沒有驗證碼帶來的問題
- 對特定用戶不斷登錄破解密碼。
- 對某個網站創建賬戶。
- 對某個網站提交垃圾數據。
- 對某個網站刷票。
通過驗證碼由用戶肉眼識別其中的驗證碼信息,從而區分用戶是人還是計算機。
定義:
- 驗證碼(CAPTCHA):是一種區分用戶是計算機還是人的公共全自動程序。
-
作用:防止惡意破解密碼、刷票、論壇灌水,防止黑客暴力破解。
使用Servlet實現驗證碼
實現圖片驗證碼類GenerateImageCodeServlet.java
GenerateImageCodeServlet.java
import java.awt.Color; import java.awt.Font; import java.awt.Graphics; import java.awt.image.BufferedImage; import java.io.IOException; import java.util.Date; import java.util.Random; import javax.imageio.ImageIO; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class GenerateImageCodeServlet extends HttpServlet { private static final long serialVersionUID = 1L; private static final char[] CH = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890".toCharArray(); private static final int IMAGE_WIDTH = 73; private static final int IMAGE_HEIGHT = 28; private static final int LINE_NUM = 30; private static final int RANDOM_NUM = 4; Random random = new Random(); @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("image/jpg");//設置相應類型,告訴瀏覽器輸出的內容為圖片 response.setHeader("Pragma", "No-cache");//設置響應頭信息,告訴瀏覽器不要緩存此內容 response.setHeader("Cache-Control", "no-cache"); response.setDateHeader("Expire", new Date().getTime()); BufferedImage bi = new BufferedImage(IMAGE_WIDTH, IMAGE_HEIGHT, BufferedImage.TYPE_INT_BGR); Graphics g = bi.getGraphics(); g.fillRect(0, 0, IMAGE_WIDTH, IMAGE_HEIGHT); g.setColor(getRandomColor(110, 133)); g.setFont(new Font("Times New Roman", Font.ROMAN_BASELINE, 18)); // 繪制干擾線 for (int i = 1; i <= LINE_NUM; i++) { int x = random.nextInt(IMAGE_WIDTH); int y = random.nextInt(IMAGE_HEIGHT); int xl = random.nextInt(13); int yl = random.nextInt(15); g.drawLine(x, y, x + xl, y + yl); } // 繪制隨機字符 StringBuilder sb = new StringBuilder(); String str = null; for (int i = 0; i < RANDOM_NUM; i++) { g.setFont(new Font("Fixedsys", Font.CENTER_BASELINE, 18)); g.setColor(new Color(random.nextInt(101), random.nextInt(111), random.nextInt(121))); str = CH[random.nextInt(CH.length)] + ""; g.drawString(str, 13 * i, 16); g.translate(random.nextInt(3), random.nextInt(3)); sb.append(str); } g.dispose(); request.getSession().setAttribute("safeCode", sb.toString()); ImageIO.write(bi, "JPG", response.getOutputStream()); } /** * 獲得顏色 */ private Color getRandomColor(int fc, int bc) { if (fc > 255) fc = 255; if (bc > 255) bc = 255; int r = fc + random.nextInt(bc - fc - 16); int g = fc + random.nextInt(bc - fc - 14); int b = fc + random.nextInt(bc - fc - 18); return new Color(r, g, b); } }
登錄驗證LoginServlet.java
import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LoginServlet extends HttpServlet{ private static final long serialVersionUID = 1L; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("text/html;charset=gbk"); String safeCode = (String) req.getSession().getAttribute("safeCode"); String checkcode = req.getParameter("checkcode"); PrintWriter out = resp.getWriter(); if (safeCode.equalsIgnoreCase(checkcode)) { out.println("驗證碼正確"); } else { out.println("驗證碼錯誤"); } out.flush(); out.close(); } }
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <servlet> <servlet-name>ImageCodeServlet</servlet-name> <servlet-class>com.lijy.servlet.GenerateImageCodeServlet</servlet-class> </servlet> <servlet> <servlet-name>LoginServlet</servlet-name> <servlet-class>com.lijy.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ImageCodeServlet</servlet-name> <url-pattern>/safe_code</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>LoginServlet</servlet-name> <url-pattern>/login</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>checkcodes</title> <script type="text/javascript"> function reloadCode() { var time = new Date().getTime(); document.getElementById("imagecode").src="<%=request.getContextPath()%>/safe_code?d="+time; } </script> </head> <body> <form action="<%=request.getContextPath()%>/login" method="get"> 驗證碼:<input type="text" name="checkcode" /> <img alt="驗證碼" id="imagecode" src="<%=request.getContextPath()%>/safe_code"> <a href="javascript:reloadCode();">看不清楚</a><br/> <input type="submit" value="提交" /> <hr> </form> </body> </html>
頁面截圖
