登录限制尝试不适用于 servlet
Login limit attempt not working with servlet
如果用户在 3 次尝试后 登录失败,我将阻止他登录我的系统。
我为每个用户设置了一个 "attemp" 列,默认 int 值为“3”,我试图在每次尝试后递减它直到它变为 0。这里的问题是我的方法没有更新 table. 上的值 可能有什么问题?请帮忙。
这是我的 sql table:
CREATE TABLE user (
id bigint identity NOT NULL,
username varchar(50) NOT NULL,
password varchar(50) NOT NULL,
attempts int DEFAULT 3,
state varchar(50) DEFAULT 'Active',
PRIMARY KEY (id)
);
这是 登录 servlet:
public class LoginCheck extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
/**
* verifies is the values are the same on the inputs
* creates session and redirects accordingly to answer
* blocks access after 3 failed attempts
*/
if(CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
HttpSession session = request.getSession();
session.setAttribute("username", username);
RequestDispatcher rs = request.getRequestDispatcher("profile.jsp");
rs.forward(request, response);
} else if(CheckUser.Validation(username, password) && BlockUser.SelectState(username)) {
String blocked = "This user is blocked";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
return;
}
else if (!CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
//Here is where I call the method and try to decrement the number of attempts accordingly to the user that has been attempting
BlockUser.Attempts(username);
String error = "Wrong user or password. Try again.";
request.setAttribute("error", error);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
else {
String state = "Inactive";
BlockUser.Block(state, username);
String blocked = "Exceeded max attempts. Account is now blocked.";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
}
下面是 class 的方法来减少值:
public class BlockUser {
private static Connection con = null;
private static PreparedStatement ps = null;
private static ResultSet rs = null;
public static void Attempts(String username) {
try
{con = DBConnectionManager.getConnection();
if (con == null){
System.out.println("Conexão falhada");
}else{
PreparedStatement sel = con.prepareStatement(
"SELECT * FROM user WHERE username = ? AND attempts = ?");
sel.setString(1,username);
if(rs.next()) {
rs.getInt("attempts");
while(rs.getInt("attempts") != 0) {
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = attempts - 1 WHERE username = ?");
ps.setString(1,username);
ps.executeUpdate();
ps.close();
}}
sel.close();
}
}
catch (Exception e) {
e.printStackTrace(System.out);
}
}
没有测试但试试看:
while(rs.getInt("attempts") != 0) {
int value = 1;
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = attempts - ? WHERE username = ?");
ps.setInt(1, value);
ps.setString(2, username);
....
}
首先,您的 Attempts(String username) 中的 select 查询是错误的,您已经为 attempts = ? 传递了 ?,但从未在其中提供任何值。那么您没有得到尝试中的任何值并直接更新它。相反,您的代码应如下所示:
public static String Attempts(String username) {
//your other codes i.e : connection code here
//..
String message = "";
int value;
PreparedStatement sel = con.prepareStatement(
"SELECT * FROM user WHERE username = ? ");
sel.setString(1, username);
ResultSet rs = sel.executeQuery();
if (rs.next()) {
value = rs.getInt("attempts"); //getting attempt in some varibale i.e : value
}
//checking if value is not equal to 0
if (value != 0) {
//subtract 1
int subtracts = value - 1;
//updatting
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = ? WHERE username = ?");
ps.setInt(1,subtracts);
ps.setString(2, username);
int count = ps.executeUpdate();
if (count > 0) {
message = "Updated";
}
} else {
message = "Already 0";
//already 0 do something
}
ps.close();
return message; //return back
}
并且在 servlet 中执行以下操作:
String message = BlockUser.Attempts(username);
//if the value if updated
if(message.equals("Updated")){
//do something
}else{
//already use all attempts block
}
如果用户在 3 次尝试后 登录失败,我将阻止他登录我的系统。
我为每个用户设置了一个 "attemp" 列,默认 int 值为“3”,我试图在每次尝试后递减它直到它变为 0。这里的问题是我的方法没有更新 table. 上的值 可能有什么问题?请帮忙。
这是我的 sql table:
CREATE TABLE user (
id bigint identity NOT NULL,
username varchar(50) NOT NULL,
password varchar(50) NOT NULL,
attempts int DEFAULT 3,
state varchar(50) DEFAULT 'Active',
PRIMARY KEY (id)
);
这是 登录 servlet:
public class LoginCheck extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
/**
* verifies is the values are the same on the inputs
* creates session and redirects accordingly to answer
* blocks access after 3 failed attempts
*/
if(CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
HttpSession session = request.getSession();
session.setAttribute("username", username);
RequestDispatcher rs = request.getRequestDispatcher("profile.jsp");
rs.forward(request, response);
} else if(CheckUser.Validation(username, password) && BlockUser.SelectState(username)) {
String blocked = "This user is blocked";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
return;
}
else if (!CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
//Here is where I call the method and try to decrement the number of attempts accordingly to the user that has been attempting
BlockUser.Attempts(username);
String error = "Wrong user or password. Try again.";
request.setAttribute("error", error);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
else {
String state = "Inactive";
BlockUser.Block(state, username);
String blocked = "Exceeded max attempts. Account is now blocked.";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
}
下面是 class 的方法来减少值:
public class BlockUser {
private static Connection con = null;
private static PreparedStatement ps = null;
private static ResultSet rs = null;
public static void Attempts(String username) {
try
{con = DBConnectionManager.getConnection();
if (con == null){
System.out.println("Conexão falhada");
}else{
PreparedStatement sel = con.prepareStatement(
"SELECT * FROM user WHERE username = ? AND attempts = ?");
sel.setString(1,username);
if(rs.next()) {
rs.getInt("attempts");
while(rs.getInt("attempts") != 0) {
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = attempts - 1 WHERE username = ?");
ps.setString(1,username);
ps.executeUpdate();
ps.close();
}}
sel.close();
}
}
catch (Exception e) {
e.printStackTrace(System.out);
}
}
没有测试但试试看:
while(rs.getInt("attempts") != 0) {
int value = 1;
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = attempts - ? WHERE username = ?");
ps.setInt(1, value);
ps.setString(2, username);
....
}
首先,您的 Attempts(String username) 中的 select 查询是错误的,您已经为 attempts = ? 传递了 ?,但从未在其中提供任何值。那么您没有得到尝试中的任何值并直接更新它。相反,您的代码应如下所示:
public static String Attempts(String username) {
//your other codes i.e : connection code here
//..
String message = "";
int value;
PreparedStatement sel = con.prepareStatement(
"SELECT * FROM user WHERE username = ? ");
sel.setString(1, username);
ResultSet rs = sel.executeQuery();
if (rs.next()) {
value = rs.getInt("attempts"); //getting attempt in some varibale i.e : value
}
//checking if value is not equal to 0
if (value != 0) {
//subtract 1
int subtracts = value - 1;
//updatting
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = ? WHERE username = ?");
ps.setInt(1,subtracts);
ps.setString(2, username);
int count = ps.executeUpdate();
if (count > 0) {
message = "Updated";
}
} else {
message = "Already 0";
//already 0 do something
}
ps.close();
return message; //return back
}
并且在 servlet 中执行以下操作:
String message = BlockUser.Attempts(username);
//if the value if updated
if(message.equals("Updated")){
//do something
}else{
//already use all attempts block
}