homepage Welcome to WebmasterWorld Guest from 54.227.41.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
Forum Library, Charter, Moderators: ocean10000

Microsoft IIS Web Server and ASP.NET Forum

    
loop question
hal12b




msg:4340930
 7:02 pm on Jul 18, 2011 (gmt 0)

I am basically looking to lock out a visitor if they attempt to log in too many times. This is the code in its simplicity. What am I missing? It doesn't work.





Partial Class logins_Default
Inherits System.Web.UI.Page
Public mynumber As Integer = 0

Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
If txtUser.Text = "user" And txtPassword.Text = "pw" Then
Response.Redirect("somepage.aspx")

Else

Do While mynumber < 5

lblError.Text = "Incorrect user/pw"
mynumber = mynumber + 1
Response.Write(mynumber)
Loop




End If


If mynumber > 5 Then
lblError.Text = "Too many tries. Try again later."
End If







End Sub
End Class

 

hal12b




msg:4340937
 7:37 pm on Jul 18, 2011 (gmt 0)

I am thinking maybe I just need a counter instead... working on it. Open to suggestions. Thanks

hal12b




msg:4340957
 8:42 pm on Jul 18, 2011 (gmt 0)

This seems to work, but I am just a beginner at this. Any tips/ suggestions?




Partial Class logins_Default
Inherits System.Web.UI.Page





Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click



If txtUser.Text = "user" And txtPassword.Text = "pw" Then
Response.Redirect("somepage.aspx")

Else




lblError.Text = "Incorrect user/pw"

Session("mynumber") = Session("mynumber") + 1
Response.Write(Session("mynumber"))

End If





If Session("mynumber") > 10 Then
lblError.Text = "Too many tries. Try again later."
'lock them out
End If









End Sub

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Page.IsPostBack Then
Session("mynumber") = Session("mynumber") + 1
Else
Session("mynumber") = "1"
End If


End Sub
End Class

bmcgee




msg:4343185
 4:11 am on Jul 24, 2011 (gmt 0)

In your original code, you always executed the line to create the count field and initialize it to 0. So it never even exceeded 1.

You could create it as "static" and it will retain it's value over postbacks. Additionally you could store the value in ViewState. It is much like your solution with Session except that if the user sits idle for 20 minutes the session will expire and your code would fail again.

hal12b




msg:4346206
 2:48 pm on Aug 1, 2011 (gmt 0)

Thank you.

aspdaddy




msg:4350957
 8:26 pm on Aug 12, 2011 (gmt 0)

I'm not sure why you are doing this , but if its to prevent the automated hacking of web forms it wont work, the software used sets the session cookies as required. You need to persist the data to a database or text file and add a time delay on each failed login.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved