diff --git a/FrmLogin.cs b/FrmLogin.cs
index 174f90b..a32745a 100644
--- a/FrmLogin.cs
+++ b/FrmLogin.cs
@@ -1,9 +1,11 @@
using System;
using System.Data;
using System.Data.OracleClient;
+using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Net;
+using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
using System.Xml;
@@ -17,12 +19,88 @@
//登录界面 -- 配置文件的路径
public static string filename = Application.StartupPath + "\\login.xml";
-
+ public string Message = "";
+ public double lockedTime = 15;
public FrmLogin()
{
InitializeComponent();
}
+
+ struct lockStruct {
+ public int wrongCount;
+ public DateTime wrongDate;
+ }
+
+ private lockStruct getWCountAndWDateByUser()
+ {
+ // 根据用户名获取wrongPassWord和wrongDate
+ string sql = "select * from casic_userinfotest where USERNAME=:username and sysname='EMS'";
+ OracleParameter usernameParam = new OracleParameter(":username", txtUser.Text.Trim());
+ DataTable dt = OledbHelper.ExecuteDataTable(sql, usernameParam);
+ lockStruct ls;
+ ls.wrongCount = int.Parse(dt.Rows[0]["WRONGCOUNT"].ToString());
+ if (dt.Rows[0]["wrongDate"].ToString() == "")
+ {
+ ls.wrongDate = DateTime.Parse("01/01/1970 00:00:0"); ;
+ }
+ else
+ {
+ ls.wrongDate = DateTime.Parse(dt.Rows[0]["WRONGDATE"].ToString());
+ }
+
+ return ls;
+ }
+
+ private double SubTime(DateTime date)
+ {
+ DateTime current = new DateTime();
+ current = DateTime.Now;
+ TimeSpan timeSpan = current.Subtract(date).Duration();
+ double subTime = timeSpan.TotalMinutes;
+ return subTime;
+ }
+
+ private bool valLocked()
+ {
+ lockStruct ls = getWCountAndWDateByUser();
+ double subTime = SubTime(ls.wrongDate);
+ if (ls.wrongCount < 5)
+ {
+ // 如果输错密码小于5次,不锁定
+ return false;
+ }
+ else if (ls.wrongCount == 5 && subTime > lockedTime)
+ {
+ // 如果输错密码大于5次,但是距离上次输错时间已经超过15分钟,不锁定
+ return false;
+ }
+ else
+ {
+ // 如果输错密码大于5次,但是距离上次输错时间还在15分钟内,锁定
+ return true;
+ }
+
+ }
+
+ private void updateWCountAndWDateByUser(int wrongcount,DateTime dt)
+ {
+
+ OracleConnection conn = OledbHelper.sqlConnection();
+ conn.Open();
+ OracleCommand cmd = new OracleCommand();
+ cmd.Connection = conn;
+ cmd.CommandText = "update casic_userinfotest set WRONGCOUNT=" + wrongcount + " , WRONGDATE = to_date('" + dt + "', 'yyyy-MM-dd hh24:mi:ss') where USERNAME='" + txtUser.Text.Trim() + "' and sysname = 'EMS'";
+ cmd.CommandType = CommandType.Text;
+ cmd.ExecuteNonQuery();
+ conn.Close();
+
+ }
+ ///
+ /// 登录按钮事件处理
+ ///
+ ///
+ ///
///
/// 登录按钮事件处理
///
@@ -30,8 +108,9 @@
///
private void button1_Click(object sender, EventArgs e)
{
+
bool result = ValidateUser();
-// bool result =ValidateFromUrl();//从平台获取用户角色信息,判断是否能登陆成功
+ // bool result =ValidateFromUrl();//从平台获取用户角色信息,判断是否能登陆成功
if (result)
{
WriteXml();
@@ -41,7 +120,7 @@
}
else
{
- MessageBox.Show("用户名、密码不正确,请重新输入!", "提示");
+ MessageBox.Show(Message, "提示");
txtUser.Clear();
textBoxPassWord.Clear();
}
@@ -52,6 +131,21 @@
///
private bool ValidateUser()
{
+ // 查找是否由此用户
+ DataTable dt1 = OledbHelper.ExecuteDataTable("select * from casic_userinfotest where USERNAME=:username and sysname='EMS'", new OracleParameter(":username", txtUser.Text.Trim()));
+ if (dt1 == null || dt1.Rows.Count <= 0)
+ {
+ Message = "无此用户名,请注册";
+ return false;
+ }
+
+ // 判断用户是否处于被锁定状态
+ bool islocked = valLocked();
+ if (islocked == true) {
+ Message = "登陆错误过多,请等待15分钟后再尝试";
+ return false;
+ }
+ // 验证用户账户和密码
string passWord = SM4Utils.SM4EncryptStr(textBoxPassWord.Text.Trim());
string sql = "select * from casic_userinfotest where USERNAME=:username and PASSWORD=:password and sysname='EMS'";
@@ -59,7 +153,22 @@
OracleParameter passwordParam = new OracleParameter(":password", passWord);
DataTable dt = OledbHelper.ExecuteDataTable(sql, usernameParam, passwordParam);
- if (dt == null || dt.Rows.Count <= 0) return false;
+ if (dt == null || dt.Rows.Count <= 0) {
+ Message = "用户名、密码不正确,请重新输入!";
+ lockStruct ls = getWCountAndWDateByUser();
+ if (SubTime(ls.wrongDate) > lockedTime)
+ {
+ updateWCountAndWDateByUser(1, DateTime.Now);
+ }
+ else {
+ updateWCountAndWDateByUser(ls.wrongCount+1, DateTime.Now);
+ }
+
+ return false;
+ }
+
+
+ // 验证用户角色
if (String.IsNullOrEmpty(dt.Rows[0]["rid"].ToString())) return true;
sql = "select gid from casic_userroletest where id=" + dt.Rows[0]["rid"] + " and sysname='EMS' ";
using (OracleDataReader reader = OracleUtils.ExecuteReader(OracleUtils.ConnectionString, CommandType.Text, sql))
@@ -70,6 +179,8 @@
break;
}
}
+ // 成功登陆后,累计输错密码的次数清0
+ updateWCountAndWDateByUser(0, DateTime.Now);
return true;
}