public class LoginModel
{
[Required]
public string Username { get; set; }
private string password;
[Required]
public string Password
{
get { return password; }
set { password = Hash(value); }
}
public string ReturnUrl { get; set; }
public LoginModel RemovePassword()
{
Password = null;
return this;
}
}
public ActionResult Login() { return View(); }
[HttpPost]
public ActionResult Login(Models.LoginModel model)
{
if (ModelState.IsValid)
{
if (CurrentUser.Login(model.Username, model.Password)
{
return RedirectToAction("Index", "Home"); }
}
}
return View(model.RemovePassword());
}
@using (Html.BeginForm())
{
<div class="modal-header">
<h3 class="modal-title">User Login</h3>
</div>
<div class="modal-body">
<div class="@usernameFormGroup">
<label for="textboxUsername" class="ie">Username</label>
@Html.TextBoxFor(o => o.Username, new { @class = "form-control", @id = "textboxUsername", @placeholder = "Username", autocomplete = "off" })
</div>
<div class="@passwordFormGroup">
<label for="textboxPassword" class="ie">Password</label>
@Html.PasswordFor(o => o.Password, new { @class = "form-control", @id = "textboxPassword", @placeholder = "Password", autocomplete = "off" })
</div>
</div>
<div class="modal-footer">
<button id="buttonForgotPassword" type="button" class="btn btn-link">Forgot Password?</button>
<button id="buttonLogin" type="submit" class="btn btn-default"><span class="glyphicon glyphicon-log-in"></span> Login</button>
</div>
}
因此,本质上,当遇到登录失败时,它会像大多数网站一样删除密码框。我还为故障设置了 IP 锁定。
登录失败后,如果我刷新页面,它会发回并且空密码框仍然通过所需的验证 - 即使它是空的,并为用户添加另一个登录失败。有没有更好的方法来基本上重置密码框,使其设置为无效?
刷新页面会重复上一篇吗?如果是这样,可能没有办法避免这种情况发生。