java - 登录限制尝试不适用于 servlet
问题描述
如果用户在 3 次尝试后未能登录,我会尝试阻止用户进入我的登录系统。
我为每个用户设置了一个“attemp”列,默认值为“3”,每次尝试后我都尝试将其递减,直到它变为 0。这里的问题是我的方法没有更新值桌子。有什么问题?请帮忙。
这是我的sql 表:
CREATE TABLE user (
id bigint identity NOT NULL,
username varchar(50) NOT NULL,
password varchar(50) NOT NULL,
attempts int DEFAULT 3,
state varchar(50) DEFAULT 'Active',
PRIMARY KEY (id)
);
这是登录 servlet:
public class LoginCheck extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
/**
* verifies is the values are the same on the inputs
* creates session and redirects accordingly to answer
* blocks access after 3 failed attempts
*/
if(CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
HttpSession session = request.getSession();
session.setAttribute("username", username);
RequestDispatcher rs = request.getRequestDispatcher("profile.jsp");
rs.forward(request, response);
} else if(CheckUser.Validation(username, password) && BlockUser.SelectState(username)) {
String blocked = "This user is blocked";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
return;
}
else if (!CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
//Here is where I call the method and try to decrement the number of attempts accordingly to the user that has been attempting
BlockUser.Attempts(username);
String error = "Wrong user or password. Try again.";
request.setAttribute("error", error);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
else {
String state = "Inactive";
BlockUser.Block(state, username);
String blocked = "Exceeded max attempts. Account is now blocked.";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
}
这是具有减小值的方法的类:
public class BlockUser {
private static Connection con = null;
private static PreparedStatement ps = null;
private static ResultSet rs = null;
public static void Attempts(String username) {
try
{con = DBConnectionManager.getConnection();
if (con == null){
System.out.println("Conexão falhada");
}else{
PreparedStatement sel = con.prepareStatement(
"SELECT * FROM user WHERE username = ? AND attempts = ?");
sel.setString(1,username);
if(rs.next()) {
rs.getInt("attempts");
while(rs.getInt("attempts") != 0) {
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = attempts - 1 WHERE username = ?");
ps.setString(1,username);
ps.executeUpdate();
ps.close();
}}
sel.close();
}
}
catch (Exception e) {
e.printStackTrace(System.out);
}
}
解决方案
首先,select
您内部的查询是错误的,Attempts(String username)
您已传递但从未在其中提供任何值。然后您在尝试中没有得到任何值并直接更新它。相反,您的代码应如下所示:?
attempts = ?
public static String Attempts(String username) {
//your other codes i.e : connection code here
//..
String message = "";
int value;
PreparedStatement sel = con.prepareStatement(
"SELECT * FROM user WHERE username = ? ");
sel.setString(1, username);
ResultSet rs = sel.executeQuery();
if (rs.next()) {
value = rs.getInt("attempts"); //getting attempt in some varibale i.e : value
}
//checking if value is not equal to 0
if (value != 0) {
//subtract 1
int subtracts = value - 1;
//updatting
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = ? WHERE username = ?");
ps.setInt(1,subtracts);
ps.setString(2, username);
int count = ps.executeUpdate();
if (count > 0) {
message = "Updated";
}
} else {
message = "Already 0";
//already 0 do something
}
ps.close();
return message; //return back
}
在 servlet 中执行如下操作:
String message = BlockUser.Attempts(username);
//if the value if updated
if(message.equals("Updated")){
//do something
}else{
//already use all attempts block
}
推荐阅读
- typescript - 将接口类型分配给代码优先的 GraphQL 解析器参数
- r - 如何将每一行数据帧与 R 中的数据帧进行比较?
- r - R:3D 散点图未显示在 Web 浏览器中
- ssl - 如何让 TLS 1.2 KB4019276 补丁在 Windows Server 2008 上运行?
- python - 如何在 Pandas 中创建具有 ```yyyy-mm-dd``` 格式的虚拟列?
- matlab - 杠杆和帽子矩阵完全一样?
- php - 将json数组转换为html表
- flutter - DraggableScrollableSheet 在 NestedScrollView 中不起作用
- html - 如何使用 CSS 更改 Google 表格背景?
- python - 来自 API 的嵌套 JSON 转换为 Dataframe