Jsp email password retrieval Overview

Source: Internet
Author: User
Tags md5 digest mail account

Jsp email password retrieval Overview


Generally, when logging on to a large website, you can retrieve the password if you forget the password.
The approximate method under the number of details:
1. directly send the password to your mailbox. It is generally a temporary password. 2. Text message verification, high cost. 3. Security Questions 4. Send a link to your mailbox and click to change the password.
I personally think that the fourth method is the most cost-effective, and this is also the main process.

After one night, the mail sending function was written into 300 lines. Many of them were comments and spaces. Some of them were told by roommates that python was used to write only 20 lines, so they could not help but worship PYTHON! However, no matter how it is written or encapsulated, it will be convenient to use it next time. Most of the Code is written on the Internet and by yourself.

First, let's talk about the following ideas:
For details, refer to http://blog.yidongzhifu.net/2014/03/07/mailbox retrieval password function. When you enter your own email address, you need to check whether the email address matches the email address bound to the user ID. Only when the email address matches the user ID. The most important link in this email is url = baseUrl + "? Uid = "+ uid +" & validkey = "+ validkey; this address contains two parameters: id of the id user, validkey verification code, which is a string encrypted by MD5. MD5 verification is used to ensure that files are not modified during transmission, the encrypted string should contain the user id + expiration time + random validkey = md5 (uid + "|" + outdate + "|" + secretKey );

To put it bluntly, you have to enter your account and email to retrieve your password. Then the system determines that the account and email address match. Then, at this moment, write the information (usrId, outdate, url) in another table, that is, your ID and expiration time (with the current time plus the validity period of X minutes ), the URL is the sent link.
Sent link = baseUrl + "? Uid = "+ uid +" & validkey = "+ validkey;
For example, my local address is localhost: 8080/homeSeller/resetPassword. jsp, which is the page address for resetting the password. Then I add '? 'Enter the passed attributes and corresponding values to pass the value. For example, my link: localhost: 8080/homeSeller/resetPassword. jsp? Uid = zhuang123 & validkey = 36b0f42412de6d2b0d3b2dc044f9a27d indicates the input id and vaildkey. We have already written it to the database!

After the information is filled in, use JAVAMAIL to send an email to the specified mailbox. Click the link and pass the value. In this case, check in JSP whether the validkey of the corresponding userId is the same as that in the database, and whether the currentTime is larger than the outdate to determine whether it expires. If all of these conditions are met, the password change page is displayed. Changing the password is a simple SQL statement.

OK. The following code is used:
(1) database layer (DAO): the code for inserting information into the database mentioned above (the code is simple to add, delete, modify, and query)
// Retrieve the password and insert information. The date here is java. SQL. datepublic int insertInfor (Connection con, String userId, String email, Timestamp date, String signature) throws SQLException {String SQL = insert into findPass (userId, email, outdate, signature) values (?,?,?,?); PreparedStatement pstmt = con. prepareStatement (SQL); pstmt. setString (1, userId); pstmt. setString (2, email); pstmt. setTimestamp (3, date); pstmt. setString (4, signature); int res = pstmt.exe cuteUpdate (); pstmt. close (); con. close (); return res;} // retrieve the password and check whether the password can be changed to public boolean isChangePass (String userId, String validkey) throws Exception {DbUtil dbUtil = new DbUtil (); connection con = dbUtil. getCon (); String SQL = s Elect * from findPass where userId = ?; PreparedStatement pstmt = con. prepareStatement (SQL); pstmt. setString (1, userId); ResultSet res = pstmt.exe cuteQuery (); if (res. last () {String signature = res. getString (signature); if (! Validkey. equals (signature) {pstmt. close (); con. close (); return false;} else {long current = System. currentTimeMillis (); long time = res. getTimestamp (outdate ). getTime (); if (current> time) {pstmt. close (); con. close (); return false;} else {pstmt. close (); con. close (); return true ;}} else {pstmt. close (); con. close (); return false ;}}

