存储UserId以及数据库中登录尝试失败的时间 [英] Store UserId and when the login attempt failed in the database

问题描述

有没有人可以告诉我三次登录尝试失败的程序？如果非用户尝试使用用户名和错误密码登录，或者反之，系统将锁定该帐户。我没有使用会员资格。谢谢！



这是我的登录代码：

Is there any one that can show me the procedure on the three time login attempts failed? If a non user tries to login using a username and incorrect password or vice verse, the system will lock the account. I am not using memberships. Thanks!

Here is the Login Code I have:

protected void Page_Load(object sender, EventArgs e)
    {
        TextBoxEA.Focus();

        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Table22 where EmailAddress='" + TextBoxEA.Text + "'";
            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select UserID, EAddress1 from Table22", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 0)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist You Must Fill Out Registration First');", true);
                TextBoxEA.Text = string.Empty;
            }
            else if (temp == 1)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName / Password');", true);   
            }
        }
    }

protected void Button1_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
        con.Open();

        if (true)
        {
            SqlCommand level = new SqlCommand("select Level, Password, UserID from Table22 where EAddress1 = @EAddress1 AND Password = @Password", con);
            level.Parameters.Add(new SqlParameter("EAddress1", TextBoxEA.Text));
            level.Parameters.Add(new SqlParameter("Password", TextBoxPW.Text));

            SqlDataReader reader = level.ExecuteReader();
            DataTable dt1 = new DataTable();
            dt1.Load(reader);

            foreach (DataRow dr1 in dt1.Rows)
            {
                int returnedLevel = Convert.ToInt32(dr1[0].ToString());
                int inst_id = Convert.ToInt32(dr1[2].ToString());
                Session["userID"] = userID;

                if (returnedLevel == 1)
                {
                    Response.Redirect("FormA.aspx");
                }
                else if (returnedLevel == 2)
                {
                    Response.Redirect("FormC.aspx");
                }
                else if (returnedLevel == 3)
                {
                    Response.Redirect("FormD.aspx");
                }
                else if (returnedLevel == 7)
                {
                    Response.Redirect("CEO.aspx");
                }
                else if (returnedLevel == 8)
                {
                    Response.Redirect("DLCBPage.aspx");
                }
                else if (returnedLevel == 11)
                {
                    Response.Redirect("FormABC.aspx");
                }
                else if (returnedLevel == 21)
                {
                    Response.Redirect("FormCDEF.aspx");
                }
                else if (returnedLevel == 31)
                {
                    Response.Redirect("FormDGB.aspx");
                }
                else if (returnedLevel == 0)
                {
                    Response.Redirect("FormSED.aspx");
                }

推荐答案

你可以检查只有当用户在您的系统中注册时才会尝试登录。



我记住您已经编写了用于检查用户登录的存储过程。

在数据库表中添加新列，用于存储用户的尝试。

如果输入了错误的用户名或密码，则在select语句后使用update语句修改存储过程。

you can check the login attempts only when the user is registered with your system.

I keep in mind that you have written the Stored procedure for checking the user login.
add new column in database table which stores the attempt of the user.
modify store procedure with the update statement after the select statement if it has entered wrong username or password.

我向您展示了您可以实施的步骤。



1.在page_load中将您的会话['counter']设置为0

I am showing you steps that you can implement.

1. set your session['counter'] to 0 at page_load

session['counter'] = 0;

2.首先验证用户密码是否正确使用此查询

2. First verify user password is correct or not using this query

string sql = "SELECT COUNT(*) FROM UserMaster WHERE UserName = '" + strUserName +"' AND Password='" + strPassword + "'";
int retValue = executeQuery(sql);

3 。如果返回值为0，则将计数器递增1

3. If return value is 0 then increment your counter by 1

session['counter'] =  Convert.ToInt32(session['counter']) + 1;

4. check session ['counter']值大于或等于3然后将用户锁定。

4. check session['counter'] value is grater than or equal to 3 then make user as locked.

if (Convert.ToInt32(session['counter']) >= 3) {
    string sql = "UPDATE UserMaster SET isLocked = true WHERE UserName = '" + strUserName +"'";
    executeQuery(sql);
    //show alert message You have been locked.
}

这是你必须更正代码的算法。

this is algorithm you have to correct the code.

这篇关于存储UserId以及数据库中登录尝试失败的时间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！