1. 首页
  2. 问答
  3. 如何限制登录尝试?

如何限制登录尝试?

2012-02-21 94 views
0

您好我必须限制用户的登录尝试....并更新插入“是”,如果用户超过登录尝试在数据库的“IsBlocked”列如何限制登录尝试?

我正在处理代码...我不知道什么在我的代码中的错误,我不能icrement的failedattempts .....下面是代码我工作的

  SqlConnection con2 = new SqlConnection(connstring); 
      string cmd1 = "select Emp_IsBlocked from dbo.PTS_Employee where Emp_Username='" + EmployeeName + "' and Emp_Password='" + Password + "'"; 
      SqlCommand mycomm2 = new SqlCommand(cmd1, con2); 
      con2.Open(); 
      Object Blocked = mycomm2.ExecuteScalar(); 
      con2.Close(); 
      if (Blocked != null) 
      { 
       if (Blocked.ToString() == "") 
       { 
        Response.Redirect("~/Transactions.aspx"); 
       } 
       else 
       { 
        lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts"; 
       } 
      } 

      else 
      { 
       _failedAttempts++; 
       //lblError.Text = ("Fail. " + (3 - _failedAttempts)); 

       if (_failedAttempts == 3) 
       { 
        SqlConnection con1 = new SqlConnection(connstring); 
        SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1); 
        mycomm1.CommandType = CommandType.StoredProcedure; 
        con1.Open(); 
        mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes"; 
        mycomm1.ExecuteNonQuery(); 
        con1.Close(); 
        lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts"; 
       } 


      }

可以任意说什么错在上面的代码或如何做到这一点....?

来源

2012-02-21 Dotnet ReSource

+0

不是最好的解决办法...ü可能需要实现高速缓存,而不是这个...... – Madhu 2012-02-21 10:32:31

+0

您的代码具有SQL注入漏洞:string cmd1 =“select emp_IsBlocked from dbo.PTS_Employee where Emp_Username ='”+ EmployeeName +“'and Emp_Password ='”+ Password +“'”;。你是否附加了调试器来查看你的代码中发生了什么?我没有在代码中看到任何#login尝试的保存。 – Peter 2012-02-21 10:35:54

回答

1

替换您的

 else 
     { 
      _failedAttempts++; 
      //lblError.Text = ("Fail. " + (3 - _failedAttempts)); 

      if (_failedAttempts == 3) 
      { 
       SqlConnection con1 = new SqlConnection(connstring); 
       SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1); 
       mycomm1.CommandType = CommandType.StoredProcedure; 
       con1.Open(); 
       mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes"; 
       mycomm1.ExecuteNonQuery(); 
       con1.Close(); 
       lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts"; 
      } 


     }

else语句,这和使用数据库尝试

 else 
     { 
      object FailedLoginCounter = this.Page.Cache["UserKey_" + this.txtPwd.Text]; 
      if (FailedLoginCounter == null) 
      { 
       FailedLoginCounter = 0; 
      } 
      this.Page.Cache["UserKey_" + this.txtPwd.Text] = (int)FailedLoginCounter + 1; 
      if (((int)this.Page.Cache["UserKey_" + this.txtPwd.Text]) == 3) 
      { 
       SqlConnection con1 = new SqlConnection(connstring); 
       SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1); 
       mycomm1.CommandType = CommandType.StoredProcedure; 
       con1.Open(); 
       mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes"; 
       mycomm1.ExecuteNonQuery(); 
       con1.Close(); 
       lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts"; 
      } 
     }

来源

2012-02-21 11:24:16 SoftwareNerd

+0

ohk让我试试这个.... – 2012-02-21 11:24:58

+0

它的工作....非常感谢.. – 2012-02-21 11:26:29

相关问题

 相关问题