3次登錄嘗試失敗時禁用文本框

Question

當用戶未能提供正確的憑證3次時，我必須禁用「用戶名」&「密碼」文本框。我應該使用JSP本身的邏輯（使用jQuery或JavaScript）或在控制器中使用。

PS：我必須在失敗後重定向到登錄頁面。只需要更新錯誤消息「您的帳戶已被禁用」。

下面是JSP：Login.jsp頁面

 <html> 
    <head> 
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
     <title>Login Form</title> 
    </head> 
    <body> 
     <form action="Login_Servlet_Test" method="POST"> 
      Username <input type="text" name="uname"/><br> 
      Password <input type="text" name="paswd"/><br> 
      <input type="Submit" value="Submit"/> 
     </form> 

    </body> 
</html> 

下面是Servlet：LoginServlet

public class LoginServlet extends HttpServlet { 
    private static final long serialVersionUID = 1L; 


    public void init() throws ServletException { 
     //we can create DB connection resource here and set it to Servlet context 
     if(getServletContext().getInitParameter("dbURL").equals("jdbc:mysql://localhost/mysql_db") && 
       getServletContext().getInitParameter("dbUser").equals("mysql_user") && 
       getServletContext().getInitParameter("dbUserPwd").equals("mysql_pwd")) 
     getServletContext().setAttribute("DB_Success", "True"); 
     else throw new ServletException("DB Connection error"); 
    } 


    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 

     //get request parameters for userID and password 
     String user = request.getParameter("user"); 
     String pwd = request.getParameter("pwd"); 

     //get servlet config init params 
     String userID = getServletConfig().getInitParameter("user"); 
     String password = getServletConfig().getInitParameter("password"); 
     //logging example 
     log("User="+user+"::password="+pwd); 

     if(userID.equals(user) && password.equals(pwd)){ 
      response.sendRedirect("LoginSuccess.jsp"); 
     }else{ 
      RequestDispatcher rd = getServletContext().getRequestDispatcher("Login.jsp"); 
      PrintWriter out= response.getWriter(); 
      out.println("<font color=red>Either user name or password is wrong.</font>"); 
      rd.include(request, response); 

     } 

    } 

} 

Answer 1

你會在你的用戶表中添加兩列。一個表示登錄計數，另一個表示上次登錄嘗試的時間戳。 大多數網站允許用戶在帳戶鎖定後的特定時間後嘗試登錄。因此，如果指定的時間（例如上次登錄嘗試後的30分鐘）超出或用戶能夠成功登錄，則可能需要檢查時間並清除不成功的嘗試。

PreparedStatement pstmt = con.prepareStatement("select loginCount , loginAttemptDate from userstable where username=?"); 
pstmt.setString(1,username);//your username from login page 
ResultSet rs = pstmt.executeQuery(); 
int loginAttempt=resultset.getint(1); 
Date loginAttemptDate = new java.util.Date(resultSet.getTimestamp(2).get time()); 
request.setAttribute("loginCount",loginAttempt); 
long diff= new Date().getTime() - loginAttemptDate.getTime(); 

if (diff < YOURTIMELIMITCONST && loginAttempt > 3){ 


RequestDispatcher rd = getServletContext().getRequestDispatcher("Login.jsp"); 
PrintWriter out= response.getWriter(); 
out.println("<font color=red>Either user name or password is wrong.</font>"); 
     rd.include(request, response); 
}else{ 
    //do your login check 
} 

，並在JSP中你用小腳本

<%if((Integer)request.getAttribute("loginCount") > 3){%> 
document.getElementById("usernamebox").disabled = true; 
document.getElementById("passwordbox").disabled = true; 
<%}%> 

像我假定你的輸入框的ID在上面的代碼