存储过程仅对tblUsers中的第一个用户进行身份验证

时间:2015-06-29 16:07:34

标签: sql-server validation stored-procedures login

我有一个存储过程,用于在登录页面上对用户进行身份验证.proc首先检查表中是否存在电子邮件,如果它不存在,它会发出

  Select 0 as EmailExists

如果电子邮件存在,它继续检查密码是否正确等等。我的整个过程如下所示。问题是验证tblUsers中的第一个用户并将所有其他用户的EmailExists显示为0.为什么?

Alter proc spValidateUser
    @EmailAdd nvarchar(20),
    @Password nvarchar(20)
as
begin
    Set Nocount on;
    Declare @EmailExists bit,@UserId nvarchar(10),@LastLogin datetime,@RoleId int,@AccountLocked bit,@RetryCount int
    if exists(Select 1 from tblAllUsers where EmailAdd=@EmailAdd)
    begin
        Select @AccountLocked=IsLocked from tblAllUsers where EmailAdd=@EmailAdd
        ----if account is already locked------
        if(@AccountLocked = 1)
        begin
            Select 1 as AccountLocked,0 as Authenticated,0 as RetryAttempts,1 as EmailExists
        end
        else
        begin
            -----check if username and password match-----
            Select @UserId = UserId, @LastLogin=LastLogin, @RoleId=RoleId
            from tblAllUsers where EmailAdd=@EmailAdd and Password=@Password
            ----if match found--------
            If @UserId is not null
            Begin
                Update tblAllUsers
                SET LastLogin= GETDATE(),RetryAttempts=0 WHERE UserId=@UserId
                Select @UserId [UserId],
                (Select Role from tblRoles 
                  where RoleId=@RoleId) 
                 [Roles],0 as AccountLocked,1 as Authenticated,0 as RetryAttempts,1 as EmailExists
            End
            Else
            ------if match not found--------
            Begin
                Select @RetryCount=ISNULL(RetryAttempts,0) from tblAllUsers where EmailAdd=@EmailAdd
                Set @RetryCount=@RetryCount+1
                if(@RetryCount<=3)
                Begin
                    ----if retry attempts are not completed------
                    Update tblAllUsers Set RetryAttempts=@RetryCount where EmailAdd=@EmailAdd

                    Select 0 as AccountLocked,0 as Authenticated,@RetryCount as RetryAttempts,1 as EmailExists
                End
                Else
                Begin
                    ------if retry attempts are completed--------
                    Update tblAllUsers Set RetryAttempts=@RetryCount,IsLocked=1,LockedDateTime=GETDATE()
                    where EmailAdd=@EmailAdd

                    Select 1 as AccountLocked,0 as Authenticated,0 as RetryAttempts,1 as EmailExists
                End
            End
        End
    end
    Else
    begin
        Select 0 as EmailExists
    end
end

1 个答案:

答案 0 :(得分:2)

我可以看到EmailExists的唯一方法是为每个电子邮件地址显示0,如果此语句的评估结果为false。这意味着,输入的电子邮件地址在tblAllUsers中不存在。

if exists(Select 1 from tblAllUsers where EmailAdd=@EmailAdd)
begin
    ...
Else
   Select 0 as EmailExists
End

如果您认为不是这种情况,请发布您遇到问题的电子邮件地址的一些表格数据。

相关问题
最新问题