Good day all,please i need your help . I developed servlet authentication login and now i want each of my password to be allowing only 3 times access on a particular username before it becomes invalid for ever .it will prompt an error message "sorry the password has been used 3 times get new one".Please am stuck ,i need your help. Below is my code and am using tomcat6.0.16.Any help rendered will be appreciated. Thanks and have a wonderful day.

package myservlets;
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class AuthenticateUserServlet extends HttpServlet{
protected void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {

response.setContentType("text/html");
PrintWriter pw = response.getWriter();
String username = request.getParameter("username");
String password = request.getParameter("password");

try{
String driver = "org.gjt.mm.mysql.Driver";
Class.forName(driver).newInstance();

Connection con=null;
ResultSet rst=null;
Statement stmt=null;

String url="jdbc:mysql://localhost/money?user=root&password=root";
con=DriverManager.getConnection(url);
stmt=con.createStatement();
String query = "select username from login where username='"+username+"' and password='"+password+"'";
System.out.println(query);
ResultSet rs = stmt.executeQuery(query);

if(rs.next()){

response.sendRedirect("/try/ValidentryServlet");
}
else{
pw.println("Please insert veiled Username and Password!");
}
}

catch(Exception e){
System.out.println(e.getMessage());
}
}
}
package myservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class ValidentryServlet extends HttpServlet{
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
PrintWriter pw = response.getWriter();
pw.println("Welcome to World of Knowledge!" + " ");
pw.println("my beloved ");
}
}

as per your requirements i understood that you need to make password invalid at 4th attempt...


you need to create temporary session when login page opened..

when user trying to log in you count attempt and store the count variable in that temporary session..

when user give fourth attempt you send and update invalid flag to DB Table of corresponding password field.and expire the session...so the flag in false then use can't use that particular passwor and username after they need to create another one...

see HTTPSESSION API in servlet...

then search how do set time for session and how do store and retrieve variables from session...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.