xinghelanchen.github.io

网站登录验证码

2018/12/17 JAVA_WEB

看别人的博客,自己实现了一个网站验证码,这里提供一下我自己的理解

思路

我们需要由服务端生成这个验证码图片,然后展示在网页上,并且自己记录这个图片的文字,用于用户填写以后校验。为了对应到同时登录的用户,我们还需要记录一个对应的关系,所以页面应该生成一个唯一标识,在生成验证码和登录的时候一并提交。

1. 先写生成验证码的代码

@RequestMapping("genCode")
public void  genCZCode(HttpServletRequest request, HttpServletResponse response){
    logger.info("genCode参数 : " + JSON.toJSONString(request.getParameterMap()));
    try {
        System.setProperty("java.awt.headless", "true");
        // 响应头信息
        response.setHeader("Pragma", "No-Cache");
        response.setHeader("Cache-Control", "no-cache");
        response.setDateHeader("Expries", 0);
        String uuid = request.getParameter("uuid");
        // 随机数生成类
        Random random = new Random();
        // 定义验证码的位数
        int size = 5;
        // 定义变量保存生成的验证码
        StringBuilder vCode = new StringBuilder();
        char c;
        // 产生验证码
        for (int i = 0; i < size; i++) {
            // 产生一个26以内的随机整数
            int number = random.nextInt(26);
            // 如果生成的是偶数,则随机生成一个数字
            if (number % 2 == 0) {
                c = (char) ('0' + (char) ((int) (Math.random() * 10)));
                // 如果生成的是奇数,则随机生成一个字母
            } else {
                c = (char) ((char) ((int) (Math.random() * 26)) + 'A');
            }
            vCode.append(c);
        }
        // 保存生成的5位验证码(这里正常应该保存到数据库或者redis,我这里只是做一个demo)
        FileUtils.touch(new File("C:/Users/yantao/Desktop/user.info"));
        FileUtils.writeByteArrayToFile(new File("C:/Users/yantao/Desktop/user.info"), (uuid + "-" + vCode).getBytes());
        System.out.println(uuid + "-" + vCode);
        // 验证码图片的生成
        // 定义图片的宽度和高度
        int width = (int) Math.ceil(size * 20);
        int height = 50;
        BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
        // 获取图片的上下文
        Graphics gr = image.getGraphics();
        // 设定图片背景颜色
        gr.setColor(Color.WHITE);
        gr.fillRect(0, 0, width, height);
        // 设定图片边框
        gr.setColor(Color.GRAY);
        gr.drawRect(0, 0, width - 1, height - 1);
        // 画十条干扰线
        for (int i = 0; i < 5; i++) {
            int x1 = random.nextInt(width);
            int y1 = random.nextInt(height);
            int x2 = random.nextInt(width);
            int y2 = random.nextInt(height);
            gr.setColor(randomColor());
            gr.drawLine(x1, y1, x2, y2);
        }
        // 设置字体,画验证码
        gr.setColor(randomColor());
        gr.setFont(randomFont());
        gr.drawString(vCode.toString(), 10, 22);
        // 图像生效
        gr.dispose();
        // 输出到页面
        ImageIO.write(image, "PNG", response.getOutputStream());
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}

private String[] fontNames = { "宋体", "华文楷体", "黑体", "微软雅黑", "楷体_GB2312" };
private Random r = new Random();


/**
 * 生成随机的颜色
 */
private Color randomColor() {
    int red = r.nextInt(150);
    int green = r.nextInt(150);
    int blue = r.nextInt(150);
    return new Color(red, green, blue);
}

/**
 * 生成随机的字体
 */
private Font randomFont() {
    int index = r.nextInt(fontNames.length);
    // 生成随机的字体名称
    String fontName = fontNames[index];
    int style = r.nextInt(4);
    // 生成随机字号, 24 ~ 28
    int size = r.nextInt(3) + 24;
    return new Font(fontName, style, size);
}

2. 然后是页面的代码

页面有两个请求后端的地方,一个是获取刷新验证码,一个是登录的请求。

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8"/>
    <title>验证码demo</title>
    <script src="https://cdn.bootcss.com/jquery/3.3.1/jquery.min.js"></script>
</head>
<body class="login-page">
<section class="login-contain" style="border-radius:15px">
    <h1>登录</h1>
    <div class="form-content">
        <input onkeydown="KeyDown()" autocomplete="off"
               type="text" placeholder="用户名..." class="input1" id="adminName"/><br/>
        <input onkeydown="KeyDown()" autocomplete="off"
               type="password" placeholder="密码..." class="input1" id="adminPwd"/><br/>
        <input onkeydown="KeyDown()" type="text" maxlength="5" id="code">
        <div>
            <img id="codeimg" onclick="flushimg()">
        </div>
        <br/>
        <button style="background-color: #4BCFA2;padding: 12px 15px;" class="btn btn-lg btn-block"
                onclick="login()">立即登录
        </button>
    </div>
</section>
<div class="mask"></div>
<script type="text/javascript">
    var serverWeb = "${basePath}";
    var uuid = guid();
    flushimg();

    function guid() {
        return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g,
            function (c) {
                var r = Math.random() * 16 | 0, v = c == 'x' ? r
                    : (r & 0x3 | 0x8);
                return v.toString(16);
            });
    }

    function flushimg() {
        var imgsrc = serverWeb + "/image/genCode?v=" + Math.random() + "&uuid=" + uuid
        $("#codeimg").attr("src", imgsrc)
        $("#code").val("")
    }
    
    function login() {
        var code = $("#code").val()
        if ($("#username").val() == "" || $("#password").val() == "") {
            layer.msg('请输入用户名或密码进行登录', {time: 1000});
            return;
        }

        $.ajax({
            async: false,
            type: 'POST',
            url: serverWeb + '/login/dologin',
            contentType: "application/x-www-form-urlencoded",
            data: {
                account: $("#adminName").val(),
                pwd: $("#adminPwd").val(),
                uuid: uuid,
                code: code
            },
            datatype: 'json',
            success: function (result) {
                var result = JSON.parse(result);
                if (result.status == 'success') {
                    window.location.href = serverWeb + 'index';
                } else {
                    if (result.msg) {
                        alert(result.msg)
                    } else {
                        // 登录失败
                        layer.msg('用户名或者密码错误,请重新登录', {time: 1000});
                    }
                    flushimg()
                }
            }
        });
    }
</script>
</body>
</html>

3. 验证的时候拿用户提交的和保存的进行比较即可

@RequestMapping(value = "dologin")
@ResponseBody
public String dologin(HttpServletRequest request) throws IOException {
    JSONObject result = new JSONObject();
    String uuid = request.getParameter("uuid");
    String code = request.getParameter("code");
    System.out.println("客户端请求的uuid:" + uuid);
    System.out.println("客户端请求的code:" + code);

    String fileStr = FileUtils.readFileToString(new File("C:/Users/yantao/Desktop/user.info"));
    String cacheUuid = fileStr.split("-")[0];
    String cacheCode = fileStr.split("-")[1];
    if (uuid.equals(cacheUuid) && code.equals(cacheCode)) {
        result.put("status", "success");
    } else {
        result.put("status", "fail");
        result.put("msg", "验证失败");
    }

    return result.toJSONString();
}

Search

    Table of Contents