在VB.net中尝试登录失败后的系统锁定

我将此代码用于我的登录表单：

Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
    Dim ErrorCount As Integer = 0

    If (ErrorCount = 3) Then
        MessageBox.Show(" The System has been Lock ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
        Form3.Show()
    Else

        Dim con As OleDbConnection = New OleDbConnection( _
                   "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= UserPass.mdb;")
        con.Open()
        Dim str As String
        str = "SELECT * FROM UserPass WHERE Username='" & txtUsername.Text & "' AND Password='" & txtPassword.Text & "'"
        Dim cmd As OleDbCommand = New OleDbCommand(str, con)
        cmd.Parameters.AddWithValue("user", txtUsername.Text)
        cmd.Parameters.AddWithValue("pass", txtPassword.Text)
        Dim sdr As OleDbDataReader = cmd.ExecuteReader()
        ' It will be case sensitive if you compare usernames here.   
        If sdr.HasRows Then
            If sdr.Read Then
                If txtPassword.Text <> sdr("Password").ToString Or txtUsername.Text <> sdr("Username").ToString Then
                    MessageBox.Show(" Incorrect Username/Password. Login Denied ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
                    ErrorCount = ErrorCount + 1
                Else
                    MessageBox.Show(" You are now Logged In! ", " Welcome! ", MessageBoxButtons.OK, MessageBoxIcon.Asterisk)
                    frmOne.Show()
                    Me.Hide()
                End If
            End If
        Else
            MessageBox.Show(" Incorrect Username/Password. Login Denied ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
        End If


        sdr.Close()
        con.Close()
    End If

我想做的是，当用户3次登录系统失败时，系统将显示另一个表单，表明系统已锁定，用户需要输入系统密码才能再次尝试登录。请帮忙

---

im使用ms access作为用户名和密码的数据库

您可以尝试以下方法：

Dim ErrorCount As Int = 0

If (ErrorCount =3) Then
     MessageBox.Show(" The System has been Lock ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)

'Do stuff 
'Add Your Code to show new Form something like
 Me.Hide()
 Form3.Show()


Else 

Dim con As OleDbConnection = New OleDbConnection( _
           "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= UserPass.mdb;")


con.Open()
Dim str As String
str = "SELECT * FROM UserPass WHERE Username='" & txtUsername.Text & "' AND Password='" & txtPassword.Text & "'"
Dim cmd As OleDbCommand = New OleDbCommand(str, con)
cmd.Parameters.AddWithValue("user", txtUsername.Text)
cmd.Parameters.AddWithValue("pass", txtPassword.Text)
Dim sdr As OleDbDataReader = cmd.ExecuteReader()
' It will be case sensitive if you compare usernames here.   
If sdr.HasRows Then
    If sdr.Read Then
        If txtPassword.Text <> sdr("Password").ToString Or txtUsername.Text <> sdr("Username").ToString Then
            MessageBox.Show(" Incorrect Username/Password. Login Denied ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)

             ErrorCount = ErrorCount + 1 

        Else
            MessageBox.Show(" You are now Logged In! ", " Welcome! ", MessageBoxButtons.OK, MessageBoxIcon.Asterisk)
            frmOne.Show()
            Me.Hide()
        End If
    End If
Else
    MessageBox.Show(" Incorrect Username/Password. Login Denied ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
End If

    sdr.Close()
    con.Close()

End If

---

最诚挚的问候

我不能完全肯定我是否理解这个问题。但这一部分让我觉得，在您的程序登录尝试失败三次后，您正试图锁定计算机的整个桌面：

我想做的是，当用户3次登录系统失败时，系统将显示另一个表单，表明系统已锁定，用户需要输入系统密码才能再次尝试登录

我不确定那是个好主意。仅仅将用户锁定在您的程序之外，而不是锁定整个计算机，这难道还不够吗？这样想吧：没有理由对地方违规行为进行全球惩罚

但是，不管我是否认为这是个好主意，它完全可以从VB.NET中实现。您只需在计数器指示发生了三次失败的登录尝试后调用该函数。此函数是作为Win32 API的一部分提供的，因此要直接从.NET应用程序调用它，需要使用P/Invoke。此函数具有相对简单的签名，因此其定义也不难理解：

<DllImport("user32.dll", SetLastError=True)> _
Public Shared Function LockWorkStation() As Boolean
End Function

这是一个具有方法级别作用域的正则变量。这意味着它被重新初始化为0，就像每次方法运行时都要求它为0一样，并且不保留其值

如果要声明具有方法级作用域且保留其值的变量，则需要使用声明变量，如下所示：

Static ErrorCount As Integer = 0

测试这些东西并找出错误的一个好方法是在btnLogin_Check方法内设置一个断点，并查看变量的确切值！如果您这样做了，您会注意到每次执行通过第一行后，ErrorCount都设置为0。这将是你对问题所在的直接线索。然后，您只需找出如何使值保持不变。现在您知道了，您可以使用Static关键字或向上移动一个范围，比如使它成为表单类的一个成员，以便它与该类的对象一样存在

