Click here to Skip to main content
16,016,777 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
Is there any one that can show me the procedure on the three time login attempts failed? If a non user tries to login using a username and incorrect password or vice verse, the system will lock the account. I am not using memberships. Thanks!

Here is the Login Code I have:

C#
protected void Page_Load(object sender, EventArgs e)
    {
        TextBoxEA.Focus();

        if (IsPostBack)
        {
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
            con.Open();
            string cmdStr = "Select count(*) from Table22 where EmailAddress='" + TextBoxEA.Text + "'";
            SqlCommand userExist = new SqlCommand(cmdStr, con);
            SqlCommand cmd = new SqlCommand("select UserID, EAddress1 from Table22", con);
            int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
            if (temp == 0)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist You Must Fill Out Registration First');", true);
                TextBoxEA.Text = string.Empty;
            }
            else if (temp == 1)
            {
                ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName / Password');", true);   
            }
        }
    }

protected void Button1_Click(object sender, EventArgs e)
    {

        SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
        con.Open();

        if (true)
        {
            SqlCommand level = new SqlCommand("select Level, Password, UserID from Table22 where EAddress1 = @EAddress1 AND Password = @Password", con);
            level.Parameters.Add(new SqlParameter("EAddress1", TextBoxEA.Text));
            level.Parameters.Add(new SqlParameter("Password", TextBoxPW.Text));

            SqlDataReader reader = level.ExecuteReader();
            DataTable dt1 = new DataTable();
            dt1.Load(reader);

            foreach (DataRow dr1 in dt1.Rows)
            {
                int returnedLevel = Convert.ToInt32(dr1[0].ToString());
                int inst_id = Convert.ToInt32(dr1[2].ToString());
                Session["userID"] = userID;

                if (returnedLevel == 1)
                {
                    Response.Redirect("FormA.aspx");
                }
                else if (returnedLevel == 2)
                {
                    Response.Redirect("FormC.aspx");
                }
                else if (returnedLevel == 3)
                {
                    Response.Redirect("FormD.aspx");
                }
                else if (returnedLevel == 7)
                {
                    Response.Redirect("CEO.aspx");
                }
                else if (returnedLevel == 8)
                {
                    Response.Redirect("DLCBPage.aspx");
                }
                else if (returnedLevel == 11)
                {
                    Response.Redirect("FormABC.aspx");
                }
                else if (returnedLevel == 21)
                {
                    Response.Redirect("FormCDEF.aspx");
                }
                else if (returnedLevel == 31)
                {
                    Response.Redirect("FormDGB.aspx");
                }
                else if (returnedLevel == 0)
                {
                    Response.Redirect("FormSED.aspx");
                }
Posted
Updated 21-May-14 3:02am
v2
Comments
Sunasara Imdadhusen 21-May-14 8:45am    
What you tried yet?

hi,

you can check the login attempts only when the user is registered with your system.

I keep in mind that you have written the Stored procedure for checking the user login.
add new column in database table which stores the attempt of the user.
modify store procedure with the update statement after the select statement if it has entered wrong username or password.
 
Share this answer
 
Comments
Computer Wiz99 21-May-14 8:39am    
I have the new column in my database. Can you give me an example of what the code might look like in c#? Using table22 as my table that has the username, password and attempts columns.
Bh@gyesh 21-May-14 8:43am    
Hi,
Can you pase code of your SP? So I can update it accordingly what you want.
Computer Wiz99 21-May-14 8:54am    
Ok. I will show you my current Login Code.
I am showing you steps that you can implement.

1. set your session['counter'] to 0 at page_load
C#
session['counter'] = 0;


2. First verify user password is correct or not using this query

C#
string sql = "SELECT COUNT(*) FROM UserMaster WHERE UserName = '" + strUserName +"' AND Password='" + strPassword + "'";
int retValue = executeQuery(sql);


3. If return value is 0 then increment your counter by 1
C#
session['counter'] =  Convert.ToInt32(session['counter']) + 1;


4. check session['counter'] value is grater than or equal to 3 then make user as locked.
C#
if (Convert.ToInt32(session['counter']) >= 3) {
    string sql = "UPDATE UserMaster SET isLocked = true WHERE UserName = '" + strUserName +"'";
    executeQuery(sql);
    //show alert message You have been locked.
}


this is algorithm you have to correct the code.
 
Share this answer
 
Comments
Computer Wiz99 21-May-14 9:27am    
Do I put all of this in Page Load?
Computer Wiz99 21-May-14 10:31am    
Sunasara Imdadhusen, Where should I put this code?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900