Lock users on unsuccessful logins?
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=14934
Printed Date: 13 April 2026 at 12:05am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Lock users on unsuccessful logins?
Posted By: martha
Subject: Lock users on unsuccessful logins?
Date Posted: 03 May 2005 at 2:16pm
|
Hello!!! Is there any way to lock users on usuccessful logins? I want to avoid anyone trying to login as admin. |
Replies:
Posted By: dj air
Date Posted: 03 May 2005 at 3:31pm
|
what do you mean by lock? can't access the site? or can't try to login again and can view the site? it can be done , no sure way but you can use cookies, if a value send them away, or session veriables.... and/or store the IP Address , thats not fool proff though |
Posted By: pjb007
Date Posted: 03 May 2005 at 4:39pm
|
Could it not work on a simpler basis
For example take a user with the name
mrweb If mrweb goes to your forum and enters the incorrect details then a value changes in the database the value could start at 0 and would increase by 1 for every incorrect guess, if it was equal to 3 then the account locks no matter what computer or IP address you use you can't get in because the value in the database is equal to 3, it could either locked like that for a pre-defined time or need an admin to reset the value.
If you get the password wrong on the first try and right on the second go, the field resets to 0 on login as its not 3 incorrect passwords in a row.
|
Posted By: dj air
Date Posted: 03 May 2005 at 4:58pm
|
ok add a new field to the DB. then on the login page when a inccorect value use aupdate SQL to add 1 to the field. then if 3 always return false. but if correct within three where the last login time is done add the counted field setting the value back to 0 then to actually stop the user .. in the common.asp page change the query that uses the Usercode to log the user in.. set the query to also check the user_code but also WHERE tblAuthor.Count = 0 if they dont equal 0 set them to a guest account .. or you can not check within the query and bring the value in.. where the user details are bought in. then do a if statement saying if >2 then blnActiveUser = False set them to inactive |
Posted By: dpyers
Date Posted: 03 May 2005 at 6:19pm
|
How would you unlock them if they remember their password later?
You'd also need to reset the counter on a password reset. ------------- 
Lead me not into temptation... I know the short cut, follow me. |