博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
JavaMail学习笔记(七)、帐号激活与忘记密码 实例
阅读量:6032 次
发布时间:2019-06-20

本文共 16473 字,大约阅读时间需要 54 分钟。

hot3.png

一、帐户激活

          在很多时候,在某些网站注册一个用户之后,网站会给这个用户注册时填写的email地址发送一封帐户激活邮件,这封邮件的内容就是一个激活帐户链接和一段简短的文字描述,如果用户没有去邮箱将帐户激活,可能在使用网站的某些功能时就会受到限制,比如不能发贴、下载资料、评论等限制。这么做的原因应该是为了保证帐户的安全性和邮箱的有效性,以后网站如果有什么活动、资讯或系统安全通知等,可以在第一时间通知到用户。比如我在奇艺视频网站注册一个帐号之后,它就会往我注册时填写的邮箱中发一封帐户激活的邮件,邮件中有一个激活的链接,点击它就可以将你的帐户激活。如下图所示:

这个功能是怎么做到的呢,其实实现也是很简单的,说白了就是一个Update操作。

实现思路:当一个用户注册成功之后,系统向用户注册时提供的email地址发送一封邮件,邮件的内容是一个激活帐户的链接和一段简短的文字描述,这个链接的功能就是将这个帐户的状态修改成激活状态。这个功能的重点在于如何生成这个激活帐户的链接。直接可以联想到的方法就是建一个Servlet,Servlet接收一个用户名参数,Servlet拿到用户名参数之后,到数据库把这条记录load出来,做一次update操作即可。但是这样做会有风险,比如有人想在你的网站上搞破坏,注册时他填的email地址就是乱填的,这个Email地址可能根本就收不到邮件(但符合email格式),注册完成之后,然后在浏览器地址栏输入网站之前发送的帐户激活链接,并加上新注册的用户名参数,这样一来就跳过了去邮箱激活的步聚,时间久了,库中可能会留下许多无效的email地址和帐户。为了避免这个问题,解决方案是在用户注册成功之后,在发送激活帐户的链接中加一个随机码,这个随机码是将用户名和一个随机数用md5加密后的一串16进制字符串,每次用户在激活帐户的时候,都验证这个随机码是否和注册时发送的一致,这样就可以避免人为的修改激活链接达到帐户激活的功能。

二、忘记密码

          当你在某网站注册一个帐户之后,发现这个帐户很久没用了,密码也忘记了,如果还记得之前注册时填写的Email,那就可以向你的email中发一个重设密码的链接,就可以重新设置你的密码。大部份网站一般都提供了根据Email找回密码的功能。实现此功能的思路:在登录界面添加一个“忘记密码的链接,用户点击进去之后,输入用户名或Email,系统根据用户名或Email找出用户信息,并生成一个重新设置密码的链接发送到用户的邮箱中(生成链接的方式和生成帐户激活链接的方式一样),用户在邮箱中点击重设密码的链接,根据提示进入密码重设页面,重新输入新的密码即可。

功能实现步聚(帐号激活):

1、用户注册页面

用户名:
${errors.userName}
密码:
${errors.password}
确认密码:
${errors.password2}
email:
${errors.email}

2、处理注册请求的Servlet(RegisterServlet)

package org.study.accountactivate.web.servlet;import java.io.IOException;import java.util.HashMap;import java.util.Map;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.study.accountactivate.dao.UserDao;import org.study.accountactivate.dao.impl.UserDaoImpl;import org.study.accountactivate.domail.User;import org.study.accountactivate.util.EmailUtils;/** * 用户注册 */public class RegisterServlet extends HttpServlet {	private static final long serialVersionUID = 1L;		private UserDao userDao = UserDaoImpl.getInstance();       	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		doPost(request, response);	}	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		String userName = request.getParameter("userName");		String password = request.getParameter("password");		String password2 = request.getParameter("password2");		String email = request.getParameter("email");				Map
errors = new HashMap
(); if (userName == null || "".equals(userName)) { errors.put("userName", "用户名不能为空!"); } else if (userName != null && userDao.findUserByName(userName) != null) { errors.put("userName", "该用户已注册!"); } if (password == null || "".equals(password)) { errors.put("password","密码不能为空!"); } else if (password != null && password.length() < 3) { errors.put("password","密码长度不能低于3位!"); } if (password2 == null || "".equals(password2)) { errors.put("password2", "确认密码不能为空!"); } else if (password2 != null && !password2.equals(password)) { errors.put("password2", "两次输入的密码不一致!"); } if (email == null || "".equals(email)) { errors.put("email", "email不能为空!"); } else if (email != null && !email.matches("[0-9a-zA-Z_-]+@[0-9a-zA-Z_-]+\\.[0-9a-zA-Z_-]+(\\.[0-9a-zA-Z_-])*")) { errors.put("email", "email格式不正确!"); } if (!errors.isEmpty()) { request.setAttribute("errors", errors); request.getRequestDispatcher("/registerUI").forward(request, response); return; } User user = new User(); user.setUserName(userName); user.setPassword(password); user.setEmail(email); user.setActivated(false); userDao.addUser(user); // 注册成功后,发送帐户激活链接 EmailUtils.sendAccountActivateEmail(user); // 注册成功直接将当前用户保存到session中 request.getSession().setAttribute("user", user); request.getRequestDispatcher("/WEB-INF/pages/registerSuccess.jsp").forward(request,response); }}

