Springboot秒杀项目,前端经过MD5之后的数据与后端经过MD5之后的数据不一致

Springboot秒杀项目,前端经过MD5之后的数据与后端经过MD5之后的数据不一致

后端代码,MD5Util

package com.wyf.seckill.util;

import org.apache.commons.codec.digest.DigestUtils;

/**
 * @author: wyf
 * @date:2022/1/9 17:50
 */
public class MD5Util {

    public static String md5(String str){
        return DigestUtils.md5Hex(str);
    }

    private static final String salt = "1a2b3c4d";

    //输入的密码转化为表单的密码
    //千万要注意:str = “” + .... 等号后面千万不要忘记有一个空字符串,否则会导致前后端产生的formPass不一致
    public static String inputPassToFormPass(String inputPass){
        String str = salt.charAt(0) + salt.charAt(2) + salt.charAt(4) + inputPass
                + salt.charAt(1) + salt.charAt(3) + salt.charAt(5);
        return md5(str);
    }

    //将表单提交的密码转化为数据库密码
    public static String formPassToDbPass(String formPass, String saltDb){
        String str = saltDb.charAt(0) + saltDb.charAt(2) + saltDb.charAt(4) + formPass
                + saltDb.charAt(1) + saltDb.charAt(3) + saltDb.charAt(5);
        return md5(str);
    }

    //输入密码转化为数据库存储的密码
    public static String inputPassToDbPass(String inputPass, String saltDb){
       String formPass = inputPassToFormPass(inputPass);
       String dbPass = formPassToDbPass(formPass, saltDb);
       return dbPass;
    }

    //test MD5Util
    public static void main(String[] args) {
        String salt = "1a2b3c4d";
        String inputPass = "123456";
        System.out.println("inputPass = " + inputPass);
        String formPass = inputPassToFormPass(inputPass); //b6cbf730c11247792a5ddd6e056033b0
        System.out.println("formPass = " + formPass);
        String dbPass = inputPassToDbPass(formPass,salt);
        System.out.println("dbPass = " + dbPass);
    }
}

前端代码 login.html

<script>
    function login(){
        $("#loginForm").validate({
            submitHandler:function(form){
                doLogin(); //异步提交表单
            }
        });
    }
    function doLogin(){
        g_showLoading();
        var salt = g_passsword_salt;
        console.log("salt=" + salt);
        var input = $("#password").val();
        console.log("input=" + input);
        var str = salt.charAt(0) + salt.charAt(2) + salt.charAt(4) + input
            + salt.charAt(1) + salt.charAt(3) + salt.charAt(5);

        var password = md5(str);
        console.log("password=" + password);
        $.ajax({
            url:"/login/do_login",
            type:"POST",
            data:{
                mobile:$("#mobile").val(),
                password:password
            },
            success:function (data){
                layer.closeAll();
                console.log(data);
            },
            error:function (){
                layer.closeAll();
            }
        });
    }
</script>

前后端得到的经过之后不一致的原因

前端代码在拼接str字符串时,忘记先拼接一个"";
(1)将后端代码中的:

 String str = salt.charAt(0) + salt.charAt(2) + salt.charAt(4) + inputPass
                + salt.charAt(1) + salt.charAt(3) + salt.charAt(5);
String str = saltDb.charAt(0) + saltDb.charAt(2) + saltDb.charAt(4) + formPass
                + saltDb.charAt(1) + saltDb.charAt(3) + saltDb.charAt(5);

修改为:

 String str = "" + salt.charAt(0) + salt.charAt(2) + salt.charAt(4) + inputPass
                + salt.charAt(1) + salt.charAt(3) + salt.charAt(5);
String str = "" + saltDb.charAt(0) + saltDb.charAt(2) + saltDb.charAt(4) + formPass
                + saltDb.charAt(1) + saltDb.charAt(3) + saltDb.charAt(5);

(2)将前端代码中的:

   var str = salt.charAt(0) + salt.charAt(2) + salt.charAt(4) + input

修改为:

   var str = "" + salt.charAt(0) + salt.charAt(2) + salt.charAt(4) + input