如何阻止用户创建多个密码 [英] How to stop users from creating more than one password

问题描述

您好，我是C#和asp.net的初学者，我为我的网站创建了一个登录页面，该页面允许用户输入用户名和密码来获得访问权限，还有一种方法可以创建一个新用户他们在页面上填写的信息并将其上传到MySql数据库表(用户)，问题是这允许用户创建多个人，我该如何阻止这种情况的发生，用户名对于每个人都是唯一的，因此他们一种我可以限制用户自己创建多个帐户/密码的方式

任何帮助将不胜感激，谢谢
Wes

Hi, im a beginner programmer in C# and asp.net, ive created a login page for my site which allows the user to enter their username and password to gain access, there is also a method to create a new user this takes the information they fill in on the page and uploads it to a MySql database table (users) problem is this allows the user to create more than one person, how can i stop this from happening, the usernames are unique to every person so is their a way in which i can restrict a user from creating more than one account/password for themselves

any help would be appreciated thanks
Wes

推荐答案

实际上，您不能阻止用户创建多个帐户，也可以检查唯一的电子邮件帐户，但也可以绕开该帐户.

您可以尝试存储客户端cookie等.

Realistically you can''t stop users creating multiple accounts, you can check for a unique email account also but that can be circumvented also.

You could try storing client side cookies etc.

否.

基本上，限制人们创建袜子p"帐户的唯一方法是要求他们提供完全对他们而言唯一的信息.而且什么都没有. IP地址是由ISP分配的(在许多情况下，可以通过重置ADSL调制解调器来更改)，并且可以非常非常轻松地创建电子邮件地址.这些年来，我已经获得了十几个邮件，而且还有10分钟的邮件之类的地方，它们提供简短的，时间有限的电子邮件地址.

您无法阻止它，直到我们获得适用于人们的唯一身份代码-这在不久的将来不太可能发生.我只想发送一封电子邮件-确认码-完整的注册系统.它不是完美的，但是它淘汰了其中的一些.

好，但是，这些用户获得的会员编号是他们首次登录时必须使用的会员编号，他们为自己创建了密码，但是现在没有任何阻止他们第二次创建另一个密码的功能，说他们尝试创建第二个密码，有没有办法我可以运行查询以检查数据库中是否存在会员编号的现有帐户，并且是否存在限制他们继续第二个密码创建的方式?"

是的-您将在您的会员数据库中存储一个标志，指示注册已完成".您可以在他们登录时进行检查(如果未设置，则告诉他们先完成此操作，通常是通过跟踪通过电子邮件发送给他们的链接进行操作-清除伪造的电子邮件地址boyos)以及完成注册时(如果set告诉他们，已经完成，并且要使用他们第一次设置的密码-清除由其他人覆盖的密码.)

No.

Basically, the only way to restrict people from creating "sock puppet" accounts is to require them to supply information which it totally unique to them. And there isn''t anything. IP addresses are assigned by an ISP (and in many cases can be changed by resetting your ADSL modem), and Email addresses can be created very, very easily. I have a dozen or so I have had to acquire over the years, and there are places like 10 minute mail which provide brief, time limited email addresses.

You can''t prevent it, until we get a Unique Identity Code for people - which is not likely to happen in the near future. I would just go with an email - confirmation code - complete registration system. It''s not perfect, but it weeds out some of them.

"okay but thing is these users get given a membership number that they have to use to login with on their first time logging in they create a password for themselves but now there nothing stopping them from creating another password the second time around, say they try create a second password is there a way that i can run a query to check my database for an existing account with there membership number in and if there is it restricts them from proceeding with the second password creation?"

Yes - you would store a flag in your membership database which indicates "registration completed". You check this when they log in (and if not set tell them to complete it first, normally by following a link that was emailed to them - weeds out the fake email address boyos) and when you complete registration (and if set tells them they have already completed, and to use the password they set the first time - weeds out the password overwrite by a different person).

这篇关于如何阻止用户创建多个密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！