diff --git a/skic/.classpath b/skic/.classpath index d21e204..86652ac 100644 --- a/skic/.classpath +++ b/skic/.classpath @@ -20,5 +20,6 @@ + diff --git a/skic/WebRoot/WEB-INF/lib/commons-codec-1.11.jar b/skic/WebRoot/WEB-INF/lib/commons-codec-1.11.jar new file mode 100644 index 0000000..2245120 Binary files /dev/null and b/skic/WebRoot/WEB-INF/lib/commons-codec-1.11.jar differ diff --git a/skic/WebRoot/login.jsp b/skic/WebRoot/login.jsp index 625cb53..ae3353b 100644 --- a/skic/WebRoot/login.jsp +++ b/skic/WebRoot/login.jsp @@ -87,7 +87,7 @@ String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.

Forgot password?

- + diff --git a/skic/WebRoot/register.jsp b/skic/WebRoot/register.jsp index a833b64..90850c3 100644 --- a/skic/WebRoot/register.jsp +++ b/skic/WebRoot/register.jsp @@ -38,101 +38,116 @@ --%> - - - skic用户注册 - - - - + + +
-
- -
-
- - - - - +
+ +
+ + + + + + diff --git a/skic/src/com/coding/util/Coding.java b/skic/src/com/coding/util/Coding.java new file mode 100644 index 0000000..caaa040 --- /dev/null +++ b/skic/src/com/coding/util/Coding.java @@ -0,0 +1,91 @@ +package com.coding.util; + +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; +import org.apache.commons.codec.binary.Base64; + +public class Coding { + public static final String KEY_SHA = "SHA"; + public static final String KEY_MD5 = "MD5"; + public static final String KEY_MAC = "HmacMD5"; + + // sun不推荐使用它们自己的base64,用apache的挺好 + /** + * BASE64解密 + */ + public static byte[] decryptBASE64(byte[] dest) { + if (dest == null) { + return null; + } + return Base64.decodeBase64(dest); + } + + /** + * BASE64加密 + */ + public static byte[] encryptBASE64(byte[] origin) { + if (origin == null) { + return null; + } + return Base64.encodeBase64(origin); + } + + /** + * MD5加密 + * + * @throws NoSuchAlgorithmException + */ + public static byte[] encryptMD5(byte[] data) throws NoSuchAlgorithmException { + if (data == null) { + return null; + } + MessageDigest md5 = MessageDigest.getInstance(KEY_MD5); + md5.update(data); + return md5.digest(); + } + + /** + * SHA加密 + * + * @throws NoSuchAlgorithmException + */ + public static byte[] encryptSHA(byte[] data) throws NoSuchAlgorithmException { + if (data == null) { + return null; + } + MessageDigest sha = MessageDigest.getInstance(KEY_SHA); + sha.update(data); + return sha.digest(); + } + + /** + * 初始化HMAC密钥 + * + * @throws NoSuchAlgorithmException + */ + public static String initMacKey() throws NoSuchAlgorithmException { + KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_MAC); + SecretKey secretKey = keyGenerator.generateKey(); + return new String(encryptBASE64(secretKey.getEncoded())); + } + + /** + * HMAC加密 + * + * @throws NoSuchAlgorithmException + * @throws InvalidKeyException + */ + public static byte[] encryptHMAC(byte[] data, String key) throws NoSuchAlgorithmException, InvalidKeyException { + SecretKey secretKey = new SecretKeySpec(decryptBASE64(key.getBytes()), KEY_MAC); + Mac mac = Mac.getInstance(secretKey.getAlgorithm()); + mac.init(secretKey); + return mac.doFinal(data); + + } + +} \ No newline at end of file diff --git a/skic/src/com/coding/util/CodingTest.java b/skic/src/com/coding/util/CodingTest.java new file mode 100644 index 0000000..a2726d9 --- /dev/null +++ b/skic/src/com/coding/util/CodingTest.java @@ -0,0 +1,18 @@ +package com.coding.util; + +import java.math.BigInteger; + +public class CodingTest { + + public static void main(String[] args) throws Exception { + String data = "简单加密2"; + System.out.println(new BigInteger(Coding.encryptBASE64(data.getBytes())).toString(16)); + System.out.println(new