3、激活帐户的Servlet(ActivateAccountServle)

package org.study.accountactivate.web.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.study.accountactivate.dao.UserDao;import org.study.accountactivate.dao.impl.UserDaoImpl;import org.study.accountactivate.domail.User;import org.study.accountactivate.util.GenerateLinkUtils;/** * 帐户激活 */public class ActivateAccountServlet extends HttpServlet {	private static final long serialVersionUID = 1L;       	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		String idValue = request.getParameter("id");		int id = -1;		try {			id = Integer.parseInt(idValue);		} catch (NumberFormatException e) {			throw new RuntimeException("无效的用户!");		}		UserDao userDao = UserDaoImpl.getInstance();		User user = userDao.findUserById(id);// 得到要激活的帐户		user.setActivated(GenerateLinkUtils.verifyCheckcode(user, request));// 校验验证码是否和注册时发送的一致,以此设置是否激活该帐户		userDao.updateUser(user);				request.getSession().setAttribute("user", user);				request.getRequestDispatcher("/accountActivateUI").forward(request, response);	}	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		doGet(request, response);	}}
4、操作用户的DAO接口与实现类(UserDao和UserDaoImpl类)

package org.study.accountactivate.dao;import org.study.accountactivate.domail.User;public interface UserDao {	void addUser(User user);		void updateUser(User user);		User findUserById(int id);		User findUserByName(String userName);		User findUserByNameOrEmail(String nameOrEmail);}package org.study.accountactivate.dao.impl;import java.util.Collection;import java.util.HashMap;import java.util.Iterator;import java.util.Map;import java.util.UUID;import org.study.accountactivate.dao.UserDao;import org.study.accountactivate.domail.User;public class UserDaoImpl implements UserDao {		private static UserDaoImpl instance = new UserDaoImpl();		private UserDaoImpl() {}		public static UserDaoImpl getInstance() {		return instance;	}		Map
users = new HashMap
(); int nextId = 1; @Override public void addUser(User user) { user.setId(nextId++); user.setRandomCode(UUID.randomUUID().toString()); users.put(user.getId(), user); } @Override public void updateUser(User user) { users.put(user.getId(), user); } @Override public User findUserById(int id) { return users.get(id); } @Override public User findUserByName(String userName) { Collection
userValues = users.values(); for (Iterator
iterator = userValues.iterator();iterator.hasNext();) { User user = iterator.next(); if (user.getUserName().equals(userName)) { return user; } } return null; } @Override public User findUserByNameOrEmail(String nameOrEmail) { Collection
userValues = users.values(); for(Iterator
iterator = userValues.iterator();iterator.hasNext();) { User user = iterator.next(); if (user.getEmail().equals(nameOrEmail) || user.getUserName().equals(nameOrEmail)) { return user; } } return null; }}
5、发送Email的工具类(EmailUtils,用于发送帐户激活链接和密码重置链接)

package org.study.accountactivate.util;import java.io.IOException;import java.io.InputStream;import java.util.Date;import java.util.Properties;import javax.mail.Authenticator;import javax.mail.Message.RecipientType;import javax.mail.PasswordAuthentication;import javax.mail.Session;import javax.mail.Transport;import javax.mail.internet.InternetAddress;import javax.mail.internet.MimeMessage;import org.study.accountactivate.domail.User;public class EmailUtils {		private static final String FROM = "xyang81@163.com";	/**	 * 注册成功后,向用户发送帐户激活链接的邮件	 * @param user 未激活的用户	 */	public static void sendAccountActivateEmail(User user) {		Session session = getSession();		MimeMessage message = new MimeMessage(session);		try {			message.setSubject("帐户激活邮件");			message.setSentDate(new Date());			message.setFrom(new InternetAddress(FROM));			message.setRecipient(RecipientType.TO, new InternetAddress(user.getEmail()));			message.setContent("点击激活帐户","text/html;charset=utf-8");			// 发送邮件			Transport.send(message);		} catch (Exception e) {			e.printStackTrace();		}	}		/**	 * 发送重设密码链接的邮件	 */	public static void sendResetPasswordEmail(User user) {		Session session = getSession();		MimeMessage message = new MimeMessage(session);		try {			message.setSubject("找回您的帐户与密码");			message.setSentDate(new Date());			message.setFrom(new InternetAddress(FROM));			message.setRecipient(RecipientType.TO, new InternetAddress(user.getEmail()));			message.setContent("要使用新的密码, 请使用以下链接启用密码:
点击重新设置密码","text/html;charset=utf-8"); // 发送邮件 Transport.send(message); } catch (Exception e) { e.printStackTrace(); } } public static Session getSession() { Properties props = new Properties(); props.setProperty("mail.transport.protocol", "smtp"); props.setProperty("mail.smtp.host", "smtp.163.com"); props.setProperty("mail.smtp.port", "25"); props.setProperty("mail.smtp.auth", "true"); Session session = Session.getInstance(props, new Authenticator() { @Override protected PasswordAuthentication getPasswordAuthentication() { String password = null; InputStream is = EmailUtils.class.getResourceAsStream("password.dat"); byte[] b = new byte[1024]; try { int len = is.read(b); password = new String(b,0,len); } catch (IOException e) { e.printStackTrace(); } return new PasswordAuthentication(FROM, password); } }); return session; }}

6、生成帐户激活、密码重设链接的工具类(GenerateLinkUtils)

package org.study.accountactivate.util;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;import javax.servlet.ServletRequest;import org.study.accountactivate.domail.User;/** * 生成帐户激活、重新设置密码的链接 */public class GenerateLinkUtils {		private static final String CHECK_CODE = "checkCode";		/**	 * 生成帐户激活链接	 */	public static String generateActivateLink(User user) {		return "http://localhost:8080/AccountActivate/activateAccount?id=" 				+ user.getId() + "&" + CHECK_CODE + "=" + generateCheckcode(user);	}		/**	 * 生成重设密码的链接	 */	public static String generateResetPwdLink(User user) {		return "http://localhost:8080/AccountActivate/resetPasswordUI?userName=" 				+ user.getUserName() + "&" + CHECK_CODE + "=" + generateCheckcode(user);	}		/**	 * 生成验证帐户的MD5校验码	 * @param user  要激活的帐户	 * @return 将用户名和密码组合后,通过md5加密后的16进制格式的字符串	 */	public static String generateCheckcode(User user) {		String userName = user.getUserName();		String randomCode = user.getRandomCode();		return md5(userName + ":" + randomCode);	}		/**	 * 验证校验码是否和注册时发送的验证码一致	 * @param user 要激活的帐户	 * @param checkcode 注册时发送的校验码	 * @return 如果一致返回true,否则返回false	 */	public static boolean verifyCheckcode(User user,ServletRequest request) {		String checkCode = request.getParameter(CHECK_CODE);		return generateCheckcode(user).equals(checkCode);	}	private static String md5(String string) {		MessageDigest md = null;		try {			md = MessageDigest.getInstance("md5");			md.update(string.getBytes());			byte[] md5Bytes = md.digest();			return bytes2Hex(md5Bytes);		} catch (NoSuchAlgorithmException e) {			e.printStackTrace();		}				return null;	}		private static String bytes2Hex(byte[] byteArray)	{		StringBuffer strBuf = new StringBuffer();		for (int i = 0; i < byteArray.length; i++)		{			if(byteArray[i] >= 0 && byteArray[i] < 16)			{				strBuf.append("0");			}			strBuf.append(Integer.toHexString(byteArray[i] & 0xFF));		}		return strBuf.toString();	}}

7、实体类(User)

package org.study.accountactivate.domail;public class User {	// 编号	private int id;	// 用户名	private String userName;	// 密码	private String password;	// email	private String email;	// 是否激活	private boolean activated;	// 随机码(激活帐户与生成重设密码链接时使用)	private String randomCode;		public int getId() {		return id;	}	public void setId(int id) {		this.id = id;	}	public String getUserName() {		return userName;	}	public void setUserName(String userName) {		this.userName = userName;	}	public String getPassword() {		return password;	}	public void setPassword(String password) {		this.password = password;	}	public boolean isActivated() {		return activated;	}	public void setActivated(boolean activated) {		this.activated = activated;	}	public String getRandomCode() {		return randomCode;	}	public void setRandomCode(String randomCode) {		this.randomCode = randomCode;	}	public String getEmail() {		return email;	}	public void setEmail(String email) {		this.email = email;	}}

功能实现步骤(忘记密码):

