朱兆平 / agent · 提交

转到一个项目

作者 shenhailong
提交 5de4ceaa2dd7f8f583c5e9a44ef036d7f48afabf 1 个父辈 86b13315

添加 修改登录验证码为 数字加减

内嵌 并排对比
正在显示 6 个修改的文件 包含 315 行增加91 行删除
... ... @@ -9,6 +9,7 @@ package com.agent.controller.system;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.agent.entity.system.FunctionEntity;
... ... @@ -152,75 +153,110 @@ public class LoginController {
@Transactional
@RequestMapping(value = "/doLogin", method = RequestMethod.POST)
@ResponseBody
public ResponseModel doLogin(String loginAccount, String password, String captcha) {
public ResponseModel doLogin(String loginAccount, String password, String captcha, String verifyInput, HttpSession session) {
ResponseModel rm = new ResponseModel(200, "", null);
// 查询该账号是否被禁用
UserEntity userEntity = userService.findLoginaccount(loginAccount);
if (userEntity.getStatus() != 0){
String rand = session.getAttribute("rand").toString();
rm.setStatus(201);
return rm;
}else {
// 等于5次 锁定账户 admin 除外
if (userEntity.getLoginerror() != 5){
SessionUtil.putKey(Constants.CAPTCHA, "");
UserEntity userEntity = userService.findLoginaccount(loginAccount);
UserEntity user = new UserEntity();
user.setLoginaccount(loginAccount);
user.setPassword(password);
if (!loginAccount.equals("admin") && "true".equals(PropertiesLoader.getLogin("openRemoteLogin"))) {
// 远程登录
// 用户数据
LoginData login = FLogin.login(user);
// 登录成功!
if (login.getCode() == 20000) {
// 往数据库中插入数据
UserEntity ue = userService.findByLoginaccount(user.getLoginaccount());
// 用户存在
if (ue != null) {
// 修改密码
userService.updatePassword(ue.getLoginaccount(), MD5Tools.MD5(password));
if (rand.equals(verifyInput)){
if (userEntity.getStatus() != 0){
rm.setStatus(201);
return rm;
}else {
// 等于5次 锁定账户 admin 除外
if (userEntity.getLoginerror() != 5){
SessionUtil.putKey(Constants.CAPTCHA, "");
UserEntity user = new UserEntity();
user.setLoginaccount(loginAccount);
user.setPassword(password);
if (!loginAccount.equals("admin") && "true".equals(PropertiesLoader.getLogin("openRemoteLogin"))) {
// 远程登录
// 用户数据
LoginData login = FLogin.login(user);
// 登录成功!
if (login.getCode() == 20000) {
// 往数据库中插入数据
UserEntity ue = userService.findByLoginaccount(user.getLoginaccount());
// 用户存在
if (ue != null) {
// 修改密码
userService.updatePassword(ue.getLoginaccount(), MD5Tools.MD5(password));
} else {
// 用户不存在,插入数据
BasicAgentEntity agent = new BasicAgentEntity();
agent.setContact(login.getInfodata().getContact());
agent.setNameCn(login.getInfodata().getCompany());
agent.setCountryCode("CN");
agent.setAddress(login.getInfodata().getAddress());
int agent_id = agentSerive.save2(agent);
ue = new UserEntity();
ue.setLoginaccount(loginAccount);
// 设置用户名密码
ue.setPassword(MD5Tools.MD5(password));
ue.setRealName(login.getInfodata().getContact());
ue.setMobile(login.getInfodata().getMobile());
ue.setStatus(0);
ue.setAgent(new Long(agent_id));
RoleEntity re = new RoleEntity();
re.setId(new Long(1));
ue.setRole(re);
// 删除密码
userService.save(ue);
}
// 登录用户
Subject subject = SecurityUtils.getSubject();
subject.getSession().setAttribute("user", user);
UsernamePasswordToken token = new UsernamePasswordToken(loginAccount, MD5Tools.MD5(password));
try {
subject.login(token);
subject.getSession().setAttribute("permission", roleService
.findAllFunctionByRole(((UserEntity) subject.getSession().getAttribute("user")).getRole()));
subject.getSession().setAttribute("all_function", functionService.findAll());
//登录成功 请空失败次数
userService.emptyLoginerror(loginAccount);
} catch (UnknownAccountException e) {
rm.setStatus(500);
rm.setMsg("1");
} catch (IncorrectCredentialsException e) {
// 添加错误次数
userService.updateLoginError(loginAccount, userEntity.getLoginerror() + 1);
rm.setStatus(500);
rm.setMsg("1");
} catch (LockedAccountException e) {
rm.setStatus(500);
rm.setMsg("1");
}
} else {
// 用户不存在,插入数据
BasicAgentEntity agent = new BasicAgentEntity();
agent.setContact(login.getInfodata().getContact());
agent.setNameCn(login.getInfodata().getCompany());
agent.setCountryCode("CN");
agent.setAddress(login.getInfodata().getAddress());
int agent_id = agentSerive.save2(agent);
ue = new UserEntity();
ue.setLoginaccount(loginAccount);
// 设置用户名密码
ue.setPassword(MD5Tools.MD5(password));
ue.setRealName(login.getInfodata().getContact());
ue.setMobile(login.getInfodata().getMobile());
ue.setStatus(0);
ue.setAgent(new Long(agent_id));
RoleEntity re = new RoleEntity();
re.setId(new Long(1));
ue.setRole(re);
// 删除密码
userService.save(ue);
rm.setStatus(500);
rm.setMsg("1");
}
} else {
// 登录用户
Subject subject = SecurityUtils.getSubject();
subject.getSession().setAttribute("user", user);
UsernamePasswordToken token = new UsernamePasswordToken(loginAccount, MD5Tools.MD5(password));
// System.out.println(loginAccount+" " + password);
try {
subject.login(token);
subject.getSession().setAttribute("permission", roleService
.findAllFunctionByRole(((UserEntity) subject.getSession().getAttribute("user")).getRole()));
subject.getSession().setAttribute("all_function", functionService.findAll());
//登录成功 请空失败次数
userService.emptyLoginerror(loginAccount);
} catch (UnknownAccountException e) {
rm.setStatus(500);
System.out.println();
rm.setMsg("1");
} catch (IncorrectCredentialsException e) {
// 添加错误次数
... ... @@ -231,46 +267,20 @@ public class LoginController {
rm.setStatus(500);
rm.setMsg("1");
}
} else {
rm.setStatus(500);
rm.setMsg("1");
}
} else {
// 登录用户
Subject subject = SecurityUtils.getSubject();
subject.getSession().setAttribute("user", user);
UsernamePasswordToken token = new UsernamePasswordToken(loginAccount, MD5Tools.MD5(password));
// System.out.println(loginAccount+" " + password);
try {
subject.login(token);
subject.getSession().setAttribute("permission", roleService
.findAllFunctionByRole(((UserEntity) subject.getSession().getAttribute("user")).getRole()));
subject.getSession().setAttribute("all_function", functionService.findAll());
//登录成功 请空失败次数
userService.emptyLoginerror(loginAccount);
} catch (UnknownAccountException e) {
rm.setStatus(500);
System.out.println();
rm.setMsg("1");
} catch (IncorrectCredentialsException e) {
// 添加错误次数
userService.updateLoginError(loginAccount, userEntity.getLoginerror() + 1);
rm.setStatus(500);
rm.setMsg("1");
} catch (LockedAccountException e) {
rm.setStatus(500);
rm.setMsg("1");
}
}
return rm;
}else {
return rm;
}else {
userService.updateStatus(loginAccount);
rm.setStatus(201);
return rm;
userService.updateStatus(loginAccount);
rm.setStatus(201);
return rm;
}
}
}else {
rm.setStatus(202);
return rm;
}
}
... ...
package com.agent.controller.system;
import com.agent.util.VerifyCodeUtil;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.awt.*;
import java.awt.image.BufferedImage;
import java.io.IOException;
@RestController
public class VerifyCodeController extends HttpServlet{
/**
* Constructor of the object.
