如果用户登录失败,[<3次尝试后,我将尝试阻止其登录系统。] >>我为每个用户设置了一个“默认值”列,其默认int值为“ 3”,并且我尝试在每次尝试后将其递减,直到其变为0。 这里的问题是我的方法没有更新表上的值。
sql表:
CREATE TABLE user (
id bigint identity NOT NULL,
username varchar(50) NOT NULL,
password varchar(50) NOT NULL,
attempts int DEFAULT 3,
state varchar(50) DEFAULT 'Active',
PRIMARY KEY (id)
);
这是登录servlet:
public class LoginCheck extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
/**
* verifies is the values are the same on the inputs
* creates session and redirects accordingly to answer
* blocks access after 3 failed attempts
*/
if(CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
HttpSession session = request.getSession();
session.setAttribute("username", username);
RequestDispatcher rs = request.getRequestDispatcher("profile.jsp");
rs.forward(request, response);
} else if(CheckUser.Validation(username, password) && BlockUser.SelectState(username)) {
String blocked = "This user is blocked";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
return;
}
else if (!CheckUser.Validation(username, password) && !BlockUser.SelectState(username))
{
//Here is where I call the method and try to decrement the number of attempts accordingly to the user that has been attempting
BlockUser.Attempts(username);
String error = "Wrong user or password. Try again.";
request.setAttribute("error", error);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
else {
String state = "Inactive";
BlockUser.Block(state, username);
String blocked = "Exceeded max attempts. Account is now blocked.";
request.setAttribute("blocked", blocked);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
}
这是带有减少值的方法的类:
public class BlockUser { private static Connection con = null; private static PreparedStatement ps = null; private static ResultSet rs = null; public static void Attempts(String username) { try {con = DBConnectionManager.getConnection(); if (con == null){ System.out.println("Conexão falhada"); }else{ PreparedStatement sel = con.prepareStatement( "SELECT * FROM user WHERE username = ? AND attempts = ?"); sel.setString(1,username); if(rs.next()) { rs.getInt("attempts"); while(rs.getInt("attempts") != 0) { PreparedStatement ps = con.prepareStatement( "UPDATE user SET attempts = attempts - 1 WHERE username = ?"); ps.setString(1,username); ps.executeUpdate(); ps.close(); }} sel.close(); } } catch (Exception e) { e.printStackTrace(System.out); } }
如果用户尝试3次后登录失败,我将尝试阻止其登录系统。我为每个用户设置了一个“默认值”列,其默认int值为“ 3”,并且我尝试在每个用户之后将其递减...
while(rs.getInt("attempts") != 0) {
int value = 1;
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET attempts = attempts - ? WHERE username = ?");
ps.setInt(1, value);
ps.setString(2, username);
....
}
select中进行Attempts(String username)查询是错误的,您已为?传递了attempts = ?但从未提供任何值。那么您将无法获得任何值并直接对其进行更新。相反,您的代码应如下所示: