diff --git a/src/main/java/cn/palmte/work/controller/backend/AdminController.java b/src/main/java/cn/palmte/work/controller/backend/AdminController.java
index c35e1ad..633bb3c 100644
--- a/src/main/java/cn/palmte/work/controller/backend/AdminController.java
+++ b/src/main/java/cn/palmte/work/controller/backend/AdminController.java
@@ -49,12 +49,24 @@ public class AdminController extends BaseController {
public String singIn(RedirectAttributes attr, LoginRequest loginRequest, HttpServletRequest request) throws Exception {
String userName = loginRequest.getUserName();
String password = loginRequest.getPassword();
+ String captchaToken = loginRequest.getCaptchaToken();
+ String code;
String message;
- try {
+ try{
+ try{
+ code = request.getSession().getAttribute(CaptchaUtils.RANDOM_CODE_KEY).toString();
+ }catch(Exception e){
+ logger.info(e.getMessage() , e);
+ message ="验证码错误";
+ attr.addAttribute("errorMessages",message);
+ return "redirect:/admin/err";
+ }
try {
String privateKey = request.getSession().getAttribute(Constant.PRIVATEKEY).toString();
userName = new String(RSAUtils.decryptByPrivateKey(Base64Utils.decode(userName), privateKey));
password = new String(RSAUtils.decryptByPrivateKey(Base64Utils.decode(password), privateKey));
+ captchaToken = new String(RSAUtils.decryptByPrivateKey(Base64Utils.decode(captchaToken),privateKey));
+ logger.info("username:" + userName + ",password:" + password + ",captcha:" + captchaToken);
} catch (Exception e) {
logger.error("解密出错", e);
attr.addAttribute("errorMessages", "用户名密码错误");
@@ -66,6 +78,15 @@ public class AdminController extends BaseController {
attr.addAttribute("errorMessages", message);
return "redirect:/admin/err";
}
+ if(!captchaToken.toUpperCase().equals(code)){
+ message ="验证码错误!";
+ attr.addAttribute("errorMessages",message);
+ return "redirect:/admin/err";
+ }
+ /**
+ * 移除验证数据
+ */
+ request.getSession().removeAttribute(CaptchaUtils.RANDOM_CODE_KEY);
Admin admin = adminService.getAdminByUsername(userName);
if (null == admin) {
message = "用户名或密码错误~~~";
diff --git a/src/main/resources/templates/admin/admin_login.ftl b/src/main/resources/templates/admin/admin_login.ftl
index 8b30c7b..4a0f45e 100644
--- a/src/main/resources/templates/admin/admin_login.ftl
+++ b/src/main/resources/templates/admin/admin_login.ftl
@@ -78,14 +78,13 @@
- <#--
-->
+
@@ -120,7 +119,7 @@
};
$().ready( function() {
- /*var $captcha = $("#captcha");
+ var $captcha = $("#captcha");
var $captchaImage = $("#captchaImage");
$captchaImage.click( function() {
@@ -131,7 +130,7 @@
}
imageSrc = imageSrc + "?timestamp=" + timestamp + "&width=100&height=35&fontsize=30";
$captchaImage.attr("src", imageSrc);
- });*/
+ });
//登录
@@ -145,10 +144,10 @@
} else if(passwd.length == 0) {
$("#msg").html("密码不能为空");
return false;
- }/* else if(vcode.length != 4) {
+ } else if(vcode.length != 4) {
$("#msg").html("验证码错误");
return false;
- }*/
+ }
/* $("#password").val(encryptByDES(passwd,"C36DF8PM"));
$("#username").val(encryptByDES(username,"C36DF8PM"));
$("#captchaToken").val(encryptByDES(vcode,"C36DF8PM"));*/
@@ -160,7 +159,7 @@
console.log(encrypted);
$("#password").val(encrypt.encrypt(passwd));
$("#username").val(encrypt.encrypt(username));
- //$("#captchaToken").val(encrypt.encrypt(vcode));
+ $("#captchaToken").val(encrypt.encrypt(vcode));