Welcome to WebmasterWorld Guest from 54.163.168.15

Forum Moderators: ocean10000

loop question

   
7:02 pm on Jul 18, 2011 (gmt 0)

5+ Year Member



I am basically looking to lock out a visitor if they attempt to log in too many times. This is the code in its simplicity. What am I missing? It doesn't work.





Partial Class logins_Default
Inherits System.Web.UI.Page
Public mynumber As Integer = 0

Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
If txtUser.Text = "user" And txtPassword.Text = "pw" Then
Response.Redirect("somepage.aspx")

Else

Do While mynumber < 5

lblError.Text = "Incorrect user/pw"
mynumber = mynumber + 1
Response.Write(mynumber)
Loop




End If


If mynumber > 5 Then
lblError.Text = "Too many tries. Try again later."
End If







End Sub
End Class
7:37 pm on Jul 18, 2011 (gmt 0)

5+ Year Member



I am thinking maybe I just need a counter instead... working on it. Open to suggestions. Thanks
8:42 pm on Jul 18, 2011 (gmt 0)

5+ Year Member



This seems to work, but I am just a beginner at this. Any tips/ suggestions?




Partial Class logins_Default
Inherits System.Web.UI.Page





Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click



If txtUser.Text = "user" And txtPassword.Text = "pw" Then
Response.Redirect("somepage.aspx")

Else




lblError.Text = "Incorrect user/pw"

Session("mynumber") = Session("mynumber") + 1
Response.Write(Session("mynumber"))

End If





If Session("mynumber") > 10 Then
lblError.Text = "Too many tries. Try again later."
'lock them out
End If









End Sub

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Page.IsPostBack Then
Session("mynumber") = Session("mynumber") + 1
Else
Session("mynumber") = "1"
End If


End Sub
End Class
4:11 am on Jul 24, 2011 (gmt 0)

10+ Year Member



In your original code, you always executed the line to create the count field and initialize it to 0. So it never even exceeded 1.

You could create it as "static" and it will retain it's value over postbacks. Additionally you could store the value in ViewState. It is much like your solution with Session except that if the user sits idle for 20 minutes the session will expire and your code would fail again.
2:48 pm on Aug 1, 2011 (gmt 0)

5+ Year Member



Thank you.
8:26 pm on Aug 12, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'm not sure why you are doing this , but if its to prevent the automated hacking of web forms it wont work, the software used sets the session cookies as required. You need to persist the data to a database or text file and add a time delay on each failed login.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month