81,122
社区成员




package tdy218.md5;
import java.security.*;
public class md5reg
{
byte[] digest;String tmp="",has="";
public String hasString(String password) //这里作了修改
{
try {
MessageDigest md5 = MessageDigest.getInstance("MD5"); //SHA-1跟MD5写法上差不多。
md5.update(password.getBytes()); // 添加要计算的摘要信息
digest = md5.digest();
}
catch(NoSuchAlgorithmException e)
{
System.out.println("非法摘要算法!"+e.getMessage());
}
for(int i=0;i<digest.length;i++)
{
tmp=(Integer.toHexString(digest[i] & 0XFF));
if(tmp.length()==1)
has=has+i+tmp; //这里也做了修改
else
has=has+tmp;
if(i<digest.length-1)
has=has+i; //这里又做了修改
}
return has.toUpperCase();
}
}
package tdy218.md5;
import tdy218.md5.md5reg;
import tdy218.md5.Loginbean;
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Loginhandle extends HttpServlet
{
public void init(ServletConfig config) throws ServletException
{
super.init(config);
}
public void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException
{
response.setContentType("text/html;charset=gbk");
HttpSession session = request.getSession(true);
Connection con = null;
PreparedStatement ps = null;
ResultSet rs = null;
md5reg md5 = new md5reg();
Loginbean login = new Loginbean();
request.setAttribute("land",login);
PrintWriter show = response.getWriter();
String username = request.getParameter("username").trim();
String password = request.getParameter("password").trim();
String checkcode = request.getParameter("checkcode").trim();
String rand = (String)session.getAttribute("rand");
if(username==null||username.equals(""))
{
show.print("<script language=javascript>alert('用户名不能为空!~');");
show.print("history.go(-1);</script>");
}
else if(password==null||password.equals(""))
{
show.print("<script language=javascript>alert('请输入密码!~');");
show.print("history.go(-1);</script>");
}
else if(checkcode==null||checkcode.equals(""))
{
show.print("<script language=javascript>alert('请输入验证码!~');");
show.print("history.go(-1);</script>");
}
else if(checkcode.equals(rand)==false)
{
show.print("<script language=javascript>alert('你输入的验证码有误,请重新输入!~');");
show.print("history.go(-1);</script>");
}
else
{
try
{
String md5pwd = md5.hasString(password);
Class.forName("com.mysql.jdbc.Driver").newInstance();
String uri = "jdbc:mysql://127.0.0.1:3306/admin?characterEncoding=utf-8";
con = DriverManager.getConnection(uri,"root","soft");
String sql = "select username,password from md5landing where username=?";
ps = con.prepareStatement(sql);
ps.setString(1,username);
//防止SQLInjection方法之一,功能正在加强。这几天正在做URL过滤,做好了我发到博客里。感兴趣的留一下喽。
rs = ps.executeQuery();
while(rs.next())
{
String pwd = rs.getString("password");
if(pwd.equals(md5pwd))
{
login.SetUsername(username);
login.SetPassword(password);
login.SetMd5pwd(md5pwd);
RequestDispatcher dispatcher = request.getRequestDispatcher("loginresult.jsp");//转发
dispatcher.forward(request,response);
}
else
{
show.print("<script language=javascript>alert('用户不存在或密码错误,请重新输入!~');");
show.print("history.go(-1);</script>");
}
}
ps.close();
con.close();
}
catch(Exception e)
{
show.print("发生异常:"+e.getMessage());
//show.print("<script language=javascript>alert('发生异常,请联系网站管理员!~');");
//show.print("history.go(-1);</script>");
}
}//else语句的结尾。
}//doPost方法的结尾。
public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException
{
doPost(request,response);
}
}