SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict kunalraj's Avatar
    Join Date
    Nov 2008
    Posts
    200
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to lock user account when user attempt 3 times for login.

    hello,

    I am developing jsp/servlet web application.
    I have coded for login and it is successful.

    But Now i want to do code for particular user is going to log in.
    But his id/password is wrong then he is retrying.
    upto 3 times he will try for login.
    after that, that particular user can not login for some time.
    means for specific time his account will locked.

    How can i do this CAN ANY ONE GUIDE ME?
    If any one have any example than let me know.


    thanks,
    kunalraj.

  2. #2
    SitePoint Addict
    Join Date
    Oct 2006
    Posts
    210
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My product has a prov_user (Provisioning - User) table that contains a record for each user allowed on the system. Among other items, the record contains the user's login ID, encrypted password, user state (Enabled, Disabled, and Suspended), user state change time stamp, and an invalid password count. Normally, the user state is Enabled. I have a web page which allows an administrator to Disable or Enable users. A value of Suspended means the user is temporarily prevented from logging in.

    When the user logs in successfully, the code sets the invalid password count to zero. When the user provides an incorrect password, the code increments the invalid password count. After three consecutive failures, the code sets the user state to Suspended and sets the state change time stamp to the current time. Should the user provide the correct password while the state is Suspended, the code checks how long the user has been suspended. If the user has been suspended for at least 5 minutes (you may want to use another time interval), the code sets the state to Enabled, sets the state change time stamp, sets the invalid password count to zero, and logs in the user. Otherwise, the code tells the user that their account is temporarily suspended and to try again later.

    Hope this helps....
    mikem

  3. #3
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,394
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    mike's solution sounds good. Definitely, have a admin page to enable the user.

  4. #4
    SiteP0int Weazle hooknc's Avatar
    Join Date
    Dec 2004
    Location
    Socialist Republic of Boulder
    Posts
    937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would recommend using a user_login table that records each and every login. Which user, from where (ip address), what time and if the user was successful or not.

    I would then use a query to figure out if the user is a allowed to login or not based on that query.

    That way you don't have to worry about updating state on a table all the time.
    baby steps... baby steps...

  5. #5
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you don't want to have to record the thing in the database, just put the user name into a session scope (or perhaps a static map). This might be easier than putting it in the database.

  6. #6
    SitePoint Addict kunalraj's Avatar
    Join Date
    Nov 2008
    Posts
    200
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Ok i have done it through session.



    thanks,
    kunalraj

  7. #7
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,394
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Just FYI, there maybe a security requirements which may not work with Session. For example, let say there's a hack who's trying access user "abc". He can easily retrieve new session and keeps on trying. So, just consider this fact when it's for a real project.

  8. #8
    SitePoint Enthusiast
    Join Date
    Jun 2008
    Location
    Toronto, Canada
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sg707 View Post
    Just FYI, there maybe a security requirements which may not work with Session. For example, let say there's a hack who's trying access user "abc". He can easily retrieve new session and keeps on trying. So, just consider this fact when it's for a real project.
    Agreed. You'll have more control if you store "user access attempts" in DB.

  9. #9
    SitePoint Addict kunalraj's Avatar
    Join Date
    Nov 2008
    Posts
    200
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,


    Ok so i would do that through database.


    Thanks friends for guide me.




    thanks,
    kunalraj


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •