我正在尝试创建一个存储过程来验证用户(登录),除了用户输入未注册的电子邮件之外,一切正常。您看到我已经处理了该异常,其中如果表中的电子邮件地址计数为0,则应该给出:
Select 0 as AccountLocked,0 as Authenticated,0 as RetryAttempts,0 as Registered
如果它不是0,它将执行下一步。问题是当输入一个未注册的电子邮件时,它会返回两组结果,如下所示:
Select 0 as AccountLocked,0 as Authenticated,0 as RetryAttempts,0 as Registered
和
Select 1 as AccountLocked,0 as Authenticated,0 as RetryAttempts,1 as Registered
完整的过程可供参考。我在这里缺少什么?为什么它给了我第二个结果,我不想要?
Alter proc spValidateUser
@EmailAdd nvarchar(30),
@Password nvarchar(20)
as
begin
Set Nocount on;
Declare @UserId nvarchar(10),@LastLogin datetime,@RoleId int,@AccountLocked bit,@RetryCount int,@Count int
Select @Count=Count(EmailAdd) from tblAllUsers
where EmailAdd=@EmailAdd
if(@Count = 0) begin
Select 0 as AccountLocked,0 as Authenticated,0 as RetryAttempts,0 as Registered
end else
Select @AccountLocked=IsLocked from tblAllUsers where EmailAdd=@EmailAdd
----if account is already locked------
if(@AccountLocked = 1) begin
Select 1 as AccountLocked,0 as Authenticated,0 as RetryAttempts,1 as Registered
end else begin
-----check if username and password match-----
Select @UserId = UserId, @LastLogin=LastLogin, @RoleId=RoleId
from tblAllUsers where EmailAdd=@EmailAdd and Password=@Password
----if match found--------
If @UserId is not null Begin
Update tblAllUsers
SET LastLogin= GETDATE(),RetryAttempts=0 WHERE UserId=@UserId
Select @UserId [UserId],
(Select Role from tblRoles where RoleId=@RoleId) [Roles],0 as AccountLocked,1 as Authenticated,0 as RetryAttempts,1 as Registered
End Else Begin
------if match not found--------
Select @RetryCount=ISNULL(RetryAttempts,0) from tblAllUsers where EmailAdd=@EmailAdd
Set @RetryCount=@RetryCount+1
if(@RetryCount<=3) Begin
----if retry attempts are not completed------
Update tblAllUsers Set RetryAttempts=@RetryCount where EmailAdd=@EmailAdd
Select 0 as AccountLocked,0 as Authenticated,@RetryCount as RetryAttempts,1 as Registered
End Else Begin
------if retry attempts are completed--------
Update tblAllUsers Set RetryAttempts=@RetryCount,IsLocked=1,LockedDateTime=GETDATE()
where EmailAdd=@EmailAdd
Select 1 as AccountLocked,0 as Authenticated,0 as RetryAttempts,1 as Registered
End
End
End
End
编辑:看起来它也在执行以下代码:
Begin
------if retry attempts are completed--------
Update tblAllUsers Set RetryAttempts=@RetryCount,IsLocked=1,LockedDateTime=GETDATE()
where EmailAdd=@EmailAdd
Select 1 as AccountLocked,0 as Authenticated,0 as RetryAttempts,1 as Registered
End
但为什么在电子邮件不匹配时执行上述操作?
答案 0 :(得分:0)
我会改变你的程序逻辑,如下所示
if exists(Select 1 from tblAllUsers where EmailAdd=@EmailAdd)
Select 0 as AccountLocked,0 as
Authenticated,0 as RetryAttempts,0 as Registered
else
Select 1 as AccountLocked,0 as Authenticated,
0 as RetryAttempts,1 as Registered
答案 1 :(得分:0)
你遇到的问题是:
Select @Count=Count(EmailAdd) from tblAllUsers
where EmailAdd=@EmailAdd
现在@count将为零,如果出现以下情况,您将在以下方式中返回0作为AccountLocked:
if(@Count = 0) begin
Select 0 as AccountLocked,0 as Authenticated,0 as Retry...
end else
Select @AccountLocked=IsLocked from tblAllUsers where EmailAdd=@EmailAdd
这就是其他,这里没有开始+结束块。
在这里,您将检查帐户是否已锁定,但由于未找到@AccountLocked仍然为空
----if account is already locked------
if(@AccountLocked = 1) begin
Select 1 as AccountLocked,0 as Authenticated,0 as Retry...
end else begin
现在你在这里检查密码,即使用户甚至找不到,所以这永远找不到任何东西:
-----check if username and password match-----
Select @UserId = UserId, @LastLogin=LastLogin, @RoleId=RoleId
from tblAllUsers where EmailAdd=@EmailAdd and Password=@Password
----if match found--------
If @UserId is not null Begin
....
然后第二个结果集来自这里:
End Else Begin
------if match not found--------