Lock users on unsuccessful logins?

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
martha Members Profile Find Members Posts Groupie Joined: 28 February 2005 Location: Greece Status: Offline Points: 42	Post Options Post Reply Quote martha Report Post Thanks(0) Quote Reply Topic: Lock users on unsuccessful logins? Posted: 03 May 2005 at 2:16pm
	Hello!!! Is there any way to lock users on usuccessful logins? I want to avoid anyone trying to login as admin.

dj air Members Profile Find Members Posts Senior Member Joined: 05 April 2002 Location: United Kingdom Status: Offline Points: 3627	Post Options Post Reply Quote dj air Report Post Thanks(0) Quote Reply Posted: 03 May 2005 at 3:31pm
	what do you mean by lock? can't access the site? or can't try to login again and can view the site? it can be done , no sure way but you can use cookies, if a value send them away, or session veriables.... and/or store the IP Address , thats not fool proff though

pjb007 Members Profile Find Members Posts Groupie Joined: 03 September 2004 Location: United Kingdom Status: Offline Points: 185	Post Options Post Reply Quote pjb007 Report Post Thanks(0) Quote Reply Posted: 03 May 2005 at 4:39pm
	Could it not work on a simpler basis For example take a user with the name mrweb If mrweb goes to your forum and enters the incorrect details then a value changes in the database the value could start at 0 and would increase by 1 for every incorrect guess, if it was equal to 3 then the account locks no matter what computer or IP address you use you can't get in because the value in the database is equal to 3, it could either locked like that for a pre-defined time or need an admin to reset the value. If you get the password wrong on the first try and right on the second go, the field resets to 0 on login as its not 3 incorrect passwords in a row.

dj air Members Profile Find Members Posts Senior Member Joined: 05 April 2002 Location: United Kingdom Status: Offline Points: 3627	Post Options Post Reply Quote dj air Report Post Thanks(0) Quote Reply Posted: 03 May 2005 at 4:58pm
	ok add a new field to the DB. then on the login page when a inccorect value use aupdate SQL to add 1 to the field. then if 3 always return false. but if correct within three where the last login time is done add the counted field setting the value back to 0 then to actually stop the user .. in the common.asp page change the query that uses the Usercode to log the user in.. set the query to also check the user_code but also WHERE tblAuthor.Count = 0 if they dont equal 0 set them to a guest account .. or you can not check within the query and bring the value in.. where the user details are bought in. then do a if statement saying if >2 then blnActiveUser = False set them to inactive

dpyers Members Profile Find Members Posts Senior Member Joined: 12 May 2003 Status: Offline Points: 3937	Post Options Post Reply Quote dpyers Report Post Thanks(0) Quote Reply Posted: 03 May 2005 at 6:19pm
	How would you unlock them if they remember their password later? You'd also need to reset the counter on a password reset.
	Lead me not into temptation... I know the short cut, follow me.

Post Reply

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum