在網(wǎng)站注冊時一般都會要驗證注冊用戶身份的合法性,通常的做法是提供手機號驗證或者郵箱驗證。
手機驗證:填寫手機號碼,點擊發(fā)送驗證碼,接收后填寫驗證碼比對,無誤后注冊成功。
郵箱驗證:注冊時填寫郵箱賬號,點擊注冊,網(wǎng)站郵箱會給該郵箱發(fā)送一封激活郵件,用戶點擊后激活該賬號。
這里通過實例來介紹一下郵箱驗證的實現(xiàn)過程,例子可以運行,暫時沒有發(fā)現(xiàn)什么問題,不過也可能有不安全的地方,歡迎大家指正。
實現(xiàn)思路
注冊時填寫郵箱,點擊注冊時網(wǎng)站系統(tǒng)郵箱發(fā)送激活驗證鏈接到此郵箱,用戶來激活賬戶
點擊注冊,系統(tǒng)郵箱會發(fā)送一封激活郵件到你填寫的郵箱賬號中
在沒有進行激活操作前,設(shè)定某個字段狀態(tài)是0,表示此賬號未激活,不可以使用或者某些功能受限
激活操作之后,將activated字段更新為1,這樣就完成了激活操作
那么這里還有一個codeurl字段,他的作用是存入一個唯一標(biāo)識的隨機碼,這個隨機碼由用戶名和uuid唯一標(biāo)識的隨機數(shù)組成,這樣做的目的是防止用戶使用不存在的郵箱又修改鏈接中的參數(shù)來激活賬戶,將鏈接中的隨機碼和數(shù)據(jù)庫中的比對,來達(dá)到相對安全的激活。
下面是具體的代碼
首先是注冊的servlet,這里主要測試激活賬號的功能,注冊代碼有點low,不安全,將就看一下
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
package org.amuxia.emailtest.servlet; import java.io.ioexception; import java.sql.resultset; import java.sql.sqlexception; import java.util.uuid; import javax.servlet.servletexception; import javax.servlet.annotation.webservlet; import javax.servlet.http.httpservlet; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import org.amuxia.emailtest.pojo.user; import org.amuxia.emailtest.utils.emailutils; import org.amuxia.emailtest.utils.myjdbc; /** * @author amuxia * 2017年7月24日 */@webservlet("/registservlet") public class registservlet extends httpservlet { private static final long serialversionuid = 1l; protected void service(httpservletrequest request, httpservletresponse response) throws servletexception, ioexception { string username = request.getparameter("username"); string password = request.getparameter("password"); string email = request.getparameter("email"); string codeurl = uuid.randomuuid().tostring(); user user = new user(); user.setusername(username); user.setpassword(password); user.setemail(email); user.setactivated(false); //剛注冊默認(rèn)是沒有激活狀態(tài) string sql = "insert into tb_user(username,password,email,activated,codeurl) value (?,?,?,?,?) "; myjdbc.insert(sql, false, username,password,email,0,codeurl);//注冊信息插入數(shù)據(jù)庫 string querysql = "select * from tb_user where email=?"; resultset rs = myjdbc.query(querysql, email); try { if(rs.next()){ user.setid(rs.getint(1)); } } catch (sqlexception e) { // todo auto-generated catch block e.printstacktrace(); } // 注冊成功后,發(fā)送帳戶激活鏈接 request.getsession().setattribute("user", user); emailutils.sendaccountactivateemail(user); request.getrequestdispatcher("/web-inf/jsp/success.jsp").forward(request,response); } } |
激活賬號的servlet,也就是更新操作
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
package org.amuxia.emailtest.servlet; import java.io.ioexception; import java.sql.resultset; import java.sql.sqlexception; import javax.servlet.servletexception; import javax.servlet.annotation.webservlet; import javax.servlet.http.httpservlet; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import org.amuxia.emailtest.pojo.user; import org.amuxia.emailtest.utils.generatelinkutils; import org.amuxia.emailtest.utils.myjdbc; /** * @author amuxia * 2017年7月24日 */@webservlet("/activateservlet") public class activateservlet extends httpservlet{ private static final long serialversionuid = 1l; @overrideprotected void service(httpservletrequest request, httpservletresponse response) throws servletexception, ioexception { // todo auto-generated method stub string idvalue = request.getparameter("id"); system.out.println(idvalue); int id = -1; try { id = integer.parseint(idvalue); } catch (numberformatexception e) { e.printstacktrace(); } string sql = "select * from tb_user where id=?"; resultset rs= myjdbc.query(sql, id); user user = new user(); try { if(rs.next()){ user.setid(rs.getint(1)); user.setusername(rs.getstring(2)); user.setpassword(rs.getstring(3)); user.setemail(rs.getstring(4)); user.setactivated(rs.getboolean(5)); user.setcodeurl(rs.getstring(6)); } } catch (sqlexception e) { // todo auto-generated catch block e.printstacktrace(); } //驗證無誤,狀態(tài)更改為1,即激活 if(generatelinkutils.verifycheckcode(user, request)){ string updsql = "update tb_user set activated =1 where id=?"; myjdbc.execute(updsql, id); user.setactivated(true); request.getsession().setattribute("user", user); request.getrequestdispatcher("/web-inf/jsp/pass.jsp").forward(request, response); } } } |
發(fā)送email的工具類
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
