java模拟登陆正方教务管理系统
学了java后想设计一个在线提交活动中心使用申请的web网站,但问题是学生身份的验证。开始时是设想每年爬取一次全校学生信息,但速度太慢了,而且学号的规律也不清楚。然后想到借用教务管理系统自带的验证功能,这样不用更新数据库,但是每到抢课或查成绩的时候教务管理系统总会比较卡,但其他大部分时间都没问题,所以就采用模拟登陆教务管理系统的方式来验证登录用户的身份。
登录教务管理系统需要输入学号、密码、验证码以及用户身份,因为是验证学生身份的,所以身份这一项固定死为学生。经过实验发现验证码是由另外的js生成验证的,而且默认0为正确,所以验证码可以不用输入。在firefox上用adblock屏蔽了验证码的js,然后直接输学号和密码就能登录了。
通过调试功能查看发送的数据。第一个数据的值在网页中是固定的,但不知道是否会换,所以用java的正则获取这个值,第二个是学号,第三个是密码,第四个是验证码,第五个是登录身份,后两个不知道是什么。
登录页面是default2.aspx,登录成功后的页面是xs_main.aspx,只要检测返回地址是否匹配就能验证登录是否成功了。
实际测试可以验证成功。
相关代码:
package www.wamgk.com;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
/**
* Servlet implementation class ckecklogin
*/
@WebServlet("/acms/ckecklogin")
public class ckecklogin extends HttpServlet {
private static final long serialVersionUID = 1L;
private String VIEWSTATE;
String targeturl="http://jwgl.hunnu.edu.cn";
/**
* @see HttpServlet#HttpServlet()
*/
public ckecklogin() {
super();
// TODO Auto-generated constructor stub
PrintWriter out = null;
BufferedReader in = null;
try {
URL realUrl = new URL(targeturl);
// 打开和URL之间的连接
URLConnection conn = realUrl.openConnection();
// 设置通用的请求属性
conn.setRequestProperty("accept", "*/*");
conn.setRequestProperty("connection", "Keep-Alive");
conn.setRequestProperty("user-agent","Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0");
// 发送POST请求必须设置如下两行
conn.setDoOutput(true);
conn.setDoInput(true);
// 获取URLConnection对象对应的输出流
out = new PrintWriter(conn.getOutputStream());
// 发送请求参数
//out.print(param);
// flush输出流的缓冲
out.flush();
// 定义BufferedReader输入流来读取URL的响应
in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
Pattern pattern = Pattern.compile("name=\"__VIEWSTATE\" value=\"([a-zA-Z0-9]*)\"");
//Matcher matcher;
String line;
for(;(line = in.readLine()) != null;) {
//System.out.printf("%3d-->",i);
//System.out.println(line);
Matcher matcher = pattern.matcher(line);
//System.out.println(matcher.matches());//匹配结果
if(matcher.find()){//输出匹配成功的字符串
//System.out.println(" - "+matcher.group(0));
//System.out.println("VIEWSTATE - "+matcher.group(1));
VIEWSTATE=matcher.group(1);
break;
}
}
System.out.println("VIEWSTATE :" + VIEWSTATE);
} catch (Exception e) {
e.printStackTrace();
}finally{
try{
if(out!=null){
out.close();
}
if(in!=null){
in.close();
}
}
catch(IOException ex){
ex.printStackTrace();
}
}
}
protected int checkXhAnsPwd(String xh,String pwd){
String location;
try {
URL realUrl1 = new URL(targeturl);
HttpURLConnection connurl = (HttpURLConnection)realUrl1.openConnection();
connurl.setRequestMethod("GET");
// 必须设置false,否则会自动redirect到Location的地址
connurl.setInstanceFollowRedirects(false);
connurl.addRequestProperty("Accept-Charset", "UTF-8;");
connurl.addRequestProperty("User-Agent","Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0");
//connurl.addRequestProperty("Referer", "http://zuidaima.com/");
connurl.connect();
location = targeturl+connurl.getHeaderField("Location");
System.out.println(location);
//建立连接
URL url=new URL(location);
HttpURLConnection httpConn=(HttpURLConnection)url.openConnection();
//设置参数
httpConn.setDoOutput(true); //需要输出
httpConn.setDoInput(true); //需要输入
httpConn.setUseCaches(false); //不允许缓存
httpConn.setRequestMethod("POST"); //设置POST方式连接
//设置请求属性
httpConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
httpConn.setRequestProperty("Connection", "Keep-Alive");// 维持长连接
httpConn.setRequestProperty("Charset", "UTF-8");
//连接,也可以不用明文connect,使用下面的httpConn.getOutputStream()会自动connect
httpConn.connect();
//建立输入流,向指向的URL传入参数
DataOutputStream dos=new DataOutputStream(httpConn.getOutputStream());
dos.writeBytes("__VIEWSTATE="+VIEWSTATE+"&TextBox1="+xh+"&TextBox2="+pwd+"&RadioButtonList1=%D1%A7%C9%FA&Button1=a");
dos.flush();
dos.close();
//获得响应状态
//int resultCode=httpConn.getResponseCode();
//System.out.println(resultCode);
if(HttpURLConnection.HTTP_OK==httpConn.getResponseCode()){
BufferedReader responseReader=new BufferedReader(new InputStreamReader(httpConn.getInputStream()));
responseReader.close();
//登录成功返回包含xs_main.aspx字符串
location=httpConn.getURL().toString();
System.out.println(location);
if(location.indexOf("xs_main.aspx")!=-1){
//未找到则登录失败
return 0;
}
}
return 1;
} catch (Exception e) {
e.printStackTrace();
}
return -1;
}
protected int checkuserinfo(String name,String pwd){
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
//System.out.println("check");
try {
if(checkXhAnsPwd(name,pwd)==0){
//学生
return 0;
}
else{
//管理员
conn = C3P0cnn.getConnection();
stmt = conn.createStatement();
//查询管理员表
ResultSet rs2 = stmt.executeQuery("select pwd,authority from t_admin where name='"+name+"'");
//System.out.println("is admin");
while (rs2.next()) {
if(pwd.equals(rs2.getString("pwd"))==true){
//System.out.println("is admin authority="+rs2.getString("authority"));
return Integer.parseInt(rs2.getString("authority"));
}
}
//System.out.println("not admin");
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (rs != null)
rs.close();
if (stmt != null)
stmt.close();
if (conn != null)
conn.close();
} catch (Exception e) {
e.printStackTrace();
}
}
return -1;
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setCharacterEncoding("UTF-8");
String name=request.getParameter("name");
String pwd=request.getParameter("pwd");
System.out.println("name="+name+"-pwd="+"*");
HttpSession session = request.getSession();
session.setAttribute("name",name);//在服务器端存储"键-值对"
PrintWriter out = response.getWriter();
JSONObject json = new JSONObject();
int tmp=checkuserinfo(name,pwd);
switch(tmp){
case -1:
json.put("code","0");
json.put("msg","用户名或密码错误");
//session.setAttribute("msg","用户名或密码错误");
break;
default:
json.put("code","1");
json.put("msg","登陆成功");
session.setAttribute("authority",tmp);
}
out.write(json.toString());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}