同事离职了,接手了他的代码。。
有客户反馈登录密码错误后被锁定不会解锁,或者错误一次就被锁定(???)。
不多比比,直接代码看看
//登陆失败次数 int FailedCount = 0; if (null == Request.Cookies["FailedError"]) { HttpCookie failedCountCookie = new HttpCookie("FailedError"); failedCountCookie["LoginCount"] = "0"; failedCountCookie["LastLoginDate"] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); failedCountCookie.Expires = DateTime.Now.AddHours(1); Response.Cookies.Add(failedCountCookie); } else { FailedCount = Convert.ToInt32(Request.Cookies["FailedError"]["LoginCount"]); } //如果当前时间与用户最后一次登陆时间差超过30分钟,则登陆失败次数自动清为0 if (Request.Cookies["FailedError"] != null) { DateTime lastLoginDate = Convert.ToDateTime(Request.Cookies["FailedError"]["LastLoginDate"]); if (DateTime.Now.Subtract(lastLoginDate).Minutes > 30) { FailedCount = 0; } } //如果登陆次数超过5次,则锁定。等待1小时后才能登陆 if (FailedCount > 4) { this.lblMsg.Text = "对不起,账号已经被锁定,请等待30分钟后重试."; } else { this.lblMsg.Text = ""; bool flag = false; string USERNAME = this.txtUSERNAME.Text; string PASSWORD = this.txtPASSWORD.Text; string ip = Request.UserHostAddress; string logmsg = "【" + USERNAME + "】于 " + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + " 登陆本系统, IP地址: " + Request.UserHostAddress + ", 登陆结果:"; if (this.txtBox.Text.ToLower() == Session["checkcode"].ToString()) { try { flag = bll.Exists(USERNAME); if (flag) { //PASSWORD = MethodHelper.EncrypToHashValue(PASSWORD); flag = bll.Exists(USERNAME, MethodHelper.EncrypToHashValue(PASSWORD)); if (flag) { logmsg += "成功"; Maticsoft.Model.USERS model = bll.GetModel(USERNAME); if (model.LOGINIP == Request.UserHostAddress || (DateTime.Now - model.LOGINDATE).TotalSeconds > 1800) { Session["checkcode"] = null;//验证码使用后马上从服务器销毁 model.LOGINIP = Request.UserHostAddress; model.LOGINDATE = DateTime.Now; model.LOGINERRORCOUNT = 0; bll.UpdateLoginInfo(model); //LoginHelper.SetUser(model); } else { flag = false; lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户已在其他地方登录。"; Session["checkcode"] = null;//验证码使用后马上从服务器销毁 } } else { FailedCount++; lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户名与密码不正确。"; Session["checkcode"] = null;//验证码使用后马上从服务器销毁 logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text; } } else { FailedCount++; lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户名不正确。"; Session["checkcode"] = null;//验证码使用后马上从服务器销毁 logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text; } } catch (Exception ex) { FailedCount++; lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆异常: " + ex.Message; logmsg += "失败。异常信息: " + ex.Message; //Response.Redirect("~/login.aspx"); } finally { Maticsoft.BLL.LOGGER.Add(USERNAME, logmsg); } } else if (Session["checkcode"] == null) { lblMsg.Text = "<img src='images/stop.png' class='img'/> 验证码已过期,请重新输入。"; return; } else { Session["checkcode"] = null;//验证码使用后马上从服务器销毁 lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:验证码不通过。"; return; } if (flag) { Response.Redirect("~/desk.aspx"); } else { //更新登陆失败次数 HttpCookie failedCountCookie = Request.Cookies["FailedError"]; failedCountCookie["LoginCount"] = FailedCount.ToString(); failedCountCookie["LastLoginDate"] = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); Response.Cookies.Add(failedCountCookie); } }
额,看到代码的第一眼是有点崩溃的,这诡异的逻辑,还有这嵌套的ifelse,很难不让人气压飙升,得,我也懒得修了,直接重构一下得了。
基本的逻辑很简单,先判断下验证码能不能用,在判断下用户是否允许登录(是否被锁定、锁定用户是否达到解锁条件)就完事了
if (Session["checkcode"] == null) { lblMsg.Text = "<img src='images/stop.png' class='img'/> 验证码已过期,请重新获取。"; return; } if (txtBox.Text.ToLower() != Session["checkcode"].ToString()) { lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:验证码不通过。"; return; } Session["checkcode"] = null;//验证码使用后马上从服务器销毁 string USERNAME = txtUSERNAME.Text; string PASSWORD = txtPASSWORD.Text; UserService service = new UserService(); UserRequest userRequest = new UserRequest(); userRequest.UserName = USERNAME; var result = service.GetUser(userRequest); string logmsg = "【" + USERNAME + "】于 " + DateTime.Now.ToStrin("yyyy-MM-dd HH:mm:ss") + " 登陆本系统, IP地址: " + RequestUserHostAddress + ", 登陆结果:"; if (result.Count() == 0) { lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户名不正确。"; logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text; return; } var user = result.First(); // 用户锁定,并且锁定时间未结束 if (user.LOGINERRORCOUNT >= 5 && (user.LOGINDATE.Value - DateTime.Now)TotalSeconds > 0) { lblMsg.Text = string.Format("<img src='images/stop.png' class='img'/> 登陆失败:用户名已锁定。剩余时间:{0}s", (int)(user.LOGINDATE.Value - DateTime.Now).TotalSeconds); return; } if (user.PASSWORD != MethodHelper.EncrypToHashValue(PASSWORD)) { lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:密码不正确。"; logmsg += "失败。试图登陆密码:" + txtPASSWORD.Text; user.LOGINERRORCOUNT += 1; if (user.LOGINERRORCOUNT == 5) user.LOGINDATE = DateTime.Now.AddHours(1); service.UpdateErrorCount(user); return; } if (string.IsNullOrEmpty(user.LOGINIP) || (user.LOGINIP.Trim() == Request.UserHostAddress || (DateTime.Now - user.LOGINDATE.Value).TotalSeconds > 1800)) { user.LOGINIP = Request.UserHostAddress; user.LOGINDATE = DateTime.Now; user.LOGINERRORCOUNT = 0; service.UpdateLoginInfo(user); LoginHelper.SetUser(user); } else { lblMsg.Text = "<img src='images/stop.png' class='img'/> 登陆失败:用户已在其他地方登录。"; return; } Response.Redirect("~/desk.aspx");