Member Avatar for jockfaire

Hi,
I've got a login form that authenticates a user against a database. I'm trying to implement a function whereby if a user enters 3 invalid passwords in succession, a message is displayed and the application shuts down. I'm using a for loop 2 achieve this, but i can't get it to work. Any suggestions for how i should implement this bit of functionality? Below is the login function for the form.

public partial class LoginForm : Form
    {
        private LoginObject aLoginObject;
        public  LoginForm()
        {
            InitializeComponent();
            aLoginObject = new LoginObject();
        }

        private void LoginForm_Load(object sender, EventArgs e)
        {
            this.BackColor = Color.Azure;
        }

        private void btnEnter_Click(object sender, EventArgs e)
        {
            try
            {
               string resultMsg = "";
               byte passConfirm = 0;
               int loginAttempts = 0; 
                               
                // validate user input
                // if no input from the user, display error message
                if (txtPassword.Text.Trim().Equals(""))
                {
                    MessageBox.Show("You must enter a password!");
                    txtPassword.Focus();
                    txtPassword.Text = "";
                }
                else 
                {
                    passConfirm = aLoginObject.login(txtPassword.Text, ref resultMsg);
                    if(passConfirm == 1)
                    {
                        // Success
                       // MessageBox.Show(resultMsg);
                        // Enter the application.Show the main menu tree view
                        TreeViewMenuForm aTreeViewMenuForm;
                        aTreeViewMenuForm = new TreeViewMenuForm();
                        aTreeViewMenuForm.Show();
                    }
                    else if (passConfirm == 2)
                    {
                        // Invalid password
                        MessageBox.Show(resultMsg);
                        txtPassword.Focus();
                        txtPassword.Text = "";
                    }
                    else
                    {
                        // 255 DAtabase error
                        MessageBox.Show(resultMsg);
                    }
                    // if user enters incorrect password 3 times
                    // the application will shutdown
                    for (int i = 0; i < 3; i++)
                    {
                        loginAttempts = loginAttempts + 1;
                        if (loginAttempts > 3)
                        {
                            MessageBox.Show("You do not have access to this wallet");
                            Application.Exit();
                        }
                    }
                    
                }
            }// end try

            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }// end of btnEnter_click() method

        private void btnClear_Click(object sender, EventArgs e)
        {
            txtPassword.Text = "";
            txtPassword.Focus();      
        }

        private void mnuExit_Click(object sender, EventArgs e)
        {
            Application.Exit();
        }
        
    }
Edited by kvprajapati because: Added [code] tags.
  • 5 Contributors
  • 4 Replies
  • 881 Views
  • 1 Year Discussion Span
  • Latest Post Latest Post by skatamatic

Recommended Answers

All 4 Replies

Member Avatar for kvprajapati

Declare aloginAttempts variable outside the method.

int loginAttempts = 0; 
private void btnEnter_Click(object sender, EventArgs e)
        {
         ...
        if(loginAttempts==3) {
            .....
            // statements
        }
         if(Invalid_username_orpassword_then)
            loginAttempts++;
        
        }
Member Avatar for auwi987

sorry for my english

can you pls help me about this code i wrote an algorithm of 3 failed attempt but on c# visual studio it didnt work but i already tried it on java it works what was the problem in my code thnx for future :)

string a = "admin", b = UNameTxt.Text, c = PassTxt.Text;
           
            if (b.Equals(a) && c.Equals(a))
            {
                Mainfrm MainForm = new Mainfrm();
                MainForm.Show();
            }
            else { 
                    int i;
                    for (i=0;i<=2;i++){
                     UNameTxt.Text = "";
                     PassTxt.Text = "";
                     UNameTxt.Focus();
                        if(i==2){
                        MessageBox.Show("you're a hacker");
                        this.Close();                    
                                }
                    }
                }
Edited by kvprajapati because: Added [code] tags.
Member Avatar for pseudorandom21

I'm not entirely believing this is for an actual production application, but if it is then you probably should realize you may not yet be qualified to code authentication mechanisms.

Member Avatar for skatamatic

I'm not entirely believing this is for an actual production application, but if it is then you probably should realize you may not yet be qualified to code authentication mechanisms.

Lol. Hopefully there's no banking information to be found behind his authentication mechanism.

To make a truly secure mechanism (besides using an encrypted connection), use a stored procedure in your sql database that logs the users external IP address, and associate a count with that persons IP. This will circumvent any sort of brute-force techniques.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.