Imports System.Data.OleDb

公开课表格1 作为整数的私有尝试=3

Private Sub cmdLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdLogin.Click
    Dim cn As New OleDbConnection("Provider=Microsoft.Ace.Oledb.12.0; Data Source=" & My.Application.Info.DirectoryPath.ToString() & "\BackUp\testing.Accdb;")
    cn.Open()
    If txtpassword.Text = "" Then
        MsgBox("Please Enter Your Password !!!", MsgBoxStyle.Critical, "Attention...")
        Exit Sub
    End If

    Dim dr1 As OleDbDataReader
    Dim com1 As New OleDbCommand

    com1.CommandText = "select [UserID],[Pass] from userinfo where userid = '" & txtUserID.Text & "'"
    com1.Connection = cn
    If cn.State = ConnectionState.Closed Then cn.Open()
    dr1 = com1.ExecuteReader
    If dr1.Read Then
        If UCase(dr1("Pass")) = UCase(txtpassword.Text) Then
            MessageBox.Show("Welecome")
            Me.Close()
        Else
            MessageBox.Show("Wrong Password  [" & attempt - 1 & "]  Attempt(s) Remaing")
            attempt -= 1
            txtpassword.Focus()
            If attempt = 0 Then
                End
            End If
        End If
        Exit Sub

    Else
        MessageBox.Show("Wrong UserID  [" & attempt - 1 & "]  Attempt(s) Remaing")
        attempt -= 1
        txtpassword.Focus()
        If attempt = 0 Then
            End
        End If
    End If
    cn.Close()
End Sub

Private Sub cmdCancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdCancel.Click
    End
End Sub

Private Sub Form1_FormClosing(ByVal sender As Object, ByVal e As System.Windows.Forms.FormClosingEventArgs) Handles Me.FormClosing
    Me.Dispose()
End Sub

---

期末考试

其他两个答案的组合。您需要将声明更改为static，以便它保持状态。Dim ErrorCount As Integer=0到静态ErrorCount As Integer

您还需要在用户输入无效用户名的代码路径中添加减量

MessageBox.Show(" Incorrect Username/Password. Login Denied ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
ErrorCount = ErrorCount + 1 'add this here

然后移动if，使其位于SQL之后，因此将其移动到con之后

另外，您似乎对参数化查询有些困惑。如果您使用的是参数化查询，那么您不需要连接SQL，而SQL应该是

    str = "SELECT * FROM UserPass WHERE Username=@user AND Password=@pass"

在正常情况下，内部if也不应为真

If txtPassword.Text <> sdr("Password").ToString Or txtUsername.Text <> sdr("Username").ToString Then 
     ' this code path is only evaluated if the database ignores the where clause or 
     ' the user changes the username or password textboxs whilst the database connection is proccessing and is therfore unnessacary 
     MessageBox.Show(" Incorrect Username/Password. Login Denied ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
     ErrorCount = ErrorCount + 1
Else
     MessageBox.Show(" You are now Logged In! ", " Welcome! ", MessageBoxButtons.OK, MessageBoxIcon.Asterisk)
     frmOne.Show()
     Me.Hide()
End If

---

最后，不要将密码存储为明文。用一个带盐的哈希值。

你试过什么吗？我试过这个：Dim errorcount As Integer=3，然后在检查用户名和密码的if语句中添加了这个：errorcount=errorcount-1，然后创建了一个if语句：if errorcount=0，然后是form3。show end if但什么都没有发生我还将counter++更改为counter=计数器+1，因为计数器++是一个错误，仍然不显示窗体。它也不会显示表示系统已锁定的消息框系统将只被锁定。我在VisualStudio中运行这个程序，我不打算只在系统中锁定整个桌面。当系统被锁定时，它只会显示一个表单，该表单有一个文本框，要求用户输入正确的密码，系统将被解锁。这不会在最后一次尝试时关闭连接

If (ErrorCount = 3) Then
    MessageBox.Show(" The System has been Lock ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
    Form3.Show()
Else

    str = "SELECT * FROM UserPass WHERE Username=@user AND Password=@pass"

If txtPassword.Text <> sdr("Password").ToString Or txtUsername.Text <> sdr("Username").ToString Then 
     ' this code path is only evaluated if the database ignores the where clause or 
     ' the user changes the username or password textboxs whilst the database connection is proccessing and is therfore unnessacary 
     MessageBox.Show(" Incorrect Username/Password. Login Denied ", " Error! ", MessageBoxButtons.OK, MessageBoxIcon.Error)
     ErrorCount = ErrorCount + 1
Else
     MessageBox.Show(" You are now Logged In! ", " Welcome! ", MessageBoxButtons.OK, MessageBoxIcon.Asterisk)
     frmOne.Show()
     Me.Hide()
End If