当用户 3 次未能提供正确的凭据时,我必须禁用“用户名”和“密码”文本框。我应该在 JSP 本身(使用 jQuery 或 javascript)或在 Controller 中使用逻辑。
PS:我必须在失败后才重定向到登录页面。只需将错误消息更新为“您的帐户已被禁用”。
下面是 JSP:Login.jsp
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login Form</title>
</head>
<body>
<form action="Login_Servlet_Test" method="POST">
Username <input type="text" name="uname"/><br>
Password <input type="text" name="paswd"/><br>
<input type="Submit" value="Submit"/>
</form>
</body>
</html>
下面是 Servlet:LoginServlet
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void init() throws ServletException {
//we can create DB connection resource here and set it to Servlet context
if(getServletContext().getInitParameter("dbURL").equals("jdbc:mysql://localhost/mysql_db") &&
getServletContext().getInitParameter("dbUser").equals("mysql_user") &&
getServletContext().getInitParameter("dbUserPwd").equals("mysql_pwd"))
getServletContext().setAttribute("DB_Success", "True");
else throw new ServletException("DB Connection error");
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//get request parameters for userID and password
String user = request.getParameter("user");
String pwd = request.getParameter("pwd");
//get servlet config init params
String userID = getServletConfig().getInitParameter("user");
String password = getServletConfig().getInitParameter("password");
//logging example
log("User="+user+"::password="+pwd);
if(userID.equals(user) && password.equals(pwd)){
response.sendRedirect("LoginSuccess.jsp");
}else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("Login.jsp");
PrintWriter out= response.getWriter();
out.println("<font color=red>Either user name or password is wrong.</font>");
rd.include(request, response);
}
}
}
最佳答案
您将在用户表中添加两列。一个代表登录计数,另一个代表上次登录尝试的时间戳。 大多数网站允许用户在帐户被锁定后的特定时间后尝试登录。因此,如果指定时间(例如自上次登录尝试后 30 分钟)超过或用户能够成功登录,您可能需要检查时间并清除不成功的尝试。
PreparedStatement pstmt = con.prepareStatement("select loginCount , loginAttemptDate from userstable where username=?");
pstmt.setString(1,username);//your username from login page
ResultSet rs = pstmt.executeQuery();
int loginAttempt=resultset.getint(1);
Date loginAttemptDate = new java.util.Date(resultSet.getTimestamp(2).get time());
request.setAttribute("loginCount",loginAttempt );
long diff= new Date().getTime() - loginAttemptDate.getTime();
if (diff < YOURTIMELIMITCONST && loginAttempt > 3 ){
RequestDispatcher rd = getServletContext().getRequestDispatcher("Login.jsp");
PrintWriter out= response.getWriter();
out.println("<font color=red>Either user name or password is wrong.</font>");
rd.include(request, response);
}else{
//do your login check
}
在 jsp 中你确实喜欢使用 scriptlet
<%if((Integer)request.getAttribute("loginCount") > 3){%>
document.getElementById("usernamebox").disabled = true;
document.getElementById("passwordbox").disabled = true;
<%}%>
我在上面的代码中假设了你输入框的id
关于javascript - 3 次登录尝试失败时禁用文本框,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29876525/