Solved

Block multiple login attempts

Posted on 2009-05-20
5
666 Views
Last Modified: 2012-05-07
Need script to block multiple login attempts after 3 tries. I have the login process set up in Coldfusion. Help.
<CFIF ISDEFINED("Form.userProvided")>

<CFSET userProvided =  #parsecfmsql(Form.userProvided)#>

<CFSET pwProvided =  #parsecfmsql(Form.pwProvided)#>

 <CFQUERY NAME="Check" datasource="datasourcename">

 SELECT *

 FROM Users 

 WHERE userProvided = '#userProvided#'

 AND pwProvided = '#pwProvided#'

 </CFQUERY>

 <CFIF CHECKADMIN.RECORDCOUNT IS 1>

  <CFSET SESSION.LoggedIn="Yes">

  <CFSET SESSION.UserId=Check.Id>

  <cflocation url="gotopage.cfm" addtoken="No">

 <CFelse>

  <script language="JavaScript">

    alert( 'Please try again.');

    self.location="backtologin.cfm";

  </script>

  </cfif>

</CFIF>

Open in new window

0
Comment
Question by:tartarus78
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Zvonko earned 250 total points
ID: 24434885
How about this:
<CFIF ISDEFINED("Form.userProvided")>

<CFSET userProvided =  #parsecfmsql(Form.userProvided)#>

<CFSET pwProvided =  #parsecfmsql(Form.pwProvided)#>

 <CFQUERY NAME="CHECKADMIN" datasource="datasourcename">

 SELECT *

 FROM Users 

 WHERE userProvided = '#userProvided#'

 AