[每当有人尝试输入错误密码三次但未执行时,我使用此逻辑来刷新此消息(“您已超出最大尝试次数”),我知道计数器变量在每次执行后都会重新分配为0。我该如何预防?
@app.route("/signin",methods=["POST","GET"])
def signin():
counter=0
if request.method=="POST":
email=request.form.get("email")
password=request.form.get("password")
user=User.query.filter_by(email=email).first()
if not user:
flash('User not found')
return redirect(url_for('signin'))
if not pbkdf2_sha256.verify(password,user.hash):
flash('Incorrect password')
return redirect(url_for('signin'))
counter+=1
if counter==3:
flash('You have exceeded maximum no of tries')
return redirect(url_for('signin'))
login_user(user)
return redirect(url_for('index'))
return render_template("signin.html")
counter作为会话变量。像这样的东西:@app.route("/signin",methods=["POST","GET"])
def signin():
if 'counter' not in session:
session['counter'] = 0
if request.method=="POST":
email=request.form.get("email")
# Code skipped
if not pbkdf2_sha256.verify(password,user.hash):
flash('Incorrect password')
return redirect(url_for('signin'))
session['counter'] = session.get('counter') + 1
if session.get('counter')==3:
flash('You have exceeded maximum no of tries')
session.pop('counter', None)
return redirect(url_for('signin'))