paip.提升安全性---登录密码出错次数检测
paip.提升安全性---登录密码出错次数检测
前言
为了提升安全性,需要对登录时,密码出错次数进行检测,当达到一定次数时,如20次,禁止用户当日进行登录。。提示用户可通过取回密码功能,来重设密码
设计接口
public interface Iapts
//检测
void check(string Account);
//保存本次登录纪录..如果登录TRUE,则清零
void save(string Account, bool IsValid);
}
流程设计(伪码)
***check(username)
if (getTimes(username,today) >= getMaxTimes())
throw ("E1:今日登录连续错误次数超过" + getMaxTimes().ToString() + "次,请明日再试或者使用找回密码功能");
getTimes()
sql: select times from table where username=xxx and date=today
***************************88
//保存本次登录纪录..如果登录TRUE,则清零
public void save(string Account, bool IsLoginValid)
if (IsLoginValid)
clear(Account);
else
add(Account); // err times add 1
clear()
recorde=get(username,today)
rec.times=0;
add()
if (!exist(uname,doday))
new rec(username,times=1,date=today)
else
update time+1 where username and date=today
使用此接口
1. 登录时
Iapts apts = kaziApts.getIaptsImp();
//ati L97 add atipwdtimesSec
apts.check(Account);
L97
loginxxx,set tokeyn()
//ati L97 add atipwdtimesSec
apts.save(Account, IsValid);
L97
2.取回密码时
Iapts apts = atim.getbackpwdItfs.getapts();
//ati L96 apts add clear
if (apts != null)
apts.save(uname, true);
实现接口
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using Maticsoft;
using System.Data.SqlClient;
using System.Data;
/// <summary>
///iaptsimp 的摘要说明
/// </summary>
public class iaptsimp :Iapts
{
public iaptsimp()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
void add(string uname)
{
inidb();
if (!exist(uname))
{
Maticsoft.aptsBO o = new aptsBO();
o.uname = uname;
o.times = 1;
o.date = DateTime.Now;
o.Add();
return;
}
int id = getid(uname);
string strSql = "update apts set times=times+1 where uname=@u and id="+id.ToString();
SqlParameter[] parameters = {
new SqlParameter("@u", uname)};
MOLE.SQL.ExecuteSql(strSql.ToString(), parameters);
}
int getid(string uname)
{
string date = getNowDate();
string date1 = "'" + date + " 00:00:01'";
string date2 = "'" + date + " 23:59:59'";
string anddate = " and [date]>=" + date1 + " and [date]<=" + date2;
string strSql = "select * from apts where uname=@u" + anddate;
SqlParameter[] parameters = {
new SqlParameter("@u", uname)};
DataTable d = MOLE.SQL.GetDataTable(strSql.ToString(), parameters);
string idstr = d.Rows[0]["id"].ToString();
return Int32.Parse(idstr);
}
private bool exist(string uname)
{
string date = getNowDate();
string date1 = "'" + date + " 00:00:01'";
string date2 = "'" + date + " 23:59:59'";
string anddate = " and [date]>=" + date1 + " and [date]<=" + date2;
string strSql = "select * from apts where uname=@u" + anddate;
SqlParameter[] parameters = {
new SqlParameter("@u", uname)};
DataTable d = MOLE.SQL.GetDataTable(strSql.ToString(), parameters);
if (d.Rows.Count == 0)
return false;
else
return true;
}
string getNowDate()
{
DateTime dt = DateTime.Now;
string s = string.Format("{0:yyyy-MM-dd}", dt);
return s;
}
int getTimes(string uname)
{
inidb();
string date = getNowDate();
string date1 = "'"+date + " 00:00:01'";
string date2 = "'" + date + " 23:59:59'";
string anddate = " and [date]>=" + date1 + " and [date]<=" + date2;
string strSql = "select * from apts where uname=@u " + anddate;
SqlParameter[] parameters = {
new SqlParameter("@u", uname)};
DataTable d = MOLE.SQL.GetDataTable(strSql.ToString(), parameters);
if (d.Rows.Count == 0)
return 0;
string s = d.Rows[0]["times"].ToString();
return Int32.Parse(s);
}
int getMaxTimes()
{
return 3;
}
void inidb()
{
MOLE.SQL.connectionString = new SqlHelper().ConnStr;
Maticsoft.DBUtility.DbHelperSQL.connectionString = MOLE.SQL.connectionString;
}
void clear(string uname)
{
inidb();
int id = getid(uname);
string strSql = "update apts set times=0 where uname=@u and id=" + id.ToString();
SqlParameter[] parameters = {
new SqlParameter("@u", uname)};
MOLE.SQL.ExecuteSql(strSql.ToString(), parameters);
}
public void save(string Account, bool IsLoginValid)
{
if (IsLoginValid)
{
clear(Account);
}
else
{
add(Account); // err times add 1
}
}
public void check(string Account)
{
if (getTimes(Account) >= getMaxTimes())
throw new Exception("E1:今日登录连续错误次数超过" + getMaxTimes().ToString() + "次,请明日再试或者使用找回密码功能");
}
}