页
				request.getRequestDispatcher("/index.jsp").forward(request, response);
			}
		}
		
	}
	
	/*
	 * 校验用户名和密码
	 */
	public User login(String username, String password) {
		//获取QueryRunner对象
		QueryRunner qr = new QueryRunner(C3p0Utils.getDataSource());    //c3p0utils是一个封装的工具类,获取连接池
		String sql = "select * from user where username=? and password=?;";
		User user = null;
		try {
			user = qr.query(sql, new BeanHandler<>(User.class), username,password);
		} catch (SQLException e) {
			e.printStackTrace();
		}
		return user;
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}
}

上述代码中的User为JavaBean对象,封装了如username和password的信息。以下为login.jsp的代码

<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>会员登录</title>
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
<script src="js/jquery-1.11.3.min.js" type="text/javascript"></script>
<script src="js/bootstrap.min.js" type="text/javascript"></script>
<!-- 引入自定义css文件 style.css -->
<link rel="stylesheet" href="css/style.css" type="text/css" />

<style>
body {
	margin-top: 20px;
	margin: 0 auto;
}

.carousel-inner .item img {
	width: 100%;
	height: 300px;
}

.container .row div {
	/* position:relative;
				 float:left; */
	
}

font {
	color: #666;
	font-size: 22px;
	font-weight: normal;
	padding-right: 17px;
}
</style>
</head>
<body>

	<!-- 引入header.jsp -->
	<jsp:include page="/header.jsp"></jsp:include>


	<div class="container"
		style="width: 100%; height: 460px; background: #FF2C4C url('images/loginbg.jpg') no-repeat;">
		<div class="row">
			<div class="col-md-7">
				<!--<img src="./image/login.jpg" width="500" height="330" alt="会员登录" title="会员登录">-->
			</div>

			<div class="col-md-5">
				<div
					style="width: 440px; border: 1px solid #E7E7E7; padding: 20px 0 20px 30px; border-radius: 5px; margin-top: 60px; background: #fff;">
					<font>会员登录</font>USER LOGIN
					<div style="color: red;"><%=request.getAttribute("loginInfo")==null?"":request.getAttribute("loginInfo")%></div>
					<form class="form-horizontal" action="/WEB16/login" method='post'>
						<div class="form-group">
							<label for="username" class="col-sm-2 control-label">用户名</label>
							<div class="col-sm-6">
								<input type="text" class="form-control" id="username" name='username'
									placeholder="请输入用户名">
							</div>
						</div>
						<div class="form-group">
							<label for="inputPassword3" class="col-sm-2 control-label">密码</label>
							<div class="col-sm-6">
								<input type="password" class="form-control" id="inputPassword3" name='password'
									placeholder="请输入密码">
							</div>
						</div>
						<div class="form-group">
							<label for="inputPassword3" class="col-sm-2 control-label">验证码</label>
							<div class="col-sm-3">
								<input type="text" class="form-control" id="inputPassword3" name='checkCode'
									placeholder="请输入验证码">
							</div>
							<div class="col-sm-3">
								<img src="/WEB16/checkimg" />
							</div>
						</div>
						<div class="form-group">
							<div class="col-sm-offset-2 col-sm-10">
								<div class="checkbox">
									<label> <input type="checkbox"> 自动登录
									</label>      <label> <input
										type="checkbox"> 记住用户名
									</label>
								</div>
							</div>
						</div>
						<div class="form-group">
							<div class="col-sm-offset-2 col-sm-10">
								<input type="submit" width="100" value="登录" name="submit"
									style="background: url('./images/login.gif') no-repeat scroll 0 0 rgba(0, 0, 0, 0); height: 35px; width: 100px; color: white;">
							</div>
						</div>
					</form>
				</div>
			</div>
		</div>
	</div>

	<!-- 引入footer.jsp -->
	<jsp:include page="/footer.jsp"></jsp:include>

</body>
</html>

阅读更多
个人分类: JavaWeb
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