paip.提升安全性---登录密码出错次数检测

paip.提升安全性---登录密码出错次数检测

 

 

前言... 1

设计接口... 1

流程设计(伪码)... 1

使用此接口... 2

实现接口... 3

 

 

前言

为了提升安全性,需要对登录时,密码出错次数进行检测,当达到一定次数时,20次,禁止用户当日进行登录。。提示用户可通过取回密码功能,来重设密码

 

设计接口

public interface Iapts

 

//检测

   void check(string Account);

 

//保存本次登录纪录..如果登录TRUE,则清零

   void save(string Account, bool IsValid);

}

 

 

流程设计(伪码)

 

***check(username)

     if (getTimes(username,today) >= getMaxTimes())

            throw ("E1:今日登录连续错误次数超过" + getMaxTimes().ToString() + ",请明日再试或者使用找回密码功能");

 

 

getTimes()

sql: select times from table where  username=xxx and date=today

***************************88

//保存本次登录纪录..如果登录TRUE,则清零

 

  public void save(string Account, bool IsLoginValid)

 

        if (IsLoginValid)     

            clear(Account);       

        else      

              add(Account);       // err times add 1

    

 

clear()

recorde=get(username,today)

rec.times=0;

 

add()

   if (!exist(uname,doday))

              new rec(username,times=1,date=today)

   else

        update time+1 where username and date=today

使用此接口

1.  登录时

 

    Iapts apts = kaziApts.getIaptsImp();

 

        //ati L97 add atipwdtimesSec

        apts.check(Account);

        L97

 

loginxxx,set tokeyn()

 

  //ati L97 add atipwdtimesSec

        apts.save(Account, IsValid);

        L97

 

2.取回密码时

 

  Iapts apts = atim.getbackpwdItfs.getapts();

   //ati L96 apts add     clear

                if (apts != null)

                    apts.save(uname, true);

 

 

 

实现接口

 

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using Maticsoft;

using System.Data.SqlClient;

using System.Data;

 

/// <summary>

///iaptsimp 的摘要说明

/// </summary>

public class iaptsimp    :Iapts

{

       public iaptsimp()

       {

              //

              //TODO: 在此处添加构造函数逻辑

              //

       }

 

 

 

 

 

 

 

 

 

 

      void add(string uname)

    {

        inidb();

 

        if (!exist(uname))

        {

 

            Maticsoft.aptsBO o = new aptsBO();

            o.uname = uname;

            o.times = 1;

            o.date = DateTime.Now;

            o.Add();

            return;

        }

 

        int id = getid(uname);

        string strSql = "update apts set times=times+1 where uname=@u and id="+id.ToString();

        SqlParameter[] parameters = {

                                   new SqlParameter("@u", uname)};

        MOLE.SQL.ExecuteSql(strSql.ToString(), parameters);

    }

 

    int getid(string uname)

    {

        string date = getNowDate();

        string date1 = "'" + date + " 00:00:01'";

        string date2 = "'" + date + " 23:59:59'";

        string anddate = " and [date]>=" + date1 + " and [date]<=" + date2;

        string strSql = "select * from apts   where uname=@u" + anddate;

        SqlParameter[] parameters = {

                                   new SqlParameter("@u", uname)};

        DataTable d = MOLE.SQL.GetDataTable(strSql.ToString(), parameters);

        string idstr = d.Rows[0]["id"].ToString();

        return Int32.Parse(idstr);

 

    }

    private bool exist(string uname)

    {

        string date = getNowDate();

        string date1 = "'" + date + " 00:00:01'";

        string date2 = "'" + date + " 23:59:59'";

        string anddate = " and [date]>=" + date1 + " and [date]<=" + date2;

        string strSql = "select * from apts   where uname=@u" + anddate;

        SqlParameter[] parameters = {

                                   new SqlParameter("@u", uname)};

        DataTable d = MOLE.SQL.GetDataTable(strSql.ToString(), parameters);

        if (d.Rows.Count == 0)

            return false;

        else

            return true;

    }

 

        string getNowDate()

    {

        DateTime dt = DateTime.Now;

        string s = string.Format("{0:yyyy-MM-dd}", dt);

        return s;

    }

      int getTimes(string uname)

    {

        inidb();

        string date = getNowDate();

        string date1 = "'"+date + " 00:00:01'";

        string date2 = "'" + date + " 23:59:59'";

        string anddate = " and [date]>=" + date1 + " and [date]<=" + date2;

        string strSql = "select * from apts   where uname=@u  " + anddate;

        SqlParameter[] parameters = {

                                   new SqlParameter("@u", uname)};

        DataTable d = MOLE.SQL.GetDataTable(strSql.ToString(), parameters);

        if (d.Rows.Count == 0)

            return 0;

        string s = d.Rows[0]["times"].ToString();

        return Int32.Parse(s);

    }

 

      int getMaxTimes()

    {

        return 3;

    }

 

        void inidb()

    {

        MOLE.SQL.connectionString = new SqlHelper().ConnStr;

        Maticsoft.DBUtility.DbHelperSQL.connectionString = MOLE.SQL.connectionString;

 

    }

 

 

 

 

      void clear(string uname)

    {

        inidb();

        int id = getid(uname);

        string strSql = "update apts set times=0 where uname=@u and id=" + id.ToString();

        SqlParameter[] parameters = {

                                   new SqlParameter("@u", uname)};

        MOLE.SQL.ExecuteSql(strSql.ToString(), parameters);

    }

 

 

 

    public void save(string Account, bool IsLoginValid)

    {

        if (IsLoginValid)

        {

            clear(Account);

        }

        else

        {

              add(Account);       // err times add 1

        }

    }

 

 

    public void check(string Account)

    {

        if (getTimes(Account) >= getMaxTimes())

            throw new Exception("E1:今日登录连续错误次数超过" + getMaxTimes().ToString() + ",请明日再试或者使用找回密码功能");

    }

 

 

  

}

posted @ 2012-09-07 18:59  attilaxAti  阅读(48)  评论(0)    收藏  举报