“您必须输入密码，密码中至少包含一个小写数字和一个符号” Java EE

由 wsed发布于 2020-05-24 03:23:20

我想加强用户注册时的密码要求。

我在servlet Registration.java中编写了以下代码：

  public static boolean checkpassword(password){
        boolean hasNum = false; boolean hasCap = false; boolean hasLow = false; char c; 
        for (int i = 0; i< password.length();i++)
        {
            c = password.charAt(i);
            if (Character.isDigit(c))
            {
                hasNum = true;
            }
            else if (Character.isUpperCase(c)) {

                hasCap = true;
            }
            else if (Character.isLowerCase(c)){

                hasLow = true;
                                }
            else if (hasNum && hasCap && hasLow) {
                return true;
            }

        }
        return false;

    }

但是，我不知道将其放在下面的servlet中的位置：

public class Register extends HttpServlet {
    public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {

        response.setContentType("text/html");
        PrintWriter out = response.getWriter();

        String firstname = request.getParameter("firstname");
        String lastname = request.getParameter("lastname");
        String email = request.getParameter("email");
        String password = request.getParameter("password");
        String password1 = request.getParameter("password1");
        String country = request.getParameter("country");
        String city = request.getParameter("city");
        String address = request.getParameter("address");
        String postalcode = request.getParameter("postalcode");



        if (password == password1 && email.contains("@")) {

            try {
                Class.forName("org.sqlite.JDBC");
                Connection con = DriverManager
                    .getConnection("jdbc:sqlite:/Users/Oussama/login.db");
                PreparedStatement ps = con
                    .prepareStatement("insert into users values(?,?,?,?,?,?,?,?,?)");
                ps.setString(2, firstname);
                ps.setString(3, lastname);
                ps.setString(4, email);
                ps.setString(5, password);
                ps.setString(6, country);
                ps.setString(7, city);
                ps.setString(8, address);
                ps.setString(9, postalcode);

                int i = ps.executeUpdate();
                if (i > 0)
                    out.print("You are successfully registered...");

                } catch (Exception e2) {
                System.out.println(e2);
            }

            out.close();
        }

        else {
            request.setAttribute("errorMessage",
                "Passwords do not match");
            request.getRequestDispatcher("/register.jsp").forward(request,
                response);
        }
    }
}

我尝试将它放在之前和之后，但是仍然有一个错误。

你们知道我将这段代码放在哪里吗（我认为这是可行的）？

先感谢您！

svero

2020-05-24 03:23:20

您检查密码强度的方法不完整。编写如下：

public static boolean isValidPassword(String password) {
    String pattern = "^(?=.*?\\p{Upper})(?=.*?\\p{Lower})(?=.*?[0-9])(?=.*?\\p{Punct}).{4,}";
    return password.matches(pattern);
}

说明：

At least one upper case letter (?=.*?\\p{Upper})
At least one lower case letter (?=.*?\\p{Lower})
At least one digit (?=.*?[0-9])
At least one special character (?=.*?\\p{Punct})
One each of the above makes at least 4 characters mandatory {4,}

Check Pattern to learn more about regex patterns.

快速演示：

public class Main {
    public static void main(String[] args) {
        // Test
        String[] testStrs = { "Hello", "Ab1#", "Abc123", "ABC123$" };
        for (String s : testStrs) {
            System.out.println(s + " -> " + (isValidPassword(s) ? "meets the criteria" : "does not meet the criteria"));
        }
    }

    public static boolean isValidPassword(String password) {
        String pattern = "^(?=.*?\\p{Upper})(?=.*?\\p{Lower})(?=.*?[0-9])(?=.*?\\p{Punct}).{4,}";
        return password.matches(pattern);
    }
}

输出：

Hello -> does not meet the criteria
Ab1# -> meets the criteria
Abc123 -> does not meet the criteria
ABC123$ -> does not meet the criteria

Never compare strings using == which compares the references; not the content. You have used

if (password == password1)

应该是

if (password.equals(password1))

I believe password and password1 pertain to the values from Password and Confirm password input fields. Use the isValidPassword method (mentioned above) as shown below:

//...
String password = request.getParameter("password");
String password1 = request.getParameter("password1");
//...

if (password.equals(password1) && isValidPassword(password) && email.contains("@")) {

    //...

}

wsed

这家伙很懒，什么都没留下

积分
0
话题
0
评论
3257
注册排名
1717