记录一次代码的重构优化
同事离职了,接手了他的代码。。
有客户反馈登录密码错误后被锁定不会解锁,或者错误一次就被锁定(???)。
不多比比,直接代码看看
//登陆失败次数
int FailedCount = 0;
if (null == Request.Cookies["FailedError"])
{
HttpCookie failedCountCookie = new HttpCookie("FailedError");
failedCountCookie["LoginCount"] = "0";
failedCountCookie["LastLoginDate"] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
failedCountCookie.Expires = DateTime.Now.AddHours(1);
Response.Cookies.Add(failedCountCookie);
}
else
{
FailedCount = Convert.ToInt32(Request.Cookies["FailedError"]["LoginCount"]);
}
//如果当前时间与用户最后一次登陆时间差超过30分钟,则登陆失败次数自动清为0
if (Request.Cookies["FailedError"] != null)
{
DateTime lastLoginDate = Convert.ToDateTime(Request.Cookies["FailedError"]["LastLoginDate"]);
if (DateTime.Now.Subtract(lastLoginDate).Minutes > 30)
{
FailedCount = 0;
}
}
//如果登陆次数超过5次,则锁定。等待1小时后才能登陆
if (FailedCount > 4)
{
this.lblMsg.Text = "对不起,账号已经被锁定,请等待30分钟后重试.";
}
else
{
this.lblMsg.Text = "";
bool flag = false;
string USERNAME = this.txtUSERNAME.Text;
string PASSWORD = this.txtPASSWORD.Text;
string ip = Request.UserHostAddress;
string logmsg = "【" + USERNAME + "】于 " + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + " 登陆本系统, IP地址: " + Request.UserHostAddress + ", 登陆结果:";
if (this.txtBox.Text.ToLower() == Session["checkcode"].ToString())
{
try
{
flag = bll.Exists(USERNAME);
if (flag)
{
//PASSWORD = MethodHelper.EncrypToHashValue(PASSWORD);
flag = bll.Exists(USERNAME, MethodHelper.EncrypToHashValue(PASSWORD));
if (flag)
{
logmsg += "成功";
Maticsoft.Model.USERS model = bll.GetModel(USERNAME);
if (model.LOGINIP == Request.UserHostAddress || (DateTime.Now - model.LOGINDATE).TotalSeconds > 1800)
{
Session["checkcode"] = null;//验证码使用后马上从服务器销毁
model.LOGINIP = Request.UserHostAddress;
model.LOGINDATE = DateTime.Now;
model.LOGINERRORCOUNT = 0;
bll.UpdateLoginInfo(model);
//LoginHelper.SetUser(model);
}
else
{
flag = false;
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户已在其他地方登录。";
Session["checkcode"] = null;//验证码使用后马上从服务器销毁
}
}
else
{
FailedCount++;
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户名与密码不正确。";
Session["checkcode"] = null;//验证码使用后马上从服务器销毁
logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text;
}
}
else
{
FailedCount++;
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户名不正确。";
Session["checkcode"] = null;//验证码使用后马上从服务器销毁
logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text;
}
}
catch (Exception ex)
{
FailedCount++;
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆异常: " + ex.Message;
logmsg += "失败。异常信息: " + ex.Message;
//Response.Redirect("~/login.aspx");
}
finally
{
Maticsoft.BLL.LOGGER.Add(USERNAME, logmsg);
}
}
else if (Session["checkcode"] == null)
{
lblMsg.Text = "<img src='images/stop.png' class='img'/> 验证码已过期,请重新输入。";
return;
}
else
{
Session["checkcode"] = null;//验证码使用后马上从服务器销毁
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:验证码不通过。";
return;
}
if (flag)
{
Response.Redirect("~/desk.aspx");
}
else
{
//更新登陆失败次数
HttpCookie failedCountCookie = Request.Cookies["FailedError"];
failedCountCookie["LoginCount"] = FailedCount.ToString();
failedCountCookie["LastLoginDate"] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
Response.Cookies.Add(failedCountCookie);
}
}
额,看到代码的第一眼是有点崩溃的,这诡异的逻辑,还有这嵌套的ifelse,很难不让人气压飙升,得,我也懒得修了,直接重构一下得了。
基本的逻辑很简单,先判断下验证码能不能用,在判断下用户是否允许登录(是否被锁定、锁定用户是否达到解锁条件)就完事了
if (Session["checkcode"] == null)
{
lblMsg.Text = "<img src='images/stop.png' class='img'/> 验证码已过期,请重新获取。";
return;
}
if (txtBox.Text.ToLower() != Session["checkcode"].ToString())
{
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:验证码不通过。";
return;
}
Session["checkcode"] = null;//验证码使用后马上从服务器销毁
string USERNAME = txtUSERNAME.Text;
string PASSWORD = txtPASSWORD.Text;
UserService service = new UserService();
UserRequest userRequest = new UserRequest();
userRequest.UserName = USERNAME;
var result = service.GetUser(userRequest);
string logmsg = "【" + USERNAME + "】于 " + DateTime.Now.ToStrin("yyyy-MM-dd HH:mm:ss") + " 登陆本系统, IP地址: " + RequestUserHostAddress + ", 登陆结果:";
if (result.Count() == 0)
{
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户名不正确。";
logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text;
return;
}
var user = result.First();
// 用户锁定,并且锁定时间未结束
if (user.LOGINERRORCOUNT >= 5 && (user.LOGINDATE.Value - DateTime.Now)TotalSeconds > 0)
{
lblMsg.Text = string.Format("<img src='images/stop.png' class='img'/> 登陆失败:用户名已锁定。剩余时间:{0}s", (int)(user.LOGINDATE.Value - DateTime.Now).TotalSeconds);
return;
}
if (user.PASSWORD != MethodHelper.EncrypToHashValue(PASSWORD))
{
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:密码不正确。";
logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text;
user.LOGINERRORCOUNT += 1;
if (user.LOGINERRORCOUNT == 5)
user.LOGINDATE = DateTime.Now.AddHours(1);
service.UpdateErrorCount(user);
return;
}
if (string.IsNullOrEmpty(user.LOGINIP) ||
(user.LOGINIP.Trim() == Request.UserHostAddress || (DateTime.Now - user.LOGINDATE.Value).TotalSeconds > 1800))
{
user.LOGINIP = Request.UserHostAddress;
user.LOGINDATE = DateTime.Now;
user.LOGINERRORCOUNT = 0;
service.UpdateLoginInfo(user);
LoginHelper.SetUser(user);
}
else
{
lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户已在其他地方登录。";
return;
}
Response.Redirect("~/desk.aspx");