BigInteger(Coding.encryptBASE64(data.getBytes())).toString(32)); + System.out.println(new String(Coding.decryptBASE64(Coding.encryptBASE64(data.getBytes())))); + + System.out.println(new BigInteger(Coding.encryptMD5(data.getBytes())).toString()); + System.out.println(new BigInteger(Coding.encryptSHA(data.getBytes())).toString()); + System.out.println(new BigInteger(Coding.encryptHMAC(data.getBytes(), Coding.initMacKey())).toString()); + } + +} \ No newline at end of file diff --git a/skic/src/com/skic/servlet/CheckLoginServlet.java b/skic/src/com/skic/servlet/CheckLoginServlet.java index e75486a..1a83277 100644 --- a/skic/src/com/skic/servlet/CheckLoginServlet.java +++ b/skic/src/com/skic/servlet/CheckLoginServlet.java @@ -1,6 +1,8 @@ package com.skic.servlet; import java.io.IOException; +import java.math.BigInteger; +import java.security.NoSuchAlgorithmException; import java.util.Map; import javax.servlet.RequestDispatcher; @@ -9,6 +11,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import com.coding.util.Coding; import com.skic.DTO.UserDTO; import com.skic.service.CheckLoginService; @@ -35,6 +38,13 @@ public class CheckLoginServlet extends HttpServlet { request.setCharacterEncoding("utf-8"); String userName = request.getParameter("userName"); String passWord = request.getParameter("passWord"); + String passWordBase64 = null; + try { + passWordBase64 = new BigInteger(Coding.encryptSHA(passWord.getBytes())).toString();//对密码进行加密比较 + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } String adminflag = ""; String vipflag = ""; String rootflag = ""; @@ -47,7 +57,7 @@ public class CheckLoginServlet extends HttpServlet { }else { UserDTO user = new UserDTO(); user.setUserName(userName); - user.setPassword(passWord); + user.setPassword(passWordBase64);//比对加密后的密码 Map rsMap = cks.CheckUser(user); request.getSession().setAttribute("login_status", rsMap.get("login_status"));//存储登录状态 if (rsMap.get("login_status")==1) { diff --git a/skic/src/com/skic/servlet/CheckRegisterServlet.java b/skic/src/com/skic/servlet/CheckRegisterServlet.java index dea1b9f..a9ac602 100644 --- a/skic/src/com/skic/servlet/CheckRegisterServlet.java +++ b/skic/src/com/skic/servlet/CheckRegisterServlet.java @@ -1,6 +1,8 @@ package com.skic.servlet; import java.io.IOException; +import java.math.BigInteger; +import java.security.NoSuchAlgorithmException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; @@ -8,6 +10,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import com.coding.util.Coding; import com.skic.DTO.UserDTO; import com.skic.service.CheckRegisterService;; @@ -30,12 +33,18 @@ public class CheckRegisterServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } - public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{ request.setCharacterEncoding("utf-8"); String userName = request.getParameter("userName"); String realName = request.getParameter("realName"); String email = request.getParameter("email"); - String passWord = request.getParameter("passWord1"); + String passWord = request.getParameter("passWord"); + String passWordBase64 = null; + try { + passWordBase64 = new BigInteger(Coding.encryptSHA(passWord.getBytes())).toString();//对密码进行加密处理 + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } String tel = request.getParameter("tel"); RequestDispatcher rd = null; String forwardString = null; @@ -46,7 +55,7 @@ public class CheckRegisterServlet extends HttpServlet { }else { UserDTO user = new UserDTO(); user.setUserName(userName); - user.setPassword(passWord); + user.setPassword(passWordBase64); user.setRealName(realName); user.setEmail(email);; user.setPhoneNum(tel);