*/
public VerifyCodeController() {
super();
}
public void destroy() {
super.destroy();
}
@RequestMapping(value = "/getVerifyCode")
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
VerifyCodeUtil verifyCodeUtil = new VerifyCodeUtil();
try {
verifyCodeUtil.handleRequestInternal(request, response);
} catch (Exception e) {
e.printStackTrace();
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}
public void init() throws ServletException {
// Put your code here
}
}
... ...
... ... @@ -29,7 +29,7 @@ public class MyShiroController implements Filter {
}
private String publicAction[] = { "/login", "/doLogin", "/manifest/app/send",
"/receipt/a0608c4054662dd902e1314f7e450e3eaa81c114", "/manifest/f5f5669bbdecefd3dacfaba194647c35" };
"/receipt/a0608c4054662dd902e1314f7e450e3eaa81c114", "/manifest/f5f5669bbdecefd3dacfaba194647c35", "/getVerifyCode" };
private String crossDomain[] = { "/cross/", "tracking/detail" };
// manifest/cross/grid.json
... ...
package com.agent.util;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;
import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.awt.*;
import java.awt.image.BufferedImage;
import java.util.Random;
public class VerifyCodeUtil extends AbstractController{
@Override
public ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
try {
response.setContentType("image/jpeg");
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
// 在内存中创建图象
int width = 59, height = 20;
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
// 获取图形上下文
Graphics g = image.getGraphics();
// 生成随机类
Random random = new Random();
// 设定背景色
g.setColor(getRandColor(200, 250));
g.fillRect(0, 0, width, height);
// 设定字体
g.setFont(new Font("Arial", Font.PLAIN, 18));
// 随机产生155条干扰线,使图象中的认证码不易被其它程序探测到
g.setColor(getRandColor(160, 200));
for (int i = 0; i < 155; i++) {
int x = random.nextInt(width);
int y = random.nextInt(height);
int xl = random.nextInt(12);
int yl = random.nextInt(12);
g.drawLine(x, y, x + xl, y + yl);
}
// 取随机产生的认证码(4位数字)
int sRand = 0;
// 是加法还是减法
int math = random.nextInt(2);
// 加法
if (math == 0) {
// 第一个数据
int rand = random.nextInt(10);
if (rand == 0) {
rand = 1;
}
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("" + rand, 13 * 0 + 6, 16);
//
int rand1 = random.nextInt(10);
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("" + rand1, 13 * 1 + 6, 16);
// +号
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("+", 13 * 2 + 6, 16);
// 第二个数据
int rand2 = random.nextInt(10);
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("" + rand2, 13 * 3 + 6, 16);
sRand = rand * 10 + rand1 + rand2;
} else {
// 减法
// 第一个数据
int rand = random.nextInt(10);
if (rand == 0) {
rand = 1;
}
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("" + rand, 13 * 0 + 6, 16);
//
int rand1 = random.nextInt(10);
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("" + rand1, 13 * 1 + 6, 16);
// -号
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("-", 13 * 2 + 6 + 3, 16);
// 第二个数据
int rand2 = random.nextInt(10);
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString("" + rand2, 13 * 3 + 6, 16);
sRand = rand * 10 + rand1 - rand2;
}
synchronized (this) {
HttpSession session = request.getSession();
session.setAttribute("rand", "" + sRand);
System.out.println(sRand);
}
ImageIO.write(image, "jpg", response.getOutputStream());
} catch (Exception e) {
// logger.error(e.getLocalizedMessage(), e.fillInStackTrace());
}
return null;
}
/*
* 获得颜色
*/
private Color getRandColor(int fc, int bc) {
Random random = new Random();
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc - 16);//110+7
int g = fc + random.nextInt(bc - fc - 14);//110+9
int b = fc + random.nextInt(bc - fc - 18);//110+5
return new Color(r, g, b);
}
}
... ...
... ... @@ -20,12 +20,18 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
<div style="font-size:16px;color:white;margin-left:510px;">&nbsp;郑州机场航空物流信息平台</div>
</div>
<div class="login_box">
<input class="admin" type="text" placeholder="请输入账号" id="userName" maxlength="30" />
<input class="passWord" type="password" placeholder="请输入密码" id="password" onblur="regularValue()" maxlength="30" />
<div>
<input class="admin" type="text" placeholder="请输入账号" id="userName" maxlength="30" />
<input class="passWord" style="margin-bottom: 10px" type="password" placeholder="请输入密码" id="password" onblur="regularValue()" maxlength="30" /><span id="showStrength"></span>
</div>
<%--<input type="text" name="valida" id="valida" οnkeydοwn="doEnter();">--%>
<%--<span><img src="<%=basePath %>verify/code" id="imgValida" οnclick="this.src='<%=basePath %>verify/code?a='+Math.random()" class="imgValida"></span>--%>
<div style="margin-top: 10px;">
<input class="verifyInputs" style="float: left; width: 191px; height: 26px; line-height: 35px; margin-left: 0px; padding: 5px;" name="verifyInput" id="verifyInput" placeholder="请输入验证码">
<img class="verifyCodes" style="float: left; width: 202px; height: 37px; line-height: 35px; margin-left: 11px; padding: 5px; margin-top: -5px;" onclick="changeCode()" src="getVerifyCode">
</div>
<input class="submit" type="button" onclick="doLogin()"/>
... ... @@ -62,6 +68,7 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
function doLogin(){
var userName = $("#userName").val();
var password = $("#password").val();
var verifyInput = $("#verifyInput").val();
if(userName==''){
$("#userName").focus();
... ... @@ -78,13 +85,19 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
});
return false;
}else{
jQuery.post("<%=basePath %>doLogin",{loginAccount:userName,password:password},function(result){
jQuery.post("<%=basePath %>doLogin",{loginAccount:userName, password:password, verifyInput:verifyInput},function(result){
if (result.status == 201){
$("#userName").focus();
layer.tips('用户名已被禁用请联系管理员', '#userName', {
tips: [1, '#0FA6D8'] //还可配置颜色
});
} else if(result.status == 202){
$("#verifyInput").focus();
layer.tips('验证码错误', '#verifyInput', {
tips: [1, '#0FA6D8'] //还可配置颜色
});
} else{
if(result.status == 200){
sessionStorage.removeItem("menuid");
... ... @@ -116,22 +129,33 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.
}
function regularValue() {
var passwords = $("#newpassword").val();
var passwords = $("#password").val();
var reg = /^(?![A-Za-z0-9]+$)(?![a-z0-9\W]+$)(?![A-Za-z\W]+$)(?![A-Z0-9\W]+$)[a-zA-Z0-9\W]{8,}$/;
var re = new RegExp(reg);
if (re.test(passwords)){
//符合规则  
// showStrength.innerHTML = "".fontcolor("green");
// document.getElementById("password").className = "icon ticker";
return true;
}else {
//不符合规则  
layer.tips('您的密码过于简单请及时修改', '#userName', {
layer.tips('您的密码过于简单,请及时修改', '#password', {
tips: [1, '#0FA6D8'] //还可配置颜色
});
return false;
}
}
function changeCode() {
var src = " getVerifyCode?"+new Date().getTime(); //加时间戳,防止浏览器利用缓存
$('.verifyCodes').attr("src",src);
}
</script>
</html>
\ No newline at end of file
... ...
... ... @@ -62,6 +62,8 @@ div,form,img,ul,li,input,p,ul,ol,li,form{margin:0px;padding:0px;border:0px; list
/*border-radius: 5px;
behavior: url(css/ie-css3.htc);*/
}
#login .login_box .passWord{
float: left;
width: 167px;
... ... @@ -70,9 +72,14 @@ div,form,img,ul,li,input,p,ul,ol,li,form{margin:0px;padding:0px;border:0px; list
margin-left: 15px;
background: url(../img/icon_password.jpg) no-repeat 10px center #FFFFFF;
padding-left: 35px;
/*border-radius: 5px;
behavior: url(css/ie-css3.htc);*/
}
#login .login_box .submit{
float: left;
margin-left: 15px;
... ...