简单窗体登陆验证
连续登陆失败3次之后,账户锁定,15分钟之内不能登陆
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using System.Configuration; using System.Data.SqlClient; namespace LoginLockDemo { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void btnLogin_Click(object sender, EventArgs e) { //拿到连接字符串 string sql = ConfigurationManager.ConnectionStrings["SqlConn"].ConnectionString; //创建连接数据库 using (SqlConnection conn = new SqlConnection(sql)) { //创建sql命令 using (SqlCommand cmd = new SqlCommand()) { cmd.Connection = conn; conn.Open();//打开数据库
//cmd.CommandText = string.Format("select * from Lduser where name='{0}' and pwd='{1}'", txtName.Text.Trim(), txtPwd.Text.Trim());
//解决sql注入漏洞
cmd.CommandText ="select * from Lduser where name=@Username and pwd=@UserPwd";
cmd.Parameters.AddWithValue("@UserName", txtName.Text.Trim());
cmd.Parameters.AddWithValue("@UserPwd", txtPwd.Text.Trim());
User user = new User();
using (SqlDataReader reader = cmd.ExecuteReader()) { if (reader.Read())//如果能查询出来,再判断登陆次数和登陆时间 { user.LastErrorTime = DateTime.Parse(reader["LastErrorDateTime"] == DBNull.Value ? DateTime.MinValue.ToString() : reader["LastErrorDateTime"].ToString()); user.ErrorTimes = int.Parse(reader["ErrorTimes"] == DBNull.Value ? int.MinValue.ToString() : reader["ErrorTimes"].ToString()); TimeSpan span = (TimeSpan)(DateTime.Now - user.LastErrorTime); if (span.TotalMinutes > 15 || user.ErrorTimes < 3)//如果上次登陆失败时间和失败次数小于3次,那么就可以登陆 { //如果登陆成功了,就将登陆失败次数清零 cmd.CommandText = string.Format("update Lduser set ErrorTimes=0 where name='{0}'", txtName.Text.Trim()); reader.Close();//关闭当前SqlDataReader对象,将conn释放出来 cmd.ExecuteNonQuery(); MessageBox.Show("登陆成功"); return; } else { MessageBox.Show("账户被锁定中,登陆失败"); return; } } } //查询不到数据,退出当前SqlDataReader对象 //在查询有没有当前用户 cmd.CommandText = string.Format("select * from Lduser where name='{0}'", txtName.Text.Trim()); using (SqlDataReader reader = cmd.ExecuteReader()) { if (reader.Read())//如果有当前用户 { cmd.CommandText = string.Format("update Lduser set ErrorTimes={0},LastErrorDateTime=GETDATE() where name='{1}'", int.Parse(reader["ErrorTimes"].ToString()) + 1, txtName.Text.Trim()); reader.Close();//关闭当前SqlDataReader对象,将conn释放出来 cmd.ExecuteNonQuery(); MessageBox.Show("密码错误,登陆失败"); } else//如果没有当前用户 { MessageBox.Show("当前用户不存在"); } } } } } } }
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; namespace LoginLockDemo { class User { public string Name { get; set; } public string Password { get; set; } public DateTime LastErrorTime { get; set; } public int ErrorTimes { get; set; } } }
USE [LdbDemo] GO /****** Object: Table [dbo].[Lduser] Script Date: 2017/3/22 22:38:15 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[Lduser]( [lid] [int] IDENTITY(1,1) NOT NULL, [name] [nvarchar](16) NOT NULL, [pwd] [nvarchar](32) NOT NULL, [age] [int] NULL, [CreateDate] [datetime] NULL, [LastErrorDateTime] [datetime] NULL, [ErrorTimes] [int] NULL ) ON [PRIMARY] GO