1、登录页面

${errors.loginError} 用户名:
${errors.userName}
密码:
${errors.password}
 
忘记密码? 
注册

2、发送重设密码申请的页面

${requestScope.sendMailMsg} 用户名/邮箱:
${requestScope.errorMsg}

3、处理“发送重设密码链接“请求的Servlet(ForgotPwdServlet)

package org.study.accountactivate.web.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.study.accountactivate.dao.UserDao;import org.study.accountactivate.dao.impl.UserDaoImpl;import org.study.accountactivate.domail.User;import org.study.accountactivate.util.EmailUtils;/** * 发送重设密码申请的链接 */public class ForgotPwdServlet extends HttpServlet {		private static final long serialVersionUID = 1L;	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		String userNameOrEmail = request.getParameter("userNameOrEmail");		UserDao userDao = UserDaoImpl.getInstance();		User user = userDao.findUserByNameOrEmail(userNameOrEmail);		if (user == null) {			request.setAttribute("errorMsg", userNameOrEmail + ",不存在!");			request.getRequestDispatcher("/forgotPwdUI").forward(request, response);			return;		}				// 发送重新设置密码的链接		EmailUtils.sendResetPasswordEmail(user);				request.setAttribute("sendMailMsg", "您的申请已提交成功,请查看您的"+user.getEmail()+"邮箱。");				request.getRequestDispatcher("/WEB-INF/pages/forgotPwdSuccess.jsp").forward(request, response);	}	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		doGet(request, response);	}}
4、重新设置密码的页面

${errors.passwordError} 用户名:
新密码:
${errors.newPassword }
确认新密码:
${errors.newPassword2 }
5、处理重新设置密码请求的Servlet(ResetPasswordServlet)
package org.study.accountactivate.web.servlet;import java.io.IOException;import java.util.HashMap;import java.util.Map;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.study.accountactivate.dao.UserDao;import org.study.accountactivate.dao.impl.UserDaoImpl;import org.study.accountactivate.domail.User;/** * 重新设置密码 */public class ResetPasswordServlet extends HttpServlet {	private static final long serialVersionUID = 1L;       	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {		String userName = request.getParameter("userName");		String newPassword = request.getParameter("newPassword");		String newPassword2 = request.getParameter("newPassword2");		Map
errors = new HashMap
(); if (newPassword == null || "".equals(newPassword)) { errors.put("newPassword", "新密码不能为空!"); } if (newPassword2 == null || "".equals(newPassword2)) { errors.put("newPassword2", "确认新密码不能为空!"); } if (!newPassword.equals(newPassword2)) { errors.put("passwordError", "两次输入的密码不一致!"); } if (!errors.isEmpty()) { request.setAttribute("errors", errors); request.getRequestDispatcher("/resetPasswordUI?userName=" + userName).forward(request, response); return; } UserDao userDao = UserDaoImpl.getInstance(); User user = userDao.findUserByName(userName); user.setPassword(newPassword); request.getRequestDispatcher("/WEB-INF/pages/resetPasswordSuccess.jsp").forward(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); }}

帐户激活操作流程:

1)、注册页面

  

2)、注册成功页面

 

3)、帐户未激活,登录后的界面

4)、前往邮箱中激活帐户

5)、激活成功

6)、帐户已激活,登录后的界面

忘记密码操作流程:

1)、登录页面(点击“忘记密码”链接,进入重设密码页面)

2、重设密码申请页面(输入用户名或邮箱,点击“提交”按钮)

3、重设密码申请成功页面

4、邮箱中重设密码的链接

5、重新设置密码页面

6、密码重新设置成功页面

转载于:https://my.oschina.net/xyang0917/blog/357777

你可能感兴趣的文章
数组实例
查看>>
window.open 打开新窗口被拦截的解决方案
查看>>
如何删除Git仓库中冗余的tag?
查看>>
October CMS - 快速入门 5 创建插件
查看>>
SpringMVC之源码分析--LocaleResolver(三)
查看>>
Vue 中 proxy代理
查看>>
Node.js教程第一篇—— Node.js 基础
查看>>
初识react高阶组件
查看>>
深入理解Java虚拟机到底是什么
查看>>
Python 基础
查看>>
GitHub CEO:GitHub 十年,感谢有你
查看>>
php与ethereum客户端交互
查看>>
JavaFx系列教程之一:JavaFx+Springboot+Maven 开发打包教程
查看>>
67 个拯救前端开发者的工具、库和资源
查看>>
leetcode median of two sorted arrays C语言实现
查看>>
iOS微信内存监控
查看>>
解决vue开发环境跨域问题
查看>>
Flutter 初尝:从 Java 无缝过渡
查看>>
Canvas画板---手机上也可以用的画板
查看>>
Linux
查看>>