in MySql.Web/src/MembershipProvider.cs [1499:1600]
private void UpdateFailureCount(int userId, string failureType, MySqlConnection connection)
{
MySqlCommand cmd = new MySqlCommand(
@"SELECT FailedPasswordAttemptCount,
FailedPasswordAttemptWindowStart, FailedPasswordAnswerAttemptCount,
FailedPasswordAnswerAttemptWindowStart FROM my_aspnet_membership
WHERE userId=@userId", connection);
cmd.Parameters.AddWithValue("@userId", userId);
DateTime windowStart = new DateTime();
int failureCount = 0;
try
{
using (MySqlDataReader reader = cmd.ExecuteReader(CommandBehavior.SingleRow))
{
if (!reader.HasRows)
throw new ProviderException(Properties.Resources.UnableToUpdateFailureCount);
reader.Read();
if (failureType == "Password")
{
failureCount = reader.GetInt32(0);
windowStart = reader.GetDateTime(1);
}
if (failureType == "PasswordAnswer")
{
failureCount = reader.GetInt32(2);
windowStart = reader.GetDateTime(3);
}
}
DateTime windowEnd = windowStart.AddMinutes(PasswordAttemptWindow);
if (failureCount == 0 || DateTime.Now > windowEnd)
{
if (failureType == "Password")
{
cmd.CommandText =
@"UPDATE my_aspnet_membership
SET FailedPasswordAttemptCount = @count,
FailedPasswordAttemptWindowStart = @windowStart
WHERE userId=@userId";
}
if (failureType == "PasswordAnswer")
{
cmd.CommandText =
@"UPDATE my_aspnet_membership
SET FailedPasswordAnswerAttemptCount = @count,
FailedPasswordAnswerAttemptWindowStart = @windowStart
WHERE userId = @userId";
}
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("@count", 1);
cmd.Parameters.AddWithValue("@windowStart", DateTime.Now);
cmd.Parameters.AddWithValue("@userId", userId);
if (cmd.ExecuteNonQuery() < 0)
throw new ProviderException(Properties.Resources.UnableToUpdateFailureCount);
}
else
{
failureCount += 1;
if (failureCount >= MaxInvalidPasswordAttempts)
{
cmd.CommandText =
@"UPDATE my_aspnet_membership SET IsLockedOut = @isLockedOut,
LastLockedOutDate = @lastLockedOutDate WHERE userId=@userId";
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("@isLockedOut", true);
cmd.Parameters.AddWithValue("@lastLockedOutDate", DateTime.Now);
cmd.Parameters.AddWithValue("@userId", userId);
if (cmd.ExecuteNonQuery() < 0)
throw new ProviderException(Properties.Resources.UnableToLockOutUser);
}
else
{
if (failureType == "Password")
{
cmd.CommandText =
@"UPDATE my_aspnet_membership
SET FailedPasswordAttemptCount = @count WHERE userId=@userId";
}
if (failureType == "PasswordAnswer")
{
cmd.CommandText =
@"UPDATE my_aspnet_membership
SET FailedPasswordAnswerAttemptCount = @count
WHERE userId=@userId";
}
cmd.Parameters.Clear();
cmd.Parameters.AddWithValue("@count", failureCount);
cmd.Parameters.AddWithValue("@userId", userId);
if (cmd.ExecuteNonQuery() < 0)
throw new ProviderException("Unable to update failure count.");
}
}
}
catch (MySqlException e)
{
if (WriteExceptionsToEventLog)
WriteToEventLog(e, "UpdateFailureCount");
throw new ProviderException(exceptionMessage, e);
}
}