时间戳

首页 > 解决方案 > 登录限制尝试不适用于 servlet

java - 登录限制尝试不适用于 servlet

问题描述

如果用户在 3 次尝试后未能登录,我会尝试阻止用户进入我的登录系统。

我为每个用户设置了一个“attemp”列,默认值为“3”,每次尝试后我都尝试将其递减,直到它变为 0。这里的问题是我的方法没有更新值桌子。有什么问题?请帮忙。

这是我的sql 表:

CREATE TABLE user (
id bigint identity NOT NULL,
username varchar(50) NOT NULL,
password varchar(50) NOT NULL,
attempts int DEFAULT 3,
state varchar(50) DEFAULT 'Active',
PRIMARY KEY (id)
);

这是登录 servlet:


public class LoginCheck extends HttpServlet {



    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {



        String username = request.getParameter("username");
        String password = request.getParameter("password");


        /**
         *  verifies is the values are the same on the inputs
         *  creates session and redirects accordingly to answer
         *  blocks access after 3 failed attempts
         */



        if(CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
        {
            HttpSession session = request.getSession();
            session.setAttribute("username", username);

            RequestDispatcher rs = request.getRequestDispatcher("profile.jsp");
            rs.forward(request, response);

        }  else if(CheckUser.Validation(username, password) && BlockUser.SelectState(username)) {

                String blocked = "This user is blocked";
                request.setAttribute("blocked", blocked);
                request.getRequestDispatcher("index.jsp").forward(request, response);   
                return;
            } 


        else if (!CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
        {  
            //Here is where I call the method and try to decrement the number of attempts accordingly to the user that has been attempting

            BlockUser.Attempts(username);

            String error = "Wrong user or password. Try again.";
            request.setAttribute("error", error);
            request.getRequestDispatcher("index.jsp").forward(request, response);   


               }


        else {

            String state = "Inactive";

            BlockUser.Block(state, username);

            String blocked = "Exceeded max attempts. Account is now blocked.";
            request.setAttribute("blocked", blocked);
            request.getRequestDispatcher("index.jsp").forward(request, response);   
            }


    }

}

这是具有减小值的方法的类:


public class BlockUser {

    private static Connection con = null;
    private static PreparedStatement ps = null;
    private static ResultSet rs = null;



    public static void Attempts(String username) {


        try
          {con = DBConnectionManager.getConnection();

          if (con == null){
             System.out.println("Conexão falhada");

          }else{

              PreparedStatement sel = con.prepareStatement(
                         "SELECT * FROM user WHERE username = ? AND attempts = ?");

              sel.setString(1,username);   

             if(rs.next()) {

             rs.getInt("attempts");





            while(rs.getInt("attempts") != 0) {

                 PreparedStatement ps = con.prepareStatement(
                     "UPDATE user SET attempts = attempts - 1 WHERE username = ?");


            ps.setString(1,username);    
            ps.executeUpdate();
            ps.close();

            }}

            sel.close();
              }
          }
        catch (Exception e) {
             e.printStackTrace(System.out);


          }

    }

标签: javaservlets

解决方案

首先,select您内部的查询是错误的,Attempts(String username)您已传递但从未在其中提供任何值。然后您在尝试中没有得到任何值并直接更新它。相反,您的代码应如下所示:?attempts = ?

public static String Attempts(String username) {
 //your other codes i.e : connection code here
//..
 String message = "";
 int value;
 PreparedStatement sel = con.prepareStatement(
  "SELECT * FROM user WHERE username = ? ");
 sel.setString(1, username);
 ResultSet rs = sel.executeQuery();
 if (rs.next()) {
  value = rs.getInt("attempts"); //getting attempt in some varibale i.e : value
 }
 //checking if value is not equal to 0
 if (value != 0) {
  //subtract 1
  int subtracts = value - 1;
  //updatting
  PreparedStatement ps = con.prepareStatement(
   "UPDATE user SET attempts = ? WHERE username = ?");
  ps.setInt(1,subtracts);
  ps.setString(2, username);
  int count = ps.executeUpdate();
  if (count > 0) {
   message = "Updated";

  }
 } else {
  message = "Already 0";
  //already 0 do something

 }
 ps.close();
 return message; //return back 

}

在 servlet 中执行如下操作:

String message =  BlockUser.Attempts(username);
//if the value if updated 
if(message.equals("Updated")){
//do something
}else{
//already use all attempts block
}

推荐阅读