[英]Trying to display login attempts and user lockout message after failed attempts
我正在使用FTP站點的登錄頁面。 它在Tomcat 8服務器上運行,並配置為在3次失敗的嘗試后15分鍾內鎖定用戶。 用戶被鎖定后,我想在登錄頁面上顯示一條消息。 問題是當登錄失敗時,頁面刷新(重定向回登錄頁面),這將清除所有內容。
我確實設法獲得了登錄嘗試剩余的錯誤消息,但是,它無法100%正常工作,因為我只是將其保存到Cookie中,並且根本沒有連接到用戶帳戶。 無論如何,是否有獲取用戶名(誰已登錄)及其登錄嘗試和/或是否被鎖定的信息?
所以我想顯示兩件事:
登錄頁面:
<%@page import="org.apache.catalina.User"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="<%=request.getContextPath()%>/css/master.css">
<script type="text/javascript" src="<%=request.getContextPath()%>/javascript/javascript.js"></script>
</head>
<body bgcolor="#ffffff">
<div class="container" role="main">
<form method="POST" action="j_security_check">
<table border="0" align="center">
<tr>
<td>Login</td>
<td><input id="user" type="text" name="j_username" autocomplete="off"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="j_password" autocomplete="off"></td>
</tr>
</table>
<%
User user = (User) request.getSession().getAttribute("user");
System.out.println("User: " + user);
if (request.getParameter("error") != null) {
System.out.println("Error: " + request.getParameter("error"));
%>
<div id="errorLogin">Invalid username or password</div>
<br/>
<div><span id="loginAttempt"><script>loginAttempts("<%=user%>");</script></span></div>
<%
}
%>
<input type="submit" value="Login">
</form>
</div>
<% response.setHeader("Cache-Control", "no-cache"); // HTTP 1.1
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache"); // HTTP 1.0
response.setHeader("Expires", "0"); // Prevents cache at proxy server
%>
</body>
</html>
javascipt.js
var loginattempts = null;
var temp;
function loginAttempts(user) {
//var user = document.getElementById('user').value;
var div = document.getElementById('loginAttempt');
var msg = "Warning: Login attempts remaining: ";
loginattempts = getCookie("login");
if (loginattempts === "" || loginattempts === null) {
createCookie("login", 3, 5);
temp = getCookie("login");
div.textContent = msg + temp.toString();
} else if (loginattempts === "0" || loginattempts === 0) {
div.textContent = user + " has been locked out";
} else {
temp = getCookie("login") - 1 ;
div.textContent = msg + temp.toString();
}
debugger;
}
function getCookie(cname) {
var name = cname + "=";
var decodedCookie = decodeURIComponent(document.cookie);
var ca = decodedCookie.split(';');
for(var i = 0; i <ca.length; i++) {
var c = ca[i];
while (c.charAt(0) === ' ') {
c = c.substring(1);
}
if (c.indexOf(name) === 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
function createCookie(cname, cvalue, exdays) {
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var expires = "expires=" + d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
server.xml鎖定:
<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" cacheSize="1000" cacheRemovalWarningTime="3600">
我自己解決了這個問題,我使用Cookie來存儲信息。
Meteor,跟蹤用戶登錄失敗的嘗試,並禁止他們在x次嘗試后登錄
[英]Meteor, Keep track of user's failed login attempts and forbid them to login after x attempts
超過不成功的登錄嘗試后如何禁用 Cognito 用戶
[英]How to disable Cognito user after exceeding the unsuccessful login attempts
檢查PHP表單是否有效以便在3次嘗試后鎖定用戶
[英]Checking if a PHP form is valid for the purpose of locking out a user after 3 attempts
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.