Password frmPassword = new Password();
DialogResult dr = frmPassword.ShowDialog();
if (dr == DialogResult.Cancel)
Application.Exit();
else
{
SqlConnection oledbConn = new SqlConnection();//连接数据库
oledbConn.ConnectionString = @"Data Source=O8RS63RAGSIE4AR;Initial Catalog=hrone;Integrated Security=True";
oledbConn.Open();//打开数据库连接
SqlCommand oledbCmd = new SqlCommand();
oledbCmd.Connection = oledbConn;
oledbCmd.CommandText = @"SELECT 0 FROM test WHERE username = @u1;
SELECT 0 FROM test WHERE username = @u2 AND password = @p1; SELECT isnull(lockcnt, 0) lockcnt FROM test WHERE username = @u3 AND password = @p2 AND isnull(lockcnt, 0) < 3";
oledbCmd.Parameters.Clear();//
SetParam(oledbCmd, "@u1", frmPassword.TxtUserName.Text);
SetParam(oledbCmd, "@u2", frmPassword.TxtUserName.Text);
SetParam(oledbCmd, "@p1", frmPassword.TxtPassword.Text);
SetParam(oledbCmd, "@u3", frmPassword.TxtUserName.Text);
SetParam(oledbCmd, "@p2", frmPassword.TxtPassword.Text);
SqlDataReader oledbReader = oledbCmd.ExecuteReader();//从数据库读取行
if (oledbReader.HasRows)//判断数据集是否为空
{
oledbReader.NextResult();
if (oledbReader.HasRows)
{
oledbReader.NextResult();
if (oledbReader.HasRows)
{
Application.Run(new MainForm());
}
else
MessageBox.Show("对不起,您的账号已被锁定,请与管理人员联系");
}
else
MessageBox.Show("请输入正确的口令");
}
else
MessageBox.Show("用户账号不存在");
}
} static void SetParam(SqlCommand cmd, string pn, object val)
{
SqlParameter param = new SqlParameter();
param.ParameterName = pn;
param.Value = val;
cmd.Parameters.Add(param);
}
DialogResult dr = frmPassword.ShowDialog();
if (dr == DialogResult.Cancel)
Application.Exit();
else
{
SqlConnection oledbConn = new SqlConnection();//连接数据库
oledbConn.ConnectionString = @"Data Source=O8RS63RAGSIE4AR;Initial Catalog=hrone;Integrated Security=True";
oledbConn.Open();//打开数据库连接
SqlCommand oledbCmd = new SqlCommand();
oledbCmd.Connection = oledbConn;
oledbCmd.CommandText = @"SELECT 0 FROM test WHERE username = @u1;
SELECT 0 FROM test WHERE username = @u2 AND password = @p1; SELECT isnull(lockcnt, 0) lockcnt FROM test WHERE username = @u3 AND password = @p2 AND isnull(lockcnt, 0) < 3";
oledbCmd.Parameters.Clear();//
SetParam(oledbCmd, "@u1", frmPassword.TxtUserName.Text);
SetParam(oledbCmd, "@u2", frmPassword.TxtUserName.Text);
SetParam(oledbCmd, "@p1", frmPassword.TxtPassword.Text);
SetParam(oledbCmd, "@u3", frmPassword.TxtUserName.Text);
SetParam(oledbCmd, "@p2", frmPassword.TxtPassword.Text);
SqlDataReader oledbReader = oledbCmd.ExecuteReader();//从数据库读取行
if (oledbReader.HasRows)//判断数据集是否为空
{
oledbReader.NextResult();
if (oledbReader.HasRows)
{
oledbReader.NextResult();
if (oledbReader.HasRows)
{
Application.Run(new MainForm());
}
else
MessageBox.Show("对不起,您的账号已被锁定,请与管理人员联系");
}
else
MessageBox.Show("请输入正确的口令");
}
else
MessageBox.Show("用户账号不存在");
}
} static void SetParam(SqlCommand cmd, string pn, object val)
{
SqlParameter param = new SqlParameter();
param.ParameterName = pn;
param.Value = val;
cmd.Parameters.Add(param);
}
密码输入错误一次count--;
count<=0的时候锁定账号
private int count=0;
密码输入错误一次count++在登陆事件里第一行写
if(count>=3)
{
MessageBox.Show("你尝试密码已有3次,不能再次登陆!");
return;
}
....
