Merge remote-tracking branch 'origin/master'

src/com/hellogithub/servlet/systemAdmin/AdminLoginServlet.java

@@ -11,9 +11,15 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang3.StringUtils;
 
 import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.text.SimpleDateFormat;
@@ -62,8 +68,14 @@ public class AdminLoginServlet extends HttpServlet {
         System.out.println(loginTime);
 
         // 从session中获取图形验证码
-        HttpSession session = req.getSession();
-
+        String userCode = req.getParameter("code"); // 用户输入的图形验证码
+        // 从session中获取图形验证码
+        HttpSession session = (HttpSession) req.getSession();
+        String sessionCode = (String) session.getAttribute(RandomValidateCode.RANDOMVALIDATECODE);
+        if (!sessionCode.equalsIgnoreCase(userCode)) {
+            setResultError("验证码错误！", writer);
+            return;
+        }
         // 在调用业务逻辑层
         adminEntity adminEntity = adminService.adminLogin(adminName, adminPwd,loginTime);
         if (adminEntity == null) {
@@ -73,7 +85,7 @@ public class AdminLoginServlet extends HttpServlet {
         }
 
         // 能够db中查询到对象 登录成功了  将管理员数据存放在session中
-        session = req.getSession();
+        session = (HttpSession) req.getSession();
         session.setAttribute("admin", adminEntity);
         setResultOK("登录成功！", writer);
     }