(2) Servlet code is handled based on the corresponding ideas
Public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// String method = request for splitting. getParameter (method); if (method. equals (find) {String userId = request. getParameter (userId); String userEmail = request. getParameter (userEmail); Connection con = null; try {con = dbUtil. getCon ();} catch (Exception e) {// TODO Auto-generated catch blocke. printSta CkTrace () ;}boolean flag = false; try {flag = userDao. judgeUserEamil (userId, userEmail);} catch (Exception e1) {// TODO Auto-generated catch blocke1.printStackTrace ();} if (flag) {long currentTime = System. currentTimeMillis () + 120000; Date time = new Date (currentTime); Timestamp ts = new Timestamp (time. getTime (); Random random = new Random (); String key = userId + | + ts + | + random. nextInt (); String sig Nature = MD5Util. MD5 (key); try {int res = userDao. insertInfor (con, userId, userEmail, ts, signature); if (res = 1) {SendMail sendmail = new SendMail (); String url = localhost: 8080/homeSeller/resetPassword. jsp ++? Uid = + userId + & validkey = + signature; sendmail. send (userEmail, url) ;}} catch (SQLException e) {// TODO Auto-generated catch blocke. printStackTrace ();} catch (AddressException e) {// TODO Auto-generated catch blocke. printStackTrace ();} catch (MessagingException e) {// TODO Auto-generated catch blocke. printStackTrace () ;}} else {request. setAttribute (error, the user name does not match the email address. Please enter it again !);}} // Reset the password else if (method. equals (reset) {String userId = request. getParameter (userid); String password = request. getParameter (password1); try {Connection con = dbUtil. getCon (); userDao. updatePassword (con, userId, password); request. setAttribute (error, modification successful, please log on again !); Request. getRequestDispatcher (login. jsp). forward (request, response);} catch (Exception e) {// TODO Auto-generated catch blocke. printStackTrace ();}}

(3) Tool
There are two types of tool-type MD5 encryption, which implement the encryption of the validkey mentioned above to prevent manual identification.
Package com. homeSeller. util; import java. security. messageDigest; import java. security. messageDigest; public class MD5Util {public final static String MD5 (String s) {char hexDigits [] = {'0', '1', '2', '3 ', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D ', 'E', 'F'}; try {byte [] btInput = s. getBytes (); // The MessageDigest object that obtains the MD5 Digest algorithm. MessageDigest mdInst = MessageDigest. getInstance (MD5); // use the specified byte to update the abstract mdInst. update (btInput); // obtain the ciphertext byte [] md = mdInst. digest (); // converts the ciphertext to a hexadecimal string in the form of int j = md. length; char str [] = new char [j * 2]; int k = 0; for (int I = 0; I <j; I ++) {byte byte0 = md [I]; str [k ++] = hexDigits [byte0 >>> 4 & 0xf]; str [k ++] = hexDigits [byte0 & 0xf];} return new String (str);} catch (Exception e) {e. printStackTrace (); return null ;}} public static void main (String [] args) {System. out. println (MD5Util. MD5 (20121221); System. out. println (MD5Util. MD5 (encrypted ));}}

The second category is mail sending.
Reference http://www.cnblogs.com/codeplus/archive/2011/10/30/2229391.html java mail is to use the existing Mail account to send MAIL tools, for example, I registered a mailbox account in NetEase, through JAVA Mail control, I can not personally log on to Netease mailbox, allow the program to automatically send emails using Netease mail. This mechanism is widely used in registration activation and spam sending. JavaMail can be used.

The general process of JAVA mail sending is as follows:

1. Construct a specific class that inherits from javax. mail. Authenticator and override the getPasswordAuthentication () method. This type is used for login verification to ensure that you have the right to send emails to this mailbox.

2. Construct a properties file that stores SMTP server addresses and other parameters.

3. Create a javax. mail. Session by creating the properties file and the javax. mail. Authenticator class. Session creation is equivalent to logon mailbox. The rest is naturally new mail.

4. Construct the mail content, which is generally the javax. mail. internet. MimeMessage object, and specify the sender, recipient, subject, and content.

5. Use the javax. mail. Transport tool to send emails.

Here, the mail class I wrote for reference only supports SMTP and does not support the other two types, so there is no time to write the factory class. But SMTP should be enough. Today, TX has a BUG. If it cannot be sent, It will be OK if you change your mailbox.
1. First, it is a specific class inherited from javax. mail. Authenticator. The getPasswordAuthentication () method is to construct a PasswordAuthentication object and return it. It is a bit confusing with the design intent such as JAVA Mail, which may be javax. mail. authenticator provides us with additional security verification measures.
package com.homeSeller.util;import javax.mail.Authenticator;import javax.mail.PasswordAuthentication;public class MailAuthenticator extends Authenticator{private String username;private String password;public MailAuthenticator(String username,String password){this.username = username;this.password = password;}String getPassword(){return password;}@Overrideprotected PasswordAuthentication getPasswordAuthentication(){return new PasswordAuthentication(username,password);}String getUsername(){return username;}public void setPassword(String password){this.password = password;}public void setUsername(String username){this.username = username;}}

2. The mail sending class, and the rest of the steps are implemented in this class. SimpleMail in the Code encapsulates a POJO of the mail subject and content. I think it is inappropriate to include both the subject and content in a method parameter, so this method is reloaded. In addition, the SMTP server address of most mailboxes can be calculated by the mailbox address. To simplify the process, a constructor without the SMTP server address is provided.

Package com. homeSeller. util; import java. util. list; import java. util. properties; import javax. mail. messagingException; import javax. mail. session; import javax. mail. transport; import javax. mail. internet. addressException; import javax. mail. internet. internetAddress; import javax. mail. internet. mimeMessage; import javax. mail. internet. mimeMessage. recipientType; public class SimpleMailSender {/** simple email sender, which can be a single-shot, Mass Sending * // *** props file for sending emails */private final transient Properties props = System. getProperties ();/** email server logon verification */private transient MailAuthenticator authenticator;/*** email session */private transient Session session; /*** initialize the email sender ** @ param smtpHostName * SMTP mail server address * @ param username * User Name (address) of the email sent) * @ param password * password for sending the email */public SimpleMailSender (final String smtpHostName, final String username, final String password) {init (username, password, smtpHostName );} /***** initialize the email sender ** @ param username * User Name (Address) for sending the email ), resolve the SMTP server address * @ param password * password for sending emails **/public SimpleMailSender (final String username, final String password) {// parse the smtp server through the email address, use final String smtpHostName = smtp for most mailboxes. + username. split (@) [1]; init (username, password, smtpHostName);}/*** initialize the username (address) of the email sent by @ param username) * @ param password * @ param smtpHostName * SMTP host address */private void init (String username, String password, String smtpHostName) {// initialize propsprops. put (mail. smtp. auth, true); props. put (mail. smtp. host, smtpHostName); // authenticator = new MailAuthenticator (username, password); // create sessionsession = Session. getInstance (props, authenticator );} /*** send email ** @ param recipient * recipient's email address * @ param subject * @ param content * Email content ** @ throws AddressException * @ throws MessagingException */ public void send (String recipient, string subject, Object content) throws AddressException, MessagingException {// create a mime-type email final MimeMessage message = new MimeMessage (session); // set the sender message. setFrom (new InternetAddress (authenticator. getUsername (); // sets the recipient message. setRecipient (RecipientType. TO, new InternetAddress (recipient); // sets the topic message. setSubject (subject); // sets the message of the mail content. setContent (content. toString (), text/html; charset = UTF-8); // send Transport. send (message );} /***** send a group email ** @ param recipients * Recipient * @ param subject * @ param content * throws AddressException * throws MessagingException */public void send (List
Recipients, String subject, Object content) throws AddressException, MessagingException {// create a Mime-type email final MimeMessage message = new MimeMessage (session); // set the sender message. setFrom (new InternetAddress (authenticator. getUsername (); // sets the recipient's final int num = recipients. size (); InternetAddress [] addresses = new InternetAddress [num]; for (int I = 0; I
Recipients, SimpleMail mail) throws AddressException, MessagingException {send (recipients, mail. getSubject (), mail. getContent () ;}} 3. POJO: SimpleMailpackage com. homeSeller. util;/** SimpleMail * PROJ */public class SimpleMail {private String Content; private String Subject; public String getContent () {return Content;} public void setContent (String Content) {this. content = Content;} public String getSubject () {return Subject;} public void setSubject (String Subject) {this. subject = Subject ;}}

4. The final class used for sending
Package com. homeSeller. util; import java. util. list; import java. util. arrayList; import javax. mail. messagingException; import javax. mail. internet. addressException; public class SendMail {public void send (String email, String url) throws AddressException, MessagingException {SimpleMailSender sms = new SimpleMailSender (tianxia00115@163.com "," password); String recipients = email; sms. send (recipients, HomeSeller Dear HomeSeller, to retrieve your password, please click the following link within two minutes: + url + skip this message if it is not your own operation .);} Public static void main (String [] args) throws AddressException, MessagingException {SimpleMailSender sms = new SimpleMailSender (tianxia00115@163.com, 383160100033); ArrayList
Recipients = new ArrayList
(); Recipients. add (2867870421@qq.com); for (String recipient: recipients) {sms. send (recipients, test, hello hrwhisper .);}}}


At this point, we can connect all the things in a string to achieve password retrieval.
I didn't understand the principle before, and I didn't know what it was when I saw the mail. Now I understand the natural pleasure. Learning should be based on this process of continuous learning and constant satisfaction!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.