首先,我们要知道为什么要设置验证码、
原因很简单:
加验证码的目的是:必须要人工操作,防止提交错误登录信息,暴力破解密码,如果有人恶意登录,服务器压力会很大,甚至宕机。
为了防止我们用的别人的验证码图片,各个页面的验证码串通。所以每个页面的验证码图片都需要带一个图片的token,验证码登录一旦匹配成功之后,服务器验证码信息需要删掉的,防止下次匹配还能使用。验证码不能存到数据库中,因为做验证吗的目的就是必须先通过了验证码信息,才去数据库匹配账号密码。
说人话就是:防止数据库被恶意频繁发送请求,必须人工操作才能走到查询数据库那一步
这里要注意的是:最好用后端验证码,前端验证码验证还是可能会受到ajax请求攻击的,可以说前端验证码起不到防止直接请求数据库的作用
后端验证码代码实现(是一个servlet页面)
package com.qcby.servlet; import java.awt.Color; import java.awt.Font; import java.awt.image.BufferedImage; import java.io.IOException; import java.io.OutputStream; import java.util.Random; import javax.imageio.ImageIO; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class CodeServlet */ @WebServlet("/code") public class CodeServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#service(HttpServletRequest request, HttpServletResponse response) */ protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub //创建空白图片 BufferedImage image = new BufferedImage(100, 30, BufferedImage.TYPE_INT_RGB); //获取图片画笔 java.awt.Graphics g = image.getGraphics(); Random r = new Random(); //设置画笔颜色 g.setColor(new Color(r.nextInt(255),r.nextInt(255),r.nextInt(255))); //绘制矩形背景 g.fillRect(0, 0, 100, 30); //绘制n条干扰线 for(int i=0;i<10;i++) { g.setColor(new Color(r.nextInt(255),r.nextInt(255),r.nextInt(255))); g.drawLine(r.nextInt(100),r.nextInt(30),r.nextInt(100), r.nextInt(30)); } //调用方法,获取长度为n的随机字符串 String number = getNumbers(5); g.setFont(new Font(null,Font.ITALIC+Font.BOLD,24)); g.drawString(number,5,25); response.setContentType("image/jpeg"); OutputStream out = response.getOutputStream(); ImageIO.write(image, "jpeg", out); out.close(); } public String getNumbers(int size) { String string = "QWERTYUIOPASDFGHJKLZXCVBNM0123456789"; String number=""; Random r=new Random(); for(int i=0;i<size;i++) { char c=string.charAt(r.nextInt(string.length())); number=number+c; } return number; } } 直接发送code请求进行测试 放前端页面查看<img src="code"> 前端代码写的验证码:
var show_num = []; draw(show_num); function dj(){ draw(show_num); } function draw(show_num) { var canvas_width=document.getElementById('canvas').clientWidth; var canvas_height=document.getElementById('canvas').clientHeight; var canvas = document.getElementById("canvas");//获取到canvas的对象,演员 var context = canvas.getContext("2d");//获取到canvas画图的环境,演员表演的舞台 canvas.width = canvas_width; canvas.height = canvas_height; var sCode = "A,B,C,E,F,G,H,J,K,L,M,N,P,Q,R,S,T,W,X,Y,Z,1,2,3,4,5,6,7,8,9,0,q,w,e,r,t,y,u,i,o,p,a,s,d,f,g,h,j,k,l,z,x,c,v,b,n,m"; var aCode = sCode.split(","); var aLength = aCode.length;//获取到数组的长度 for (var i = 0; i <= 3; i++) { var j = Math.floor(Math.random() * aLength);//获取到随机的索引值 var deg = Math.random() * 30 * Math.PI / 180;//产生0~30之间的随机弧度 var txt = aCode[j];//得到随机的一个内容 show_num[i] = txt; var x = 10 + i * 20;//文字在canvas上的x坐标 var y = 20 + Math.random() * 8;//文字在canvas上的y坐标 context.font = "bold 23px 微软雅黑"; context.translate(x, y); context.rotate(deg); context.fillStyle = randomColor(); context.fillText(txt, 0, 0); context.rotate(-deg); context.translate(-x, -y); } for (var i = 0; i <= 5; i++) { //验证码上显示线条 context.strokeStyle = randomColor(); context.beginPath(); context.moveTo(Math.random() * canvas_width, Math.random() * canvas_height); context.lineTo(Math.random() * canvas_width, Math.random() * canvas_height); context.stroke(); } for (var i = 0; i <= 30; i++) { //验证码上显示小点 context.strokeStyle = randomColor(); context.beginPath(); var x = Math.random() * canvas_width; var y = Math.random() * canvas_height; context.moveTo(x, y); context.lineTo(x + 1, y + 1); context.stroke(); } } function randomColor() {//得到随机的颜色值 var r = Math.floor(Math.random() * 256); var g = Math.floor(Math.random() * 256); var b = Math.floor(Math.random() * 256); return "rgb(" + r + "," + g + "," + b + ")"; } //定义加载数据函数 function loadData(){ //发起请求 var account = $(".account").val(); var password = $(".password").val(); var code = $("#text").val(); var num = show_num.join(""); console.log(code); $.cookie("tea_phone",account); if(code==''){ alert('请输入验证码!'); }else if(code == num){ //document.getElementById(".input-val").val(''); // draw(show_num); $.ajax({ url:"login?action=teacher", type:"get", data:{ "account":account, "password":password, }, success:function(data){ console.log(data); if(data.backcode==1){ layer.msg(data.msg,{ time:1000 }, function(){ location.href = "router?path=教师框" }); }else{ layer.msg("账号不存在,请注册后登录"); } }, error:function(data){ alert("登陆失败"); } }) }else{ layer.alert("验证码错误,请重新输入"); //layer.alert('验证码错误!\n你输入的是: '+code+"\n正确的是: "+num+'\n请重新输入!'); $(".code").value=''; draw(show_num); } } <canvas id="canvas" onclick="dj()" ></canvas> (标签显示二维码)