登录验证---添加验证码验证,Cookie保存功能
1,登录表单,login.jsp
View Code
1 <%@ page contentType="text/html" pageEncoding="GBK"%>
2 <%
3 request.setCharacterEncoding("GBK");
4 %>
5 <center>
6 <form action="check.jsp" method="post">
7 <h1>用户登录</h1>
8 <%=request.getAttribute("errMsg")!=null? request.getAttribute("errMsg"):""%><br>
9 用户名:<input type="text" name="username"><br/>
10 密 码:<input type="password" name="password"><br/>
11 验证码: <input name="code" type="text" size="4" maxlength="4"><img src="image.jsp"/><br/>
12 保存密码:<select name="saveTime">
13 <option value="<%=0%>">不保存</option>
14 <option value="<%=3600*24%>">保存一天</option>
15 <option value="<%=3600*24*7%>">保存一星期</option>
16 <option value="<%=3600*24*30%>">保存一月</option>
17 <option value="<%=3600*24*30*12%>">保存一年</option>
18 </select><br/><br/>
19 <input type="submit" value="登录">
20 </form>
21 </center>
2,JDBC校验,check.jsp
View Code
1 <%@ page contentType="text/html" pageEncoding="GBK"%>
2 <%@ page import="java.sql.*"%>
3 <%
4 request.setCharacterEncoding("GBK");
5 String rand=(String)session.getAttribute("rand");
6 String userName=request.getParameter("username");
7 String userPass=request.getParameter("password");
8 String code=request.getParameter("code");
9 String DBDRIVER="oracle.jdbc.driver.OracleDriver";
10 String DBURL="jdbc:oracle:thin:@localhost:1521:study";
11 String DBUSER="scott";
12 String DBPASSWORD="tiger";
13 long cookieTime=0;
14 try
15 {
16 cookieTime=Long.parseLong(request.getParameter("saveTime"));
17 }
18 catch(Exception ex)
19 {
20
21 }
22
23
24 Connection conn=null;
25 PreparedStatement psmt=null;
26 ResultSet rst=null;
27
28 boolean flag=false;
29 %>
30 <% //判断用户名密码是否为空
31 if(("".equals(userName)||null==userName)||("".equals(userPass)||null==userPass))
32 {
33 request.setAttribute("errMsg","用户名或密码不能为空!");
34 %>
35 <jsp:forward page="login.jsp"/>
36 <%
37 }
38 %>
39 <% //判断验证码是否正确
40 if(!code.equalsIgnoreCase(rand))
41 {
42 request.setAttribute("errMsg","输入的验证码不正确");
43 %>
44 <jsp:forward page="login.jsp"/>
45 <%
46 }
47 %>
48 <%
49 String sql="select id,username,password from userinfo where username=? and password=?";
50 Class.forName(DBDRIVER);
51 try
52 {
53 conn=DriverManager.getConnection(DBURL,DBUSER,DBPASSWORD);
54 psmt=conn.prepareStatement(sql);
55 psmt.setString(1,userName);
56 psmt.setString(2,userPass);
57 rst=psmt.executeQuery();
58 if(rst.next())
59 {
60 String name=rst.getString(2);
61 String password=rst.getString(3);
62 session.setAttribute("userid",rst.getInt(1));
63 session.setAttribute("username",rst.getString(2));
64 Cookie c1=new Cookie("username",name);
65 Cookie c2=new Cookie("password",password);
66 c1.setMaxAge((int)cookieTime);
67 c2.setMaxAge((int)cookieTime);
68 response.addCookie(c1);
69 response.addCookie(c1);
70 flag=true;
71 }
72 else
73 {
74 request.setAttribute("errMsg","用户名或密码不正确!");
75 }
76 }
77 catch(Exception ex)
78 {
79 ex.printStackTrace();
80 }
81 finally
82 {
83 try
84 {
85 conn.close();
86 }
87 catch(Exception ex)
88 {
89 ex.printStackTrace();
90 }
91 }
92 %>
93 <%
94 if(flag)
95 {
96 %>
97 <jsp:forward page="welcome.jsp"/>
98 <%
99 }
100 else
101 {
102 %>
103 <jsp:forward page="login.jsp"/>
104 <%
105 }
106 %>
3,Cookie的验证,cookie.jsp
View Code
1 <%@ page contentType="text/html" pageEncoding="GBK"%>
2 <%@ page import="java.sql.*"%>
3 <%
4 if(session.getAttribute("username")==null)
5 {
6 String userName=null;
7 String userPass=null;
8 Cookie[] ck=request.getCookies();
9 for(int i=0;i<ck.length;i++)
10 {
11 if("username".equals(ck[i].getName()))
12 {
13 userName=ck[i].getValue();
14 }
15 if("password".equals(ck[i].getName()))
16 {
17 userPass=ck[i].getValue();
18 }
19 }
20 %>
21 <%
22 String DBDRIVER="oracle.jdbc.driver.OracleDriver";
23 String DBURL="jdbc:oracle:thin:@localhost:1521:study";
24 String DBUSER="scott";
25 String DBPASSWORD="tiger";
26 Connection conn=null;
27 PreparedStatement psmt=null;
28 ResultSet rst=null;
29 String sql="select id,username,password from userinfo where username=? and password=?";
30 Class.forName(DBDRIVER);
31 try
32 {
33 conn=DriverManager.getConnection(DBURL,DBUSER,DBPASSWORD);
34 psmt=conn.prepareStatement(sql);
35 psmt.setString(1,userName);
36 psmt.setString(2,userPass);
37 rst=psmt.executeQuery();
38 if(rst.next())
39 {
40 String name=rst.getString(2);
41 String password=rst.getString(3);
42 session.setAttribute("userid",rst.getInt(1));
43 session.setAttribute("username",rst.getString(2));
44 }
45 else
46 {
47 request.setAttribute("errMsg","用户名或密码不正确!");
48 }
49 }
50 catch(Exception ex)
51 {
52 ex.printStackTrace();
53 }
54 finally
55 {
56 try
57 {
58 conn.close();
59 }
60 catch(Exception ex)
61 {
62 ex.printStackTrace();
63 }
64 }
65 %>
66 <%
67 }
68 %>
这里需要注意的是,在登录成功的欢迎页面中包含了此页面,通过判断session中是否存在登录成功后保存的用户名信息,进行处理。(如果没有就进行cookie信息的验证)
4,欢迎页,welcom.jsp
View Code
1 <%@ page contentType="text/html" pageEncoding="GBK"%>
2 <% request.setCharacterEncoding("GBK"); %>
3 <jsp:include page="cookie.jsp"/>
4 <%
5 if(session.getAttribute("username")!=null)
6 {
7 %>
8 <h1>欢迎,<%=session.getAttribute("username")%>光临,此用户id为:<%=session.getAttribute("userid")%></h1>
9 <a href="invalidate.jsp">注销登录</a>
10
11 <%
12 }
13 %>
5,注销session,invalidate.jsp
View Code
1 <%@ page contentType="text/html" pageEncoding="GBK"%>
2 <%
3 request.setCharacterEncoding("GBK");
4 session.invalidate();
5 %>
