lock account after 3 unsuccessful attempt [Resolved]

Posted by Rickeybglr under ASP.NET on 7/17/2012 | Points: 10 | Views : 9137 | Status : [Member] | Replies : 12
Hi,

i am validating the login information from database. i have written the SP for tht. but i want to lock the account for particular time period says(30 min) after giving 3 wrong password. how can i achieve ths.
below is my SP.
CREATEPROCEDURE [dbo].[USP_UserLogin]

@UserName varchar(50),
@Password VARCHAR (80)

AS
BEGIN
BEGIN TRY
DECLARE @name VARCHAR(50)
DECLARE @Pswd VARCHAR(80)
IF EXISTS(SELECT userID from UserInfoTB
WHERE username=@name AND userPswd=@Pswd COLLATE SQL_Latin1_General_CP1_CS_AS)
BEGIN
SELECT '0|Login successfully' AS result
END
ELSE
BEGIN
SELECT '1|Login Fail' AS result
SET @Count=@Count+1
SELECT @Count
END
END TRY
BEGIN CATCH
SELECT '3|Table not found' As result
END CATCH
END




Responses

Posted by: Dotnetrajanikanth on: 7/17/2012 [Member] Starter | Points: 50

Up
0
Down

Resolved
I cannot give you the code but i can explain the concept.

Create a column for wrong attempt.

Create a table for Block_User.

If wrongattempt > 3 add new row to the Block_User table.
The row should contain the user id and LockedTime.

while adding row set Locked Time as currenttime +30,

then you can check with the second table and allow the user. if the current time greater than the lockedTime allow the user to login else do not.

____________
www.flickr.com/photos/psdesigner/

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: GSM_GSV on: 7/17/2012 [Member] Starter | Points: 25

Up
0
Down
I suggest you to use membership. The account will be locked automatically. But you need to write code for unlocking after particular interval of time.

---------------------------------------
Live the life you've dreamed

Regards
MADHU

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 7/17/2012 [Member] Starter | Points: 25

Up
0
Down
@GSM .. actualy i knw ths but i wanna do tht by coding. anywzz thnks dear
@rajnikanth ..thnks i got the idea ll do tht and update ths post asap

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Dotnetrajanikanth on: 7/17/2012 [Member] Starter | Points: 25

Up
0
Down
Rickeybglr,

If you are facing any problem regarding this please feel free to update this post. Let me know if it is successful.

____________
www.flickr.com/photos/psdesigner/

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 7/17/2012 [Member] Starter | Points: 25

Up
0
Down
Rajnikanth,
i have followed ur stepss and added some of my logic also.. now i have achieved wat i want to do..
thnks to all.. and specally to rajnikanth..

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Patel28rajendra on: 7/18/2012 [Member] Starter | Points: 25

Up
0
Down
Hi

can you please post your code ?

Regards

R D Patel

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 7/18/2012 [Member] Starter | Points: 25

Up
0
Down
hI,

I am able to block the user.. but not able to activate the users automatically after some time period says (30 min.) can u pls suggest hw can i achieve ths.
i am posting my SP here
ALTER PROCEDURE [dbo].[USP_UserLogin]
(
@UserName varchar(50),
@Password VARCHAR (80)
)
AS
BEGIN
BEGIN TRY
IF EXISTS(SELECT userID from userRegistrationTB
WHERE username=@UserName AND password=@Password COLLATE SQL_Latin1_General_CP1_CS_AS AND isActive=1)
BEGIN
SELECT '0|Login successfully' AS result
END
ELSE
BEGIN
SELECT '1|Login Fail' AS result
exec USP_BlockUser @username,@password
END
END TRY
BEGIN CATCH
SELECT '3|Table not found' As result
END CATCH
END

-----to block the user-----
CREATE PROCEDURE [dbo].[USP_BlockUser]
(
@uname nvarchar (30),
@pswd nvarchar(30)
)
AS
BEGIN
DECLARE @ID int=0
Declare @tempAttempt int=0
SELECT @tempAttempt= wrongAttempt from userLogin where username=@uname
if(@tempAttempt=0)
BEGIN
update userLogin set wrongAttempt=1 WHERE username=@uname
END
ELSE IF (@tempAttempt=1)
BEGIN
update userLogin set wrongAttempt=2 WHERE username=@uname
END
ELSE IF(@tempAttempt=2)
BEGIN
update userLogin set wrongAttempt=3 WHERE username=@uname
END
ELSE
BEGIN
UPDATE userRegistrationTB SET isActive=0 WHERE username=@uname
END
SET NOCOUNT ON;
END

after wrongAttempt counts gets equal to 3 it will set isactive flag if table to 0

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Dotnetrajanikanth on: 7/18/2012 [Member] Starter | Points: 25

Up
0
Down
Rickeybglr,

Nice code

____________
www.flickr.com/photos/psdesigner/

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 7/18/2012 [Member] Starter | Points: 25

Up
0
Down
thanks dear..
do u have any idea hw to activate users aftr particulat time period

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Dotnetrajanikanth on: 7/18/2012 [Member] Starter | Points: 25

Up
0
Down
Rickeybglr,

Pls give me more details.

____________
www.flickr.com/photos/psdesigner/

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Dotnetrajanikanth on: 7/18/2012 [Member] Starter | Points: 25

Up
0
Down
Rickeybglr,

Better post it as a different post. We can discuss it there.

____________
www.flickr.com/photos/psdesigner/

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 7/18/2012 [Member] Starter | Points: 25

Up
0
Down
i have posted a new post..

http://www.dotnetfunda.com/forums/thread10555-enable-user-after-30-min-when-thy-get-disabled-by-entering-wrong-pass.aspx

go thru ths

Rickeybglr, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response