用户登录界面(1.8版本)
功能说明:
在登录界面输入与数据库一致的用户信息,session保存用户信息20s并跳转到欢迎界面,在欢迎界面上将数据库中用户信息以分页的方式呈现;
若在登录界面上用户信息正确且勾选了复选框,则先cookie保存用户信息两周,再session保存用户信息20s,并跳转到欢迎页面;
若访问欢迎界面,如果session保存用户信息已过期,则获取用户相关cookie信息是否存在,如果存在则跳转到业务逻辑界面(传递用户名和密码),否则跳转到登录界面.
1.创建数据库与表,关键查询数据sql语句
1 CREATE DATABASE db_user CHARACTER SET utf8; 2 3 CREATE TABLE users ( 4 userid TINYINT UNSIGNED AUTO_INCREMENT PRIMARY KEY, 5 username varchar(20), 6 passwd varchar(20), 7 email varchar(30), 8 priority int 9 ); 10 11 DROP TABLE users; 12 13 SELECT * FROM users; 14 15 INSERT INTO users(username,passwd,email,priority) VALUES('admin','admin','admin@sohu.com',1); 16 INSERT INTO users(username,passwd,email,priority) VALUES('shunping','shunping','shunping@sohu.com',1); 17 INSERT INTO users(username,passwd,email,priority) VALUES('tester1','tester2','tester1@sohu.com',5); 18 INSERT INTO users(username,passwd,email,priority) VALUES('tester2','tester2','tseter2@sohu.com',5); 19 INSERT INTO users(username,passwd,email,priority) VALUES('tester3','tester3','tester3@sohu.com',5); 20 INSERT INTO users(username,passwd,email,priority) VALUES('tester4','tester4','tester4@sohu.com',5); 21 INSERT INTO users(username,passwd,email,priority) VALUES('tester5','tester5','tester5@sohu.com',5); 22 INSERT INTO users(username,passwd,email,priority) VALUES('tester6','tester6','tester6@sohu.com',5); 23 INSERT INTO users(username,passwd,email,priority) VALUES('tester7','tester7','tester7@sohu.com',5); 24 INSERT INTO users(username,passwd,email,priority) VALUES('tester8','tester8','tester8@sohu.com',5); 25 26 //快速增加记录 27 INSERT INTO users(username,passwd,email,priority) SELECT username,passwd,email,priority FROM users; 28 29 SELECT COUNT(*) FROM users; 30 31 //sql语句漏洞 32 SELECT * FROM users WHERE (username="shunping" AND passwd="123" ) OR 1 <> 0;
2.Login3.java 登录界面
填写用户信息,若与数据库中某条记录一致,则跳转到欢迎界面(session保存用户信息20s);若用户信息正确且勾选复选框,则跳转到欢迎界面(先cookie保存用户信息2周,再session保存信息20s);若填写用户信息与数据库中所有记录都不一致,页面显示错误提示.
1 package com.tsinghua; 2 3 import javax.servlet.http.*; 4 import java.io.*; 5 6 public class Login3 extends HttpServlet { 7 public void doGet(HttpServletRequest req,HttpServletResponse res) { 8 try { 9 res.setContentType("text/html;charset=utf8"); 10 PrintWriter pw = res.getWriter(); 11 String info1 = req.getParameter("info1"); 12 String info2 = req.getParameter("info2"); 13 String info3 = req.getParameter("info3"); 14 pw.println("<html>"); 15 pw.println("<body>"); 16 //用户尚未登录提醒 17 if(info1!=null) { 18 pw.println("<span>您还没有登录</span>"); 19 } 20 if(info2 != null) { 21 pw.println("<span>您的密码错误</span>"); 22 } 23 if(info3 != null) { 24 pw.println("<span>您的用户名错误</span>"); 25 } 26 pw.println("<h1>用户登录</h1>"); 27 pw.println("<form action=loginCl3>"); 28 pw.println("用户名:<input type=text name=username><br/>"); 29 pw.println("密码:<input type=pasword name=passwd><br/>"); 30 pw.println("<input type=checkbox name=checked value=2>两周之内不需要登录<br/>"); 31 pw.println("<input type=submit value=login>"); 32 pw.println("</form>"); 33 pw.println("</body>"); 34 pw.println("</html>"); 35 36 }catch(Exception ex) { 37 ex.printStackTrace(); 38 } 39 } 40 public void doPost(HttpServletRequest req,HttpServletResponse res) { 41 this.doGet(req,res); 42 } 43 }
3.LoginCl3.java 业务逻辑处理
对用户填写的信息进行校验(先检查用户名,再检查密码),在登录界面输出相应的错误提醒;若用户信息与数据库某条记录一致且勾选复选框,则跳转到欢迎界面(先cookie保存用户信息2周,再session保存信息20s);若用户信息与数据库某条记录一致但没有勾选复选框,则跳转到欢迎界面(仅session保存信息20s)
1 package com.tsinghua; 2 3 import javax.servlet.http.*; 4 import java.io.*; 5 import java.sql.*; 6 7 public class LoginCl3 extends HttpServlet { 8 public void doGet(HttpServletRequest req,HttpServletResponse res) { 9 //声明Connection对象 10 Connection con=null; 11 Statement stmt=null; 12 ResultSet rs=null; 13 14 try { 15 String user = req.getParameter("username"); 16 String pass = req.getParameter("passwd"); 17 18 19 //加载JDBC驱动 20 Class.forName("com.mysql.jdbc.Driver"); 21 22 //连接数据库(数据库url,数据库的用户名,数据库密码) 23 con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db_user","root",""); 24 25 //创建Statement类对象,用于执行sql语句 26 stmt = con.createStatement(); 27 //返回记录结果 28 //rs = stmt.executeQuery("select * from users where username='"+user+"' and passwd='"+pass+"' limit 1"); 29 30 //修改sql漏洞 31 rs = stmt.executeQuery("select passwd from users where username='"+user+"'"); 32 //存在该用户 33 if(rs.next()){ 34 //得到数据库中该用户的密码 35 String dbPasswd = rs.getString(1); 36 if(dbPasswd.equals(pass)) { 37 //获取复选框 38 String checked = req.getParameter("checked"); 39 if(checked!=null) { 40 41 //创建Cookie 42 Cookie username = new Cookie("myName",user); 43 Cookie passwd = new Cookie("myPasswd",pass); 44 //设置存在时间 45 username.setMaxAge(14*24*60*60); 46 passwd.setMaxAge(14*24*60*60); 47 //将Cookie回写到客户端 48 res.addCookie(username); 49 res.addCookie(passwd); 50 } 51 52 53 HttpSession hs = req.getSession(true); 54 //添加session属性 55 hs.setAttribute("uname",user); 56 //设置存在时间 57 hs.setMaxInactiveInterval(20); 58 59 60 //跳转到欢迎页面 61 res.sendRedirect("wel3?user="+user); 62 }else { 63 res.sendRedirect("login3?info2=err2"); 64 } 65 66 }else { 67 res.sendRedirect("login3?info3=err3"); 68 } 69 }catch(Exception ex) { 70 ex.printStackTrace(); 71 }finally { 72 try { 73 if(rs!=null) { 74 rs.close(); 75 } 76 if(stmt!=null) { 77 stmt.close(); 78 } 79 if(con!=null) { 80 con.close(); 81 } 82 83 }catch(Exception ex) { 84 ex.printStackTrace(); 85 } 86 87 } 88 } 89 public void doPost(HttpServletRequest req,HttpServletResponse res) { 90 this.doGet(req,res); 91 } 92 }
4.Wel3.java 欢迎界面
检验session保存的用户信息是否存在,若不存在,再检测cookie保存的信息是否存在,若不存在则跳转到登录界面,并输出错误提醒;若存在则跳转到业务逻辑处理(传递用户名和密码,进行上述一系列的验证逻辑处理);此时,session保存用户信息存在,将数据库中所有记录分页显示.
1 package com.tsinghua; 2 import javax.servlet.http.*; 3 import java.io.*; 4 import java.sql.*; 5 6 public class Wel3 extends HttpServlet { 7 public void doGet(HttpServletRequest req,HttpServletResponse res) { 8 //数据库 9 Connection con = null; 10 PreparedStatement ps = null; 11 ResultSet rs = null; 12 try { 13 //html格式声明 14 res.setContentType("text/html;charset=utf8"); 15 //分页 16 int pageCount=0; //总共页数 17 int pageSize=3; //每页记录数 18 int rowCount=0; //总共记录数 19 int pageNow=1; //希望当前页数 20 21 String user=""; 22 String pass=""; 23 24 //动态的接收pageNow 25 String sPageNow = req.getParameter("pageCur"); 26 if(sPageNow!=null) { 27 pageNow = Integer.parseInt(sPageNow); 28 } 29 30 31 PrintWriter pw = res.getWriter(); 32 //获取session属性 33 HttpSession hs = req.getSession(true); 34 String name = (String)hs.getAttribute("uname"); 35 36 //session不存在 37 if(name==null) { 38 //检测是否有Cookie信息 39 Cookie []allCookies = req.getCookies(); 40 if(allCookies != null) { 41 for(int i=0;i<allCookies.length;i++) { 42 Cookie temp = allCookies[i]; 43 if(temp.getName().equals("myName")) { 44 user = temp.getValue(); 45 }else if(temp.getName().equals("myPasswd")) { 46 pass = temp.getValue(); 47 } 48 } 49 if(user.equals("")&&pass.equals("")) { 50 res.sendRedirect("loginCl3?username="+user+"&passwd="+pass); 51 }else { 52 //跳转登陆页面,提醒用户未登录 53 res.sendRedirect("login3?info1=err1"); 54 55 } 56 } 57 } 58 59 //session存在 60 //数据库连接 61 Class.forName("com.mysql.jdbc.Driver"); 62 con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db_user","root",""); 63 ps = con.prepareStatement("select count(*) from users"); 64 rs = ps.executeQuery(); 65 if(rs.next()) { 66 rowCount = rs.getInt(1); 67 } 68 ps = con.prepareStatement("select * from users limit ?,?"); 69 //给?赋值 70 ps.setInt(1,(pageNow-1)*pageSize); 71 ps.setInt(2,pageSize); 72 rs=ps.executeQuery(); 73 74 75 //欢迎用户(用户名) 76 pw.println("Welcome your coming,"+name+"<br/>"); 77 //图片 78 pw.println("<img width=100px height=100px src=imgs/KSYoon.jpg>"); 79 //输出分页后users表中信息 80 pw.println("<table border=1>"); 81 pw.println("<tr>"); 82 pw.println("<th>userid</th>"); 83 pw.println("<th>username</th>"); 84 pw.println("<th>passwd</th>"); 85 pw.println("<th>email</th>"); 86 pw.println("<th>priority</th>"); 87 pw.println("</tr>"); 88 89 90 while(rs.next()) { 91 pw.println("<tr>"); 92 pw.println("<td>"+rs.getInt(1)+"</td>"); 93 pw.println("<td>"+rs.getString(2)+"</td>"); 94 pw.println("<td>"+rs.getString(3)+"</td>"); 95 pw.println("<td>"+rs.getString(4)+"</td>"); 96 pw.println("<td>"+rs.getInt(5)+"</td>"); 97 pw.println("</tr>"); 98 } 99 100 pw.println("</table>"); 101 102 //计算pageCount 103 if(rowCount % pageSize == 0) { 104 pageCount = rowCount / pageSize; 105 }else { 106 pageCount = rowCount / pageSize + 1; 107 } 108 //上一页 109 if(pageNow!=1) { 110 pw.println("<a href=wel3?pageCur="+(pageNow-1)+">上一页</a>"); 111 } 112 113 //页数链接 114 for(int i=pageNow;i<pageNow+10;i++) { 115 //想要显示的当前页 116 pw.println("<a href=wel3?pageCur="+i+">"+i+"</a>"); 117 } 118 119 //下一页 120 if(pageNow!=pageCount) { 121 pw.println("<a href=wel3?pageCur="+(pageNow+1)+">下一页</a>"); 122 } 123 }catch(Exception ex) { 124 ex.printStackTrace(); 125 }finally { 126 try { 127 if(rs!=null) { 128 rs.close(); 129 } 130 if(ps!=null) { 131 ps.close(); 132 } 133 if(con!=null) { 134 con.close(); 135 } 136 }catch(Exception ex) { 137 ex.printStackTrace(); 138 } 139 } 140 } 141 public void doPost(HttpServletRequest req,HttpServletResponse res) { 142 this.doGet(req,res); 143 } 144 }
5.对三个java文件进行Servlet部署
1 <servlet> 2 <servlet-name>login3</servlet-name> 3 <servlet-class>com.tsinghua.Login3</servlet-class> 4 </servlet> 5 <servlet-mapping> 6 <servlet-name>login3</servlet-name> 7 <url-pattern>/login3</url-pattern> 8 </servlet-mapping> 9 10 <servlet> 11 <servlet-name>loginCl3</servlet-name> 12 <servlet-class>com.tsinghua.LoginCl3</servlet-class> 13 </servlet> 14 <servlet-mapping> 15 <servlet-name>loginCl3</servlet-name> 16 <url-pattern>/loginCl3</url-pattern> 17 </servlet-mapping> 18 19 <servlet> 20 <servlet-name>wel3</servlet-name> 21 <servlet-class>com.tsinghua.Wel3</servlet-class> 22 </servlet> 23 <servlet-mapping> 24 <servlet-name>wel3</servlet-name> 25 <url-pattern>/wel3</url-pattern> 26 </servlet-mapping> 27 28 <servlet> 29 <servlet-name>cookieTest1</servlet-name> 30 <servlet-class>com.tsinghua.CookieTest1</servlet-class> 31 </servlet> 32 <servlet-mapping> 33 <servlet-name>cookieTest1</servlet-name> 34 <url-pattern>/cookieTest1</url-pattern> 35 </servlet-mapping>
6.将mysql.jar导入包,mysql.jar可下载地址:mysql.jar下载
7.页面效果:
(1)在登录界面输入的信息与数据库某条记录一致,
跳转到登录界面(保存2周)
(2)合法用户登录欢迎界面
url改变,跳转到欢迎界面(通过业务逻辑处理,进行2周保存信息)
(3)若用户信息不正确,可能会出现的情况
当用户名不正确时,
当密码不正确时,
