want to give validation for 3 times login

Posted by Subhadip under ASP.NET on 8/19/2012 | Points: 10 | Views : 2987 | Status : [Member] | Replies : 3
I have written this code for login page ,this code is working properlly now i want to give restriction that after 3 times on button click if login is faliure message will display "sorry today you have tried 3 times login " and on particular current date .plz write me the code dont give me
any web site link.Means i want to check on current date if a user enter wrong username and password 3 times it will display message
"sorry today you have tried 3 times login "

For LOGIN
Protected void btn_click()
{
int count=0;
cmd=new sqlcommand("select count(*) from emp_registration where username='"+ txtusername.text.trim()+"' and password='"+ txtpassword.text.trim()+"'",cn);
count=Convert.ToInt16(cmd.ExecuteScalar());
Sesssion["username"]=txtusername.text;
If(count!=0)
{
Response.Redirect(aa.aspx);
}
else
{
Lbl.text="invalid"
}
}




Responses

Posted by: Sudeesh.Govind on: 8/20/2012 [Member] Starter | Points: 25

Up
0
Down
Hi,

Simple method is you have to create 2 fields in a table like - NooffailureAttempt, date.
when we login check into the table during the current date how much number of attept and based on this you have to show the message.

learn and earn

Subhadip, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rickeybglr on: 8/20/2012 [Member] Starter | Points: 25

Up
0
Down
i did the same thing..
u can add one more column to ur table emp_registration isActive(bool)
create one more table
CREATE TABLE [dbo].[userLoginStatusTB](
[wrongAttempt] [nvarchar](30) NULL,
[isactive] [bit] NULL,
[UserID] [int] NULL,
[lockTime] [datetime] NULL)

use this SP to block the user:
ALTER PROCEDURE [dbo].[USP_BlockUser]
(
@pswd nvarchar(30),
@userID INT
)

AS
BEGIN
if NOT EXISTS (SELECT userid from userLoginStatusTB where UserID=@userID)
BEGIN
INSERT INTO userLoginStatusTB
(
wrongAttempt,
isactive,
UserID,
lockTime
)
VALUES
(
0,
0,
@UserID,
GETDATE()
)
END
if exists(SELECT userid from userLoginStatusTB where UserID=@userID)
BEGIN

Declare @tempAttempt int=0
SELECT @tempAttempt= wrongAttempt from userLoginStatusTB where UserID=@userID
if(@tempAttempt=0)
BEGIN
update userLoginStatusTB set wrongAttempt=1 WHERE UserID=@userID
END

ELSE IF (@tempAttempt=1)
BEGIN
update userLoginStatusTB set wrongAttempt=2 WHERE UserID=@userID
END

ELSE IF(@tempAttempt=2)
BEGIN
update userLoginStatusTB set wrongAttempt=3 WHERE UserID=@userID
END

ELSE
BEGIN
UPDATE emp_registration SET isActive=0 WHERE userID=@userID
END
END
SET NOCOUNT ON;
END

Subhadip, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vasanthmvp on: 8/20/2012 [Member] Starter | Points: 25

Up
0
Down
Hi,

i think this can also be done by


bool isAuthenticated = false;
int count = 0;
object obj = cmd.ExecuteScalar();
if(obj != null)
{
isAuthenticated = true;
}

if(isAuthenticated)
{
FormsAuthentication.RedirectFromLoginPage(Login1.UserName);
}
else
{
count++;

if(count == 3)
{

// set the session to get expire after 24 hrs and display a Login attempt failure message.

// and the session type should be sql server session management.

}
}


Will this work out??

Regards,


Awesome Coding !! :)

Subhadip, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response