我有一个VB.Net应用程序,它有一个登录页面。我正在尝试失败的登录尝试计数器。该应用程序使用SQL数据库,表中的一个字段称为“LoginAttemptCount”。该字段应该记录每次失败的尝试1,2,3 ...最后一次是9.现在每次失败的尝试达到3,我希望该特定用户被阻止5分钟。 5分钟后,我将允许用户再次重试3次,应用程序继续以相同的模式工作,直到达到9。 我的问题是,用户未能登录3次并且被阻止5分钟后会发生什么。如果应用程序仍在运行,则下一次失败尝试将显示4,5,6 ...但是,如果用户关闭应用程序,再次打开它并尝试登录尝试计数器重置并记录1而不是4.所以我的问题是如何使用用户名作为参考读取已保存在数据库中的最后一次尝试计数,该计数应为最高编号(根据我的示例为3)。我想读取最后记录的尝试次数,即3,这样第四次用户登录失败时,即使关闭并重新打开应用程序,数据库也应该从头开始记录4而不是1。 “LoginAttemptCount”字段的数据来自我编写的代码,而不是来自文本框。请不要问我为什么我决定3是最大的尝试,因为这不是这个问题的重点。 任何帮助将不胜感激。
If Timer1.Enabled = True Then
MsgBox("Your account has been temporarily blocked! Please try again after " & lblcountdown.Text & " minutes.")
Else
MessageBox.Show("Invalid Username or Password! Please try again. Attempt " & Attempt & " of 9")
Attempt = Attempt + 1
Dim FailedUsername As String = txtUsername.Text
Dim LoginAttemptCount As String = Attempt + (-1)
Dim LoginLastDateTimeAttempt As String = Format(Date.Now, "MMMM dd, yyyy - h:mm:ss tt").ToString
Dim PasswordRetryAfter As String = TimeOfDay.AddMinutes(0.3) 'Date.Now.AddMinutes(5) '5 = 5 minutes
Dim IP_Address As String = "IP_Address"
Fir_FailedLogin.First_FailedLoginAttempt(FailedUsername, LoginAttemptCount, LoginLastDateTimeAttempt, _
PasswordRetryAfter, IP_Address)
'Sec_FailedLogin.Second_FailedLoginAttempt(FailedUsername, LoginAttemptCount, LoginLastDateTimeAttempt, _
' PasswordRetryAfter, IP_Address)
If Attempt = 4 Then
MsgBox("Hello " & FailedUsername & ", your Login attempt failed. " & Environment.NewLine _
& Environment.NewLine & " Your account is temporarily blocked. " & Environment.NewLine _
& Environment.NewLine & " Please try again after 5 minutes")
txtUsername.ReadOnly = True
txtPassword.ReadOnly = True
'Timer2.Start()
'lblClock.Text = TimeOfDay
Timer1.Enabled = True
lbltimer.Text = "30" 'Timer Max
lblcountdown.Text = "20" 'Count Down Max
lbltimer.Visible = False 'False turns off the visibility of the lbltimer.
Attempt = 4
ElseIf Attempt = 7 Then
MsgBox("Hello " & FailedUsername & ", your Login attempt failed. " & Environment.NewLine _
& Environment.NewLine & " Your account is temporarily blocked. " & Environment.NewLine _
& Environment.NewLine & " Please try again after 5 minutes")
txtUsername.ReadOnly = True
txtPassword.ReadOnly = True
'Timer2.Start()
'lblClock.Text = TimeOfDay
Timer1.Enabled = True
lbltimer.Text = "30" 'Timer Max
lblcountdown.Text = "20" 'Count Down Max
lbltimer.Visible = False 'False turns off the visibility of the lbltimer.
Attempt = 7
ElseIf Attempt = 10 Then
MsgBox("Hello " & FailedUsername & ", your Login attempt failed. " & Environment.NewLine _
& Environment.NewLine & " Your account is temporarily blocked. " & Environment.NewLine _
& Environment.NewLine & " Please try again after 5 minutes")
txtUsername.ReadOnly = True
txtPassword.ReadOnly = True
'Timer2.Start()
'lblClock.Text = TimeOfDay
Timer1.Enabled = True
lbltimer.Text = "30" 'Timer Max
lblcountdown.Text = "20" 'Count Down Max
lbltimer.Visible = False 'False turns off the visibility of the lbltimer.
'When the maximum attempt is reached reset the attempt to "Attempt = 1"
Attempt = 1
End If
End If
答案 0 :(得分:0)
好的,我认为您必须重新考虑登录过程。 我建议的第一件事是向users表添加一个datetime列,该列将保存上次尝试失败的日志的日期和时间。然后,当用户尝试登录时,您需要在login where子句中添加一个条件来测试LoginAttemptCount是否为0或者是3的倍数(如果是,则验证比上次登录尝试至少5分钟前)。 此外,您需要在每次成功登录时将LoginAttemptCount重置为0。 所有这些逻辑都可以由登录存储过程处理,因此程序的状态与登录尝试机制无关。
顺便说一下,第9次登录失败后会发生什么?