package org.amuxia.emailtest.utils; import java.util.date; import java.util.properties; import javax.mail.authenticator; import javax.mail.message.recipienttype; import javax.mail.passwordauthentication; import javax.mail.session; import javax.mail.transport; import javax.mail.internet.internetaddress; import javax.mail.internet.mimemessage; import org.amuxia.emailtest.pojo.user; /** * @author amuxia * 2017年7月24日 */public class emailutils { private static final string from = "要發(fā)送郵件的郵箱,這個例子是163郵箱"; public static void sendaccountactivateemail(user user) { session session = getsession(); mimemessage message = new mimemessage(session); try { message.setsubject("這是一封激活賬號的郵件,復(fù)制鏈接到地址欄來激活他"); message.setsentdate(new date()); message.setfrom(new internetaddress(from)); message.setrecipient(recipienttype.to, new internetaddress(user.getemail())); message.setcontent("<a target='_blank' href=''>"+generatelinkutils.generateactivatelink(user)+"</a>","text/html;charset=utf-8"); transport.send(message); } catch (exception e) { e.printstacktrace(); } } public static session getsession() { properties props = new properties(); props.setproperty("mail.transport.protocol", "smtp"); props.setproperty("mail.smtp.host", "smtp.163.com"); props.setproperty("mail.smtp.port", "25"); props.setproperty("mail.smtp.auth", "true"); session session = session.getinstance(props, new authenticator() { @override protected passwordauthentication getpasswordauthentication() { return new passwordauthentication(from, "上面郵箱的密碼"); } }); return session; } } |
這里需要注意一下,以上例子配置的是163郵箱,需要進行郵箱客戶端的授權(quán),授權(quán)之后,網(wǎng)易郵箱會發(fā)來一份客戶端授權(quán)碼作為替代郵箱密碼,代碼里填寫的密碼其實是授權(quán)碼,配置好郵箱最好發(fā)一份郵件測試一下,有時程序出問題很可能是郵箱客戶端根本發(fā)不了郵件
加密賬戶激活鏈接生成的工具類
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
package org.amuxia.emailtest.utils; import java.security.messagedigest; import java.security.nosuchalgorithmexception; import javax.servlet.servletrequest; import org.amuxia.emailtest.pojo.user; /** * @author amuxia * 2017年7月24日 */public class generatelinkutils { private static final string check_code = "checkcode"; public static string generateactivatelink(user user) { return "http://localhost/emaildemo/activateservlet?id=" + user.getid() + "&" + check_code + "=" + generatecheckcode(user); } /** * 生成校驗碼,用戶名+uuid唯一標(biāo)識符,為安全把他們加密發(fā)送 * @param user * @return */ public static string generatecheckcode(user user) { string username = user.getusername(); string randomcode = user.getcodeurl(); return md5(username + ":" + randomcode); } /** * 接收回來的校驗碼和發(fā)送出去的是不是同一份 * @param user * @param request * @return */ public static boolean verifycheckcode(user user,servletrequest request) { string checkcode = request.getparameter(check_code); system.out.println(generatecheckcode(user).equals(checkcode)); return true; } private static string md5(string string) { messagedigest md = null; try { md = messagedigest.getinstance("md5"); md.update(string.getbytes()); byte[] md5bytes = md.digest(); return bytes2hex(md5bytes); } catch (nosuchalgorithmexception e) { e.printstacktrace(); system.out.println("md5這里出錯了"); } return null; } private static string bytes2hex(byte[] bytearray) { stringbuffer strbuf = new stringbuffer(); for (int i = 0; i < bytearray.length; i++) { if(bytearray[i] >= 0 && bytearray[i] < 16) { strbuf.append("0"); } strbuf.append(integer.tohexstring(bytearray[i] & 0xff)); } return strbuf.tostring(); } } |
還有一個操作數(shù)據(jù)庫的封裝類,myjdbc,前面博客有寫,代碼挺長,就不貼了,這是鏈接:
http://www.ythuaji.com.cn/article/43536.html
http://www.ythuaji.com.cn/article/70309.html
實體類user
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
package org.amuxia.emailtest.pojo; public class user { private int id; private string username; private string password; private string email; private boolean activated;//賬號狀態(tài) private string codeurl;//激活鏈接中的隨機碼 public int getid() { return id; } public void setid(int id) { this.id = id; } public string getusername() { return username; } public void setusername(string username) { this.username = username; } public string getpassword() { return password; } public void setpassword(string password) { this.password = password; } public string getemail() { return email; } public void setemail(string email) { this.email = email; } public boolean isactivated() { return activated; } public void setactivated(boolean activated) { this.activated = activated; } public string getcodeurl() { return codeurl; } public void setcodeurl(string codeurl) { this.codeurl = codeurl; } public user() { super(); } } |
注冊的jsp
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%> <!doctype html public "-//w3c//dtd html 4.01 transitional//en"> <html> <head> <title>注冊</title> </head> <body> <form action="/emaildemo/registservlet" method="post"> 用戶名:<input type="text" name="username"><br/> 密碼:<input type="password" name="password"><br/> 郵箱:<input type="text" name="email"><br/> <input type="submit" value="注冊"> </form> </body> </html> |
用到的包?
郵箱驗證的大概功能就完成了,但是還有很多不足之處,貌似應(yīng)該設(shè)置一個過期時間。等等。。。
以上就是本文的全部內(nèi)容,希望對大家的學(xué)習(xí)有所幫助,也希望大家多多支持服務(wù)器之家。
原文鏈接:http://blog.csdn.net/weixin_36380516/article/details/76038707?utm_source=tuicool&utm_medium=referral
