Hi,
I've got a login form that authenticates a user against a database. I'm trying to implement a function whereby if a user enters 3 invalid passwords in succession, a message is displayed and the application shuts down. I'm using a for loop 2 achieve this, but i can't get it to work. Any suggestions for how i should implement this bit of functionality? Below is the login function for the form.

public partial class LoginForm : Form
    {
        private LoginObject aLoginObject;
        public  LoginForm()
        {
            InitializeComponent();
            aLoginObject = new LoginObject();
        }

        private void LoginForm_Load(object sender, EventArgs e)
        {
            this.BackColor = Color.Azure;
        }

        private void btnEnter_Click(object sender, EventArgs e)
        {
            try
            {
               string resultMsg = "";
               byte passConfirm = 0;
               int loginAttempts = 0; 
                               
                // validate user input
                // if no input from the user, display error message
                if (txtPassword.Text.Trim().Equals(""))
                {
                    MessageBox.Show("You must enter a password!");
                    txtPassword.Focus();
                    txtPassword.Text = "";
                }
                else 
                {
                    passConfirm = aLoginObject.login(txtPassword.Text, ref resultMsg);
                    if(passConfirm == 1)
                    {
                        // Success
                       // MessageBox.Show(resultMsg);
                        // Enter the application.Show the main menu tree view
                        TreeViewMenuForm aTreeViewMenuForm;
                        aTreeViewMenuForm = new TreeViewMenuForm();
                        aTreeViewMenuForm.Show();
                    }
                    else if (passConfirm == 2)
                    {
                        // Invalid password
                        MessageBox.Show(resultMsg);
                        txtPassword.Focus();
                        txtPassword.Text = "";
                    }
                    else
                    {
                        // 255 DAtabase error
                        MessageBox.Show(resultMsg);
                    }
                    // if user enters incorrect password 3 times
                    // the application will shutdown
                    for (int i = 0; i < 3; i++)
                    {
                        loginAttempts = loginAttempts + 1;
                        if (loginAttempts > 3)
                        {
                            MessageBox.Show("You do not have access to this wallet");
                            Application.Exit();
                        }
                    }
                    
                }
            }// end try

            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }// end of btnEnter_click() method

        private void btnClear_Click(object sender, EventArgs e)
        {
            txtPassword.Text = "";
            txtPassword.Focus();      
        }

        private void mnuExit_Click(object sender, EventArgs e)
        {
            Application.Exit();
        }
        
    }

Edited 6 Years Ago by __avd: Added [code] tags.

Declare aloginAttempts variable outside the method.

int loginAttempts = 0; 
private void btnEnter_Click(object sender, EventArgs e)
        {
         ...
        if(loginAttempts==3) {
            .....
            // statements
        }
         if(Invalid_username_orpassword_then)
            loginAttempts++;
        
        }

sorry for my english

can you pls help me about this code i wrote an algorithm of 3 failed attempt but on c# visual studio it didnt work but i already tried it on java it works what was the problem in my code thnx for future :)

string a = "admin", b = UNameTxt.Text, c = PassTxt.Text;
           
            if (b.Equals(a) && c.Equals(a))
            {
                Mainfrm MainForm = new Mainfrm();
                MainForm.Show();
            }
            else { 
                    int i;
                    for (i=0;i<=2;i++){
                     UNameTxt.Text = "";
                     PassTxt.Text = "";
                     UNameTxt.Focus();
                        if(i==2){
                        MessageBox.Show("you're a hacker");
                        this.Close();                    
                                }
                    }
                }

Edited 5 Years Ago by __avd: Added [code] tags.

I'm not entirely believing this is for an actual production application, but if it is then you probably should realize you may not yet be qualified to code authentication mechanisms.

I'm not entirely believing this is for an actual production application, but if it is then you probably should realize you may not yet be qualified to code authentication mechanisms.

Lol. Hopefully there's no banking information to be found behind his authentication mechanism.

To make a truly secure mechanism (besides using an encrypted connection), use a stored procedure in your sql database that logs the users external IP address, and associate a count with that persons IP. This will circumvent any sort of brute-force techniques.

This article has been dead for over six months. Start a new discussion instead.