要从根本上解决问题,就是要在用户表中加两个字段来保存用户的信息:
1.是否锁定 INT
3.错误次数 INT
用户登录逻辑:
if 已锁定,直接返回;
else if 输错密码,判断次数,到达3次就锁定;
else 返回成功;
当然,还要加一些解锁功能了。。
再复杂一点,可以设定暂时锁定和永久锁定,如10分钟内错误3次会暂时锁定,持续30分钟后解锁;24小时内如果累计超过10次,则永久锁定。这样的话,需要再加几个记录错误时间和监控起始时间。
只查有没有用户名就好了,只要有返回1条数据再进行下一步操作。
绑定SqlDataReader后登陆密码、登陆次数,这些都已经在里面了。
通过reader.GetString(reader.GetOrdinal("UPassword")) 取密码。
参考下以下代码吧!private void SetErrorTimes(int error)
{
using (SqlConnection conn = new SqlConnection(sql))
{
conn.Open();
using (SqlCommand com = conn.CreateCommand())
{
com.CommandText = "update T_Users set UErrorTimes=" + error + "where UUserName=@UserName";
com.Parameters.Add(new SqlParameter("UserName", txtUserName.Text.Trim()));
com.ExecuteNonQuery();
}
}
} private void btnLogin_Click(object sender, EventArgs e)
{ using (SqlConnection conn = new SqlConnection(sql))
{
conn.Open();
using (SqlCommand com = conn.CreateCommand())
{
com.CommandText = "select * from T_Users where UUserName=@UserName";
com.Parameters.Add(new SqlParameter("UserName", txtUserName.Text.Trim()));
using (SqlDataReader reader = com.ExecuteReader())
{
if (reader.Read())
{
int error = reader.GetInt32(reader.GetOrdinal("UErrorTimes"));
if (error >= 3)
{
MessageBox.Show("登陆错误次数过多,禁止登陆!");
return;
}
string pwd = reader.GetString(reader.GetOrdinal("UPassword"));
if (pwd == txtPassword.Text.Trim())
{
SetErrorTimes(0); //设置登陆错误次数
MessageBox.Show("登陆成功!");
return;
}
else
{
error++;
SetErrorTimes(error); //设置登陆错误次数
MessageBox.Show("登陆密码错误! Error=" + error.ToString());
return;
}
}
else
{
MessageBox.Show("登陆用户名不存在!");
return;
}
}
}
}
}
Password frmPassword = new Password();
DialogResult dr = frmPassword.ShowDialog();
if (dr == DialogResult.Cancel)
Application.Exit();
else
{
using (SqlConnection oledbConn = new SqlConnection())//连接数据库
{
oledbConn.ConnectionString = @"Data Source=O8RS63RAGSIE4AR;Initial Catalog=hrone;Integrated Security=True";
oledbConn.Open();//打开数据库连接
using (SqlCommand oledbCmd = oledbConn.CreateCommand())
{
oledbCmd.CommandText = "SELECT * FROM test WHERE username = @username";
oledbCmd.Parameters.Add(new SqlParameter("username", TxtUserName.Text));
using (SqlDataReader oledbReader = oledbCmd.ExecuteReader()) //从数据库读取行
{
if (oledbReader.Read()) //判断数据集是否为空
{
int? count = oledbReader.GetInt32(oledbReader.GetOrdinal("lockcnt")); //取lockcnt
if (count == null)
count = 0;
if (count >= 3)
{
MessageBox.Show("对不起,您的账号已被锁定,请与管理人员联系");
return;
}
string password = oledbReader.GetString(oledbReader.GetOrdinal("password")); //取密码
if (password == TxtPassword.Text)
{
ResetLockcnt(); //登陆成功Lockcnt清零
Application.Run(new MainForm()); //登陆成功
}
else
{
IncLockcnt(); //登陆错误累加一次
MessageBox.Show("请输入正确的口令");
return;
}
}
else
{
MessageBox.Show("用户账号不存在");
return;
}
}
}
}
}
private void IncLockcnt()
{
using (SqlConnection oledbConn = new SqlConnection())
{
oledbConn.ConnectionString = @"Data Source=O8RS63RAGSIE4AR;Initial Catalog=hrone;Integrated Security=True";
oledbConn.Open();
using (SqlCommand oledbCmd = oledbConn.CreateCommand())
{
oledbCmd.CommandText = "UPDATE test SET lockcnt=isnull(lockcnt, 0)+1 WHERE username = @username";
oledbCmd.Parameters.Add(new SqlParameter("username", TxtUserName.Text));
oledbCmd.ExecuteNonQuery();
}
}
} private void ResetLockcnt()
{
using (SqlConnection oledbConn = new SqlConnection())
{
oledbConn.ConnectionString = @"Data Source=O8RS63RAGSIE4AR;Initial Catalog=hrone;Integrated Security=True";
oledbConn.Open();
using (SqlCommand oledbCmd = oledbConn.CreateCommand())
{
oledbCmd.CommandText = "UPDATE test SET lockcnt=0 WHERE username = @username";
oledbCmd.Parameters.Add(new SqlParameter("username", TxtUserName.Text));
oledbCmd.ExecuteNonQuery();
}
}
}
就算它有1W条错误,咱们也可以一条一条解决掉它不是。
拿到代码千万不要直接粘,要一行一行对照,要理解了它是干嘛的再手敲上去。
那块不懂最好先Google一下,这样下次才能独立写出来。
建议把整个窗体的代码都贴出来瞧瞧,还有报错截图!
数据库表里建有2个字段,count,thedate,登陆次数和当前日期
首次登陆,要检查有没有当天的日期记录,
IF 有当天日期的记录 THEN
IF 次数>=3 THEN
提示不能在登陆
退出
ELSE
验证登陆
数据库里表count字段增加1
END IFELSE
登陆验证
建立新记录,把count的值设置成END IF大致思路这样,你自己再整理下思路
做的登陆界面
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;namespace FastWP
{
/// <summary> /// User info class /// </summary> public partial class frmLogin : Form
{
private int nLoginCount = 0; private const int MAX_LOGIN_COUNT = 3; private UserInfo uiLogin; public frmLogin(ref UserInfo ui)
{
// // Required for Windows Form Designer support // InitializeComponent(); // Set login info to class member uiLogin = ui; } private void btnOk_Click(object sender, EventArgs e)
{
// Here is to use fixed username and password
// 这个地方怎么改成连接数据库检查接收到的username 和password
if (txtUserName.Text == "Admin" && txtPassword.Text == "nopassword")
{ // Save login user info uiLogin.UserName = txtUserName.Text; uiLogin.Password = txtPassword.Text; // Set dialog result with OK this.DialogResult = DialogResult.OK; } else
{ // Wrong username or password nLoginCount++; if (nLoginCount == MAX_LOGIN_COUNT) // Over 3 times this.DialogResult = DialogResult.Cancel; else
{ MessageBox.Show("Invalid user name and password!"); txtUserName.Focus(); } } } private void btnCancel_Click(object sender, EventArgs e)
{
// Set dialog result with Cancel this.DialogResult = DialogResult.Cancel; } private void frmLogin_FormClosing(object sender, FormClosingEventArgs e)
{
// Check whether form is closed with dialog result if (this.DialogResult != DialogResult.Cancel && this.DialogResult != DialogResult.OK) e.Cancel = true; }
}
public class UserInfo
{ private string strUserName; private string strPassword; public string UserName
{ get { return strUserName; } set { strUserName = value; } } public string Password
{ get { return strPassword; } set { strPassword = value; } } public UserInfo()
{ strUserName = ""; strPassword = ""; } }
}
你要把客户登陆次数写入数据库,而不是用变量(因为:人家可能登陆3次后,退出程序,再登陆,那么你保存到变量里的次数就重新变成0了);应该是对同一个账号在指定时间内(如24小时内),最多可以登陆3次吧。
数据库表里建有2个字段,count,thedate,登陆错误次数和当前日期
首次登陆,要检查有没有当天的日期记录,
IF 有当天日期的记录 THEN
IF 次数>=3 THEN
锁定登陆
退出
ELSE
IsLogined(……);
END IF
ELSE
IsLogined(……);
END IF
函数IsLogined(……)
{
IF 验证登陆成功 THEN
进入主界面
ELSE
提示登陆失败
数据库里表count字段增加1
END IF
}可能还不完善,大家补上
等于3则不能登陆。否则如果登陆错误,则icnt +=1
至于限制登陆错误次数,知道下原理就好了。
我给你大概修改了下,自己参考吧。
1、创建数据库 MyDB
2、新建表 T_Users
Id (int)
UserName (varchar(50))
Password (varchar(50))
ErrorCount (int)
ErrorDate (datetime)
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;namespace FastWP
{
/// <summary> /// User info class /// </summary> public partial class frmLogin : Form
{
//private int nLoginCount = 0;
//private const int MAX_LOGIN_COUNT = 3;
private UserInfo uiLogin; public frmLogin(ref UserInfo ui)
{
//
// Required for Windows Form Designer support
// InitializeComponent(); // Set login info to class member uiLogin = ui; } private void btnOk_Click(object sender, EventArgs e)
{
// Here is to use fixed username and password
// 这个地方怎么改成连接数据库检查接收到的username 和password /*-----------------------------------------------*/
string sql = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\MyDB.mdf;Integrated Security=True;User Instance=True";
using (SqlConnection conn = new SqlConnection(sql))
{
