验证码是目前大多网站所支持并使用于注册登录的。就在于其作用能有效防止暴力攻击、恶意登录注册,验证码每次都不同,
这就可以排除,用其他病毒或者软件自动申请用户及自动登陆.有效防止这种问题。
2、原理及知识点分析
1.原理
验证码于服务器端生成,发送给客户端,并以图像格式显示。客户端提交所显示的验证码,客户端接收并进行比较,若比对失败则不能实现登录或注册,反之成功后跳转相应界面。
2.主要知识
服务器端的相关实现,前端运用 HTML 5,CSS 3 ,(可空白留给美工实现,须有 HTML 基础知识)。
主要是三部分:
(提交界面, 成功及失败的) jsp
(后台对应提交 jsp 验证提交内容的) servlet (生成验证码的) servlet
XML 文档
3、验证码实现前台代码:
java代码:
package com.school.controller;
import java.awt.Color;
import java.awt.Graphics;
import java.awt.Image;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javafx.scene.text.Font;
@WebServlet("/CheckCodeServlet")
public class CheckCodeServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//设置缓存
response.setHeader("pragma", "No-cache");
response.setHeader("Cache-Control", "No-cache");
response.setDateHeader("Expires", 0);
//设置返回数据的类型
response.setContentType("image/gif");
//设置画板大小
int width = 100;
int height = 40;
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR);
//画笔
Graphics g = image.getGraphics();
java.awt.Font font = new java.awt.Font("宋体",java.awt.Font.BOLD,25);
g.setFont(font);
String imagePath = request.getServletContext().getRealPath("/img/codeBackg.jpg");
Image image1 = ImageIO.read(new File(imagePath));
g.drawImage(image1,0,0,100,40,null);
String source = "0123456789abcdefghijklmABCDEFGH好人坏人";
String infor = "";
for (int i = 0; i < 4; i++) {
//随机取一个字符
int index = new Random().nextInt(source.length()-1);
char myCode = source.charAt(index);
//让字的颜色随机
Random random = new Random();
g.setColor(new Color(20+random.nextInt(120),20+random.nextInt(120),20+random.nextInt(120)));
//画入文字
g.drawString(myCode+"", 15+i*20, 20+new Random().nextInt(10));
//画入干扰线
g.drawLine(random.nextInt(100), random.nextInt(40), random.nextInt(100), random.nextInt(40));
infor += myCode;
}
//记录到session,以备将来匹配
request.getSession().setAttribute("infor", infor);
//释放资源
g.dispose();
OutputStream out = response.getOutputStream();
ImageIO.write(image,"gif", out);
out.flush();
out.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
//接收输入的验证码
String code = request.getParameter("code");
//接收java生成的验证码
String infor = (String) request.getSession().getAttribute("infor");
//用equalsIgoreCase()方法判断是否相等,不区分大小写
if(!code.equalsIgnoreCase(infor)){
//不正确
loginError.put("code", "验证码不正确");
}
