Solved

Block multiple login attempts

Posted on 2009-05-20
5
665 Views
Last Modified: 2012-05-07
Need script to block multiple login attempts after 3 tries. I have the login process set up in Coldfusion. Help.
<CFIF ISDEFINED("Form.userProvided")>

<CFSET userProvided =  #parsecfmsql(Form.userProvided)#>

<CFSET pwProvided =  #parsecfmsql(Form.pwProvided)#>

 <CFQUERY NAME="Check" datasource="datasourcename">

 SELECT *

 FROM Users 

 WHERE userProvided = '#userProvided#'

 AND pwProvided = '#pwProvided#'

 </CFQUERY>

 <CFIF CHECKADMIN.RECORDCOUNT IS 1>

  <CFSET SESSION.LoggedIn="Yes">

  <CFSET SESSION.UserId=Check.Id>

  <cflocation url="gotopage.cfm" addtoken="No">

 <CFelse>

  <script language="JavaScript">

    alert( 'Please try again.');

    self.location="backtologin.cfm";

  </script>

  </cfif>

</CFIF>

Open in new window

0
Comment
Question by:tartarus78
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Zvonko earned 250 total points
ID: 24434885
How about this:
<CFIF ISDEFINED("Form.userProvided")>

<CFSET userProvided =  #parsecfmsql(Form.userProvided)#>

<CFSET pwProvided =  #parsecfmsql(Form.pwProvided)#>

 <CFQUERY NAME="CHECKADMIN" datasource="datasourcename">

 SELECT *

 FROM Users 

 WHERE userProvided = '#userProvided#'

 AND pwProvided = '#pwProvided#'

 </CFQUERY>

 <CFIF CHECKADMIN.RECORDCOUNT IS 1>

  <CFSET SESSION.LogCount=0>

  <CFSET SESSION.LoggedIn="Yes">

  <CFSET SESSION.UserId=Check.Id>

  <cflocation url="gotopage.cfm" addtoken="No">

 <CFelse>

  <cfparam name="SESSION.LogCount" value="0" >

  <CFSET SESSION.LogCount=SESSION.LogCount+1>

  <cfif SESSION.LogCount GT 3 >

    <cflocation url="quitlogin.cfm" >

  </cfif>

  <script language="JavaScript">

    alert( 'Please try again.');

    self.location="backtologin.cfm";

  </script>

  </cfif>

</CFIF>

Open in new window

0
 

Author Comment

by:tartarus78
ID: 24435530
Wonderful, thanks Zvonko!!!

I changed value="0" to default="0" in CFPARAM. Any idea why the JavaScript ALERT is not working?
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 24436474
Uhps, sorry for the default.

Do you have method=post in your form tag?
I do get the alert() in my tests.

0
 

Author Comment

by:tartarus78
ID: 24442373
Yes, I do have method=post on my form tag. Very weird.
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 24444425
Look into browser html page source where you expect the alert() and look for broken html tags. Sometimes it is a simple missing closing " for the string to prevent whole script form execution.

Post here the html page source and I can check for you.

0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
The viewer will learn how to dynamically set the form action using jQuery.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now