首先,我们要知道为什么要设置验证码、
原因很简单:
加验证码的目的是:必须要人工操作,防止提交错误登录信息,暴力破解密码,如果有人恶意登录,服务器压力会很大,甚至宕机。
为了防止我们用的别人的验证码图片,各个页面的验证码串通。所以每个页面的验证码图片都需要带一个图片的token,验证码登录一旦匹配成功之后,服务器验证码信息需要删掉的,防止下次匹配还能使用。验证码不能存到数据库中,因为做验证吗的目的就是必须先通过了验证码信息,才去数据库匹配账号密码。
说人话就是:防止数据库被恶意频繁发送请求,必须人工操作才能走到查询数据库那一步
这里要注意的是:最好用后端验证码,前端验证码验证还是可能会受到ajax请求攻击的,可以说前端验证码起不到防止直接请求数据库的作用
后端验证码代码实现(是一个servlet页面)
package com.qcby.servlet;
import java.awt.Color;
import java.awt.Font;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class CodeServlet
*/
@WebServlet("/code")
public class CodeServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#service(HttpServletRequest request, HttpServletResponse response)
*/
protected void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// TODO Auto-generated method stub
//创建空白图片
BufferedImage image = new BufferedImage(100, 30, BufferedImage.TYPE_INT_RGB);
//获取图片画笔
java.awt.Graphics g = image.getGraphics();
Random r = new Random();
//设置画笔颜色
g.setColor(new Color(r.nextInt(255),r.nextInt(255),r.nextInt(255)));
//绘制矩形背景
g.fillRect(0, 0, 100, 30);
//绘制n条干扰线
for(int i=0;i<10;i++) {
g.setColor(new Color(r.nextInt(255),r.nextInt(255),r.nextInt(255)));
g.drawLine(r.nextInt(100),r.nextInt(30),r.nextInt(100), r.nextInt(30));
}
//调用方法,获取长度为n的随机字符串
String number = getNumbers(5);
g.setFont(new Font(null,Font.ITALIC+Font.BOLD,24));
g.drawString(number,5,25);
response.setContentType("image/jpeg");
OutputStream out = response.getOutputStream();
ImageIO.write(image, "jpeg", out);
out.close();
}
public String getNumbers(int size) {
String string = "QWERTYUIOPASDFGHJKLZXCVBNM0123456789";
String number="";
Random r=new Random();
for(int i=0;i<size;i++) {
char c=string.charAt(r.nextInt(string.length()));
number=number+c;
}
return number;
}
}
直接发送code请求进行测试
放前端页面查看<img src="code">
前端代码写的验证码:
var show_num = [];
draw(show_num);
function dj(){
draw(show_num);
}
function draw(show_num) {
var canvas_width=document.getElementById('canvas').clientWidth;
var canvas_height=document.getElementById('canvas').clientHeight;
var canvas = document.getElementById("canvas");//获取到canvas的对象,演员
var context = canvas.getContext("2d");//获取到canvas画图的环境,演员表演的舞台
canvas.width = canvas_width;
canvas.height = canvas_height;
var sCode = "A,B,C,E,F,G,H,J,K,L,M,N,P,Q,R,S,T,W,X,Y,Z,1,2,3,4,5,6,7,8,9,0,q,w,e,r,t,y,u,i,o,p,a,s,d,f,g,h,j,k,l,z,x,c,v,b,n,m";
var aCode = sCode.split(",");
var aLength = aCode.length;//获取到数组的长度
for (var i = 0; i <= 3; i++) {
var j = Math.floor(Math.random() * aLength);//获取到随机的索引值
var deg = Math.random() * 30 * Math.PI / 180;//产生0~30之间的随机弧度
var txt = aCode[j];//得到随机的一个内容
show_num[i] = txt;
var x = 10 + i * 20;//文字在canvas上的x坐标
var y = 20 + Math.random() * 8;//文字在canvas上的y坐标
context.font = "bold 23px 微软雅黑";
context.translate(x, y);
context.rotate(deg);
context.fillStyle = randomColor();
context.fillText(txt, 0, 0);
context.rotate(-deg);
context.translate(-x, -y);
}
for (var i = 0; i <= 5; i++) { //验证码上显示线条
context.strokeStyle = randomColor();
context.beginPath();
context.moveTo(Math.random() * canvas_width, Math.random() * canvas_height);
context.lineTo(Math.random() * canvas_width, Math.random() * canvas_height);
context.stroke();
}
for (var i = 0; i <= 30; i++) { //验证码上显示小点
context.strokeStyle = randomColor();
context.beginPath();
var x = Math.random() * canvas_width;
var y = Math.random() * canvas_height;
context.moveTo(x, y);
context.lineTo(x + 1, y + 1);
context.stroke();
}
}
function randomColor() {//得到随机的颜色值
var r = Math.floor(Math.random() * 256);
var g = Math.floor(Math.random() * 256);
var b = Math.floor(Math.random() * 256);
return "rgb(" + r + "," + g + "," + b + ")";
}
//定义加载数据函数
function loadData(){
//发起请求
var account = $(".account").val();
var password = $(".password").val();
var code = $("#text").val();
var num = show_num.join("");
console.log(code);
$.cookie("tea_phone",account);
if(code==''){
alert('请输入验证码!');
}else if(code == num){
//document.getElementById(".input-val").val('');
// draw(show_num);
$.ajax({
url:"login?action=teacher",
type:"get",
data:{
"account":account,
"password":password,
},
success:function(data){
console.log(data);
if(data.backcode==1){
layer.msg(data.msg,{
time:1000
},
function(){
location.href = "router?path=教师框"
});
}else{
layer.msg("账号不存在,请注册后登录");
}
},
error:function(data){
alert("登陆失败");
}
})
}else{
layer.alert("验证码错误,请重新输入");
//layer.alert('验证码错误!\n你输入的是: '+code+"\n正确的是: "+num+'\n请重新输入!');
$(".code").value='';
draw(show_num);
}
}
<canvas id="canvas" onclick="dj()" ></canvas> (标签显示二维码)