用户登录
前言:
在项目实际开发中,会遇到用户登录,注册等功能。下面是我自己写的用户登录的功能并贴上代码(此处代码仅做参考,实际还要参考项目需求,毕竟没有业务的代码叫demo)废话不多说直接上码
1 随机生成了图形验证码(在此介绍个springboot的注解来解决跨域问题也就是@CrossOrigin)
2 生成随机的校验图形验证码,废话不多说直接上码
3 短信发放 (短信发放的时候最好把短信发放的内容存到数据库表里方便统计查询)
@CrossOrigin
@PostMapping("/sendmessage")
public ResVos pwdApply(final HttpServletRequest request, final HttpServletResponse response, @RequestBody Map<String,Object>map) throws ServletException, IOException {
//生成6位验证码,
ResVos resVO = new ResVos();
HttpSession session = request.getSession();
int ph = messageInfoService.countMobile((String) map.get("phone"));
if (ph > 20) {
resVO.setCode(9);
resVO.setMsg("每天短信发放次数已经上限");
return resVO;
} else {
if (session.getAttribute(BaseConst.VERCODERESULT).equals(map.get("verifyCode"))) {
String verifyCodes = String.valueOf(new Random().nextInt(899999) + 100000);
String result = "【悦享空间】您的短信验证码是:" + verifyCodes + ",可用于电子卡查询登录,请勿向他人泄露,2分钟内有效。";
MessageInfoEntity messageInfoEntity = new MessageInfoEntity();
messageInfoEntity.setMobile(String.valueOf(map.get("phone")));
messageInfoEntity.setMsg(result);
List<MessageInfoEntity> list = new ArrayList();
list.add(messageInfoEntity);
MessageInfoEntity pp = messageInfoService.selectTimes((String) map.get("phone"));
if(pp==null){
R r = messageInfoService.sendMessageByBatch(list);
session.setAttribute("verCode", verifyCodes);
this.removeAttrbuts(session, "verCode");
resVO.setCode(0);
resVO.setMsg("发送成功,注意查收");
session.removeAttribute(BaseConst.VERCODERESULT);
return resVO;
}else {
Date d = new Date();
long between=(d.getTime()-pp.getSendoutTime().getTime())/1000;
long c=between%3600/60;
if(c<=2){
resVO.setCode(11);
resVO.setMsg("请2分钟后再试");
return resVO;
}else {
R r = messageInfoService.sendMessageByBatch(list);
session.setAttribute("verCode", verifyCodes);
this.removeAttrbuts(session, "verCode");
resVO.setCode(0);
resVO.setMsg("发送成功,注意查收");
session.removeAttribute(BaseConst.VERCODERESULT);
return resVO;
}
}
} else{
resVO.setCode(1);
resVO.setMsg("计算结果错误");
return resVO;
}
}
}
4 以上步骤完成下面就是重要的一步就是登陆(此处登陆建议大家做个拦截没有登陆的用户不让其访问页面跳转到登陆进行登陆,具体要看需求,业务)
@CrossOrigin
@PostMapping("/login")
public ResVoss Verification(HttpServletRequest request,HttpServletResponse response ,@RequestBody Map<String,Object>map) throws ServletException, IOException {
HttpSession session = request.getSession();
session.setAttribute("phone", String.valueOf(map.get("phone")));
System.out.println(session.getAttribute("phone"));
System.out.println(session.getId());
ResVoss resVos = new ResVoss();
List<CardClientUserEntity> list = cardClientUserService.selectByPhone(String.valueOf(map.get("phone")));
try {
if (!session.getAttribute("verCode").equals(map.get("verCode"))) {
resVos.setCode(5);
resVos.setMsg("验证码错误");
return resVos;
} else if (list.size() == 0) {
resVos.setCode(2);
resVos.setMsg("抱歉,您未获得登录权限");
return resVos;
} else if (null == session.getAttribute("verCode")) {
resVos.setCode(3);
resVos.setMsg("验证码过期");
return resVos;
} else if (session.getAttribute(("verCode")).equals(map.get("verCode"))) {
resVos.setCode(0);
resVos.setMsg("登录成功");
return resVos;
}
} catch (NullPointerException e) {
resVos.setCode(6);
resVos.setMsg("请获取短信验证码");
return resVos;
}
return resVos;
}
5 总结
1 因为在登陆成功后要进行首页展示,所以有涉及到安全方面建议小伙伴在登陆的时候进行拦截(如果用户没有登陆,则返回到登陆页面进行登陆)另因为登陆成功后要进行首页展示此处安全问题(把用户存信息到缓存中我用的是session )并从缓存中获取
2在做短信发放的时候防止短信炸弹轰炸这也是前面提到短信最好存到数据库中,短信有发放次数和有效时间