From 43a9b0c626b95dceb565f31cf659b26362db74b9 Mon Sep 17 00:00:00 2001
From: zc <foreverxccc@gmail.com>
Date: Tue, 29 Apr 2025 11:14:21 +0800
Subject: [PATCH] =?UTF-8?q?=E5=8E=9F=E6=9C=AC=E5=8F=AA=E6=9C=89=E9=9D=9E?=
 =?UTF-8?q?=E8=B6=85=E7=AE=A1=E8=B4=A6=E5=8F=B7=E4=BC=9A=E9=94=81=E5=AE=9A?=
 =?UTF-8?q?=E3=80=82=E4=BD=86=E6=98=AF=E6=9C=89=E6=B8=97=E9=80=8F=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E=E6=8A=A5=E4=B8=8D=E5=90=8C=E7=9A=84=E6=8F=90=E7=A4=BA?=
 =?UTF-8?q?=E4=BC=9A=E6=9C=89=E7=94=A8=E6=88=B7=E5=90=8D=E7=8C=9C=E8=A7=A3?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E=EF=BC=8C=E5=B7=B2=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/cjy/back/login/service/LoginServiceImpl.java     | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java b/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java
index 62106a0..364544c 100644
--- a/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java
+++ b/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java
@@ -92,7 +92,8 @@ public class LoginServiceImpl implements LoginService {
             //查询该用户是否正确
             SysUser user = sysUserMapper.selectIsUser(map);
             if (user == null || "".equals(user)) {
-                if (!loginname.equals("admin")) {
+                //原本只有非超管账号会锁定。但是有渗透漏洞报不同的提示会有用户名猜解漏洞，故将此处注释
+//                if (!loginname.equals("admin")) {
                     String value = RedisUtil.getValue(loginname + "_errorNum");
                     int num = 1;
                     if (StringUtils.isNotBlank(value)) {
@@ -113,11 +114,11 @@ public class LoginServiceImpl implements LoginService {
                         return ServerResponse.createByErrorMessage("帐户已锁定，请稍后再试");
                     }
                     httpSession.removeAttribute("validateCode");
-                    return ServerResponse.createByErrorMessage("密码错误，还可尝试" + (loginErrorNum - num) + "次，失败后将锁定10分钟");
-                } else {
+                    return ServerResponse.createByErrorMessage("用户名或密码不正确!，还可尝试" + (loginErrorNum - num) + "次，失败后将锁定10分钟");
+                /*} else {
                     httpSession.removeAttribute("validateCode");
                     return ServerResponse.createByErrorMessage("用户名或密码不正确!");
-                }
+                }*/
             }
             if (user.getLogstate().equals("0")) {
                 httpSession.removeAttribute("validateCode");