|
|
|
|
@ -92,7 +92,8 @@ public class LoginServiceImpl implements LoginService { |
|
|
|
|
//查询该用户是否正确
|
|
|
|
|
SysUser user = sysUserMapper.selectIsUser(map); |
|
|
|
|
if (user == null || "".equals(user)) { |
|
|
|
|
if (!loginname.equals("admin")) { |
|
|
|
|
//原本只有非超管账号会锁定。但是有渗透漏洞报不同的提示会有用户名猜解漏洞,故将此处注释
|
|
|
|
|
// if (!loginname.equals("admin")) {
|
|
|
|
|
String value = RedisUtil.getValue(loginname + "_errorNum"); |
|
|
|
|
int num = 1; |
|
|
|
|
if (StringUtils.isNotBlank(value)) { |
|
|
|
|
@ -113,11 +114,11 @@ public class LoginServiceImpl implements LoginService { |
|
|
|
|
return ServerResponse.createByErrorMessage("帐户已锁定,请稍后再试"); |
|
|
|
|
} |
|
|
|
|
httpSession.removeAttribute("validateCode"); |
|
|
|
|
return ServerResponse.createByErrorMessage("密码错误,还可尝试" + (loginErrorNum - num) + "次,失败后将锁定10分钟"); |
|
|
|
|
} else { |
|
|
|
|
return ServerResponse.createByErrorMessage("用户名或密码不正确!,还可尝试" + (loginErrorNum - num) + "次,失败后将锁定10分钟"); |
|
|
|
|
/*} else { |
|
|
|
|
httpSession.removeAttribute("validateCode"); |
|
|
|
|
return ServerResponse.createByErrorMessage("用户名或密码不正确!"); |
|
|
|
|
} |
|
|
|
|
}*/ |
|
|
|
|
} |
|
|
|
|
if (user.getLogstate().equals("0")) { |
|
|
|
|
httpSession.removeAttribute("validateCode"); |
|
|
|
|
|
zc
6 months ago