为了防止暴力破解 ,通常使用验证码,现在加入一种新的防暴力破解方法,限制验证登陆错误次数,并封锁IP
代码如下
代码如下
/// <summary>
/// Login 的摘要说明。
/// </summary>
public class Login : System.Web.UI.Page
{
protected System.Web.UI.WebControls.RequiredFieldValidator rfvUsername;
protected System.Web.UI.WebControls.RequiredFieldValidator rfvPassword;
protected System.Web.UI.WebControls.Label lblErrorMessage;
protected System.Web.UI.WebControls.TextBox txtUserName;
protected System.Web.UI.WebControls.TextBox txtPassWord;
protected System.Web.UI.WebControls.TextBox txtYanzheng;
protected System.Web.UI.WebControls.RequiredFieldValidator Requiredfieldvalidator1;
protected System.Web.UI.WebControls.ImageButton btnLogin;
protected System.Web.UI.WebControls.Image Image1;
string strIp="";
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
if(!Page.IsPostBack)
{
Session["CheckCode"] = "";
}
}
Web 窗体设计器生成的代码
private void ImageButton2_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
WebJTJ.Components.IPLock ip=new WebJTJ.Components.IPLock();
bool IPLocked=ip.IPLockCheck(GetIP());
if(IPLocked)
{
lblErrorMessage.Text="您的ip地址已经被锁定,请联系管理员!" ;
}
else
{
if(Convert.ToInt16(Session["LoginTimes"])<1)
{
if(txtYanzheng.Text.Trim()==Session["CheckCode"].ToString())
{
string UserID ="";
WebJTJ.Components.Staff staff=new WebJTJ.Components.Staff();
string CheckString = staff.Login(txtUserName.Text, txtPassWord.Text);
if(CheckString!=null)
{
string LoginChecked;
if(CheckString.IndexOf("-")>=0)
{
UserID=CheckString.Substring(0,CheckString.IndexOf("-"));
LoginChecked = CheckString.Substring(CheckString.IndexOf("-")+1);
if(LoginChecked=="True")
{
Session["UserName"]=txtUserName.Text;
Session["UserID"]=UserID;
Session["WebManager"]=LoginChecked;
Response.Redirect("Admin_Main.aspx");
}
}
}
else
{
Session["LoginTimes"]=Convert.ToInt16(Session["LoginTimes"])+1;
lblErrorMessage.Text="您输入的用户名或密码错误,请重新输入!";
}
}
else
{
lblErrorMessage.Text="您输入的验证码错误!请重新输入!";
}
}
else
{
if(Request.ServerVariables["HTTP_VIA"]!=null)
{
strIp=Request.ServerVariables["HTTP_X_FORWARDED_FOR"].ToString();
}
else
{
strIp=Request.ServerVariables["REMOTE_ADDR"].ToString();
}
if(strIp.Length>0)
{
WebJTJ.Components.Staff IPLock=new WebJTJ.Components.Staff();
IPLock.IPLock(strIp);
}
lblErrorMessage.Text="对不起,您的密码输入次数已经收到限制,您的IP地址已经被记录封锁,请联系管理员给您解除锁定!";
}
}
}
public string GetIP()
{
if(Request.ServerVariables["HTTP_VIA"]!=null)
{
strIp=Request.ServerVariables["HTTP_X_FORWARDED_FOR"].ToString();
}
else
{
strIp=Request.ServerVariables["REMOTE_ADDR"].ToString();
}
return strIp ;
}
}
}
/// Login 的摘要说明。
/// </summary>
public class Login : System.Web.UI.Page
{
protected System.Web.UI.WebControls.RequiredFieldValidator rfvUsername;
protected System.Web.UI.WebControls.RequiredFieldValidator rfvPassword;
protected System.Web.UI.WebControls.Label lblErrorMessage;
protected System.Web.UI.WebControls.TextBox txtUserName;
protected System.Web.UI.WebControls.TextBox txtPassWord;
protected System.Web.UI.WebControls.TextBox txtYanzheng;
protected System.Web.UI.WebControls.RequiredFieldValidator Requiredfieldvalidator1;
protected System.Web.UI.WebControls.ImageButton btnLogin;
protected System.Web.UI.WebControls.Image Image1;
string strIp="";
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
if(!Page.IsPostBack)
{
Session["CheckCode"] = "";
}
}
Web 窗体设计器生成的代码
private void ImageButton2_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
WebJTJ.Components.IPLock ip=new WebJTJ.Components.IPLock();
bool IPLocked=ip.IPLockCheck(GetIP());
if(IPLocked)
{
lblErrorMessage.Text="您的ip地址已经被锁定,请联系管理员!" ;
}
else
{
if(Convert.ToInt16(Session["LoginTimes"])<1)
{
if(txtYanzheng.Text.Trim()==Session["CheckCode"].ToString())
{
string UserID ="";
WebJTJ.Components.Staff staff=new WebJTJ.Components.Staff();
string CheckString = staff.Login(txtUserName.Text, txtPassWord.Text);
if(CheckString!=null)
{
string LoginChecked;
if(CheckString.IndexOf("-")>=0)
{
UserID=CheckString.Substring(0,CheckString.IndexOf("-"));
LoginChecked = CheckString.Substring(CheckString.IndexOf("-")+1);
if(LoginChecked=="True")
{
Session["UserName"]=txtUserName.Text;
Session["UserID"]=UserID;
Session["WebManager"]=LoginChecked;
Response.Redirect("Admin_Main.aspx");
}
}
}
else
{
Session["LoginTimes"]=Convert.ToInt16(Session["LoginTimes"])+1;
lblErrorMessage.Text="您输入的用户名或密码错误,请重新输入!";
}
}
else
{
lblErrorMessage.Text="您输入的验证码错误!请重新输入!";
}
}
else
{
if(Request.ServerVariables["HTTP_VIA"]!=null)
{
strIp=Request.ServerVariables["HTTP_X_FORWARDED_FOR"].ToString();
}
else
{
strIp=Request.ServerVariables["REMOTE_ADDR"].ToString();
}
if(strIp.Length>0)
{
WebJTJ.Components.Staff IPLock=new WebJTJ.Components.Staff();
IPLock.IPLock(strIp);
}
lblErrorMessage.Text="对不起,您的密码输入次数已经收到限制,您的IP地址已经被记录封锁,请联系管理员给您解除锁定!";
}
}
}
public string GetIP()
{
if(Request.ServerVariables["HTTP_VIA"]!=null)
{
strIp=Request.ServerVariables["HTTP_X_FORWARDED_FOR"].ToString();
}
else
{
strIp=Request.ServerVariables["REMOTE_ADDR"].ToString();
}
return strIp ;
}
}
}