我必须限制用户的登录尝试....如果用户超过数据库“IsBlocked”列中的登录尝试,则更新插入“是”
我正在处理代码......我不知道我的代码中的错误是什么我不能尝试失败的尝试.....这里是我正在处理的代码
SqlConnection con2 = new SqlConnection(connstring);
string cmd1 = "select Emp_IsBlocked from dbo.PTS_Employee where Emp_Username='" + EmployeeName + "' and Emp_Password='" + Password + "'";
SqlCommand mycomm2 = new SqlCommand(cmd1, con2);
con2.Open();
Object Blocked = mycomm2.ExecuteScalar();
con2.Close();
if (Blocked != null)
{
if (Blocked.ToString() == "")
{
Response.Redirect("~/Transactions.aspx");
}
else
{
lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
}
}
else
{
_failedAttempts++;
//lblError.Text = ("Fail. " + (3 - _failedAttempts));
if (_failedAttempts == 3)
{
SqlConnection con1 = new SqlConnection(connstring);
SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
mycomm1.CommandType = CommandType.StoredProcedure;
con1.Open();
mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
mycomm1.ExecuteNonQuery();
con1.Close();
lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
}
}
可以说上面的代码中有什么错误或怎么做....?
答案 0 :(得分:1)
替换
的else语句 else
{
_failedAttempts++;
//lblError.Text = ("Fail. " + (3 - _failedAttempts));
if (_failedAttempts == 3)
{
SqlConnection con1 = new SqlConnection(connstring);
SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
mycomm1.CommandType = CommandType.StoredProcedure;
con1.Open();
mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
mycomm1.ExecuteNonQuery();
con1.Close();
lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
}
}
用这个并尝试
else
{
object FailedLoginCounter = this.Page.Cache["UserKey_" + this.txtPwd.Text];
if (FailedLoginCounter == null)
{
FailedLoginCounter = 0;
}
this.Page.Cache["UserKey_" + this.txtPwd.Text] = (int)FailedLoginCounter + 1;
if (((int)this.Page.Cache["UserKey_" + this.txtPwd.Text]) == 3)
{
SqlConnection con1 = new SqlConnection(connstring);
SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
mycomm1.CommandType = CommandType.StoredProcedure;
con1.Open();
mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
mycomm1.ExecuteNonQuery();
con1.Close();
lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
}
}