conn.Open(); //打开数据库连接
using (SqlCommand com = conn.CreateCommand())
{
com.CommandText = "select * from T_Users where UserName=@username";
com.Parameters.Add(new SqlParameter("username", txtUserName.Text));
using (SqlDataReader reader = com.ExecuteReader())
{
if (reader.Read())
{
/*
* 想写解锁代码在这里判断最后一次登录日期与数据库服务器时间取时差额。
*/
int errorCount = reader.GetInt32(reader.GetOrdinal("ErrorCount")); //取错误次数
if (errorCount >= 3)
{
MessageBox.Show("错误次数过多");
this.DialogResult = DialogResult.Cancel;
return;
}
string password = reader.GetString(reader.GetOrdinal("Password")); //取密码
if (password == txtPassword.Text)
{
ResetErrorCount(); //登陆成功清零
// Save login user info
uiLogin.UserName = txtUserName.Text;
uiLogin.Password = txtPassword.Text;
// Set dialog result with OK
this.DialogResult = DialogResult.OK;
}
else
{
IncErrorCount(); //登陆错误累加一次
MessageBox.Show("Invalid user name and password!");
txtUserName.Focus();
return;
}
}
else
{
MessageBox.Show("用户名不存在");
txtUserName.Focus();
return;
}
}
}
}
/*-----------------------------------------------*/
/*
if (txtUserName.Text == "Admin" && txtPassword.Text == "nopassword")
{
// Save login user info
uiLogin.UserName = txtUserName.Text;
uiLogin.Password = txtPassword.Text;
// Set dialog result with OK
this.DialogResult = DialogResult.OK;
}
else
{
// Wrong username or password
nLoginCount++;
if (nLoginCount == MAX_LOGIN_COUNT)
// Over 3 times
this.DialogResult = DialogResult.Cancel;
else
{
MessageBox.Show("Invalid user name and password!");
txtUserName.Focus();
}
}*/ } private void IncErrorCount()
{
string sql = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\MyDB.mdf;Integrated Security=True;User Instance=True";
using (SqlConnection conn = new SqlConnection(sql))
{
conn.Open();
using (SqlCommand com = conn.CreateCommand())
{
com.CommandText = "update T_Users set ErrorCount=isnull(ErrorCount, 0)+1 where UserName = @username";
com.Parameters.Add(new SqlParameter("username", txtUserName.Text));
com.ExecuteNonQuery();
}
}
} private void ResetErrorCount()
{
string sql = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\MyDB.mdf;Integrated Security=True;User Instance=True";
using (SqlConnection conn = new SqlConnection(sql))
{
conn.Open();
using (SqlCommand com = conn.CreateCommand())
{
com.CommandText = "update T_Users set ErrorCount=0 where UserName = @username";
com.Parameters.Add(new SqlParameter("username", txtUserName.Text));
com.ExecuteNonQuery();
}
}
} private void btnCancel_Click(object sender, EventArgs e)
{
// Set dialog result with Cancel this.DialogResult = DialogResult.Cancel; } private void frmLogin_FormClosing(object sender, FormClosingEventArgs e)
{
// Check whether form is closed with dialog result if (this.DialogResult != DialogResult.Cancel && this.DialogResult != DialogResult.OK) e.Cancel = true;
}
}
public class UserInfo
{
private string strUserName;
private string strPassword; public string UserName
{
get { return strUserName; }
set { strUserName = value; }
} public string Password
{
get { return strPassword; }
set { strPassword = value; }
} public UserInfo()
{
strUserName = "";
strPassword = "";
}
}
}
用户表给一个的用户状态列。
每次登陆请求失败的时候执行update操作。
登陆错误的情况:我想你有可能会更新Ip记录什么的(没有就算了),同时更新状态列值+1。
登陆成功:其他数据更新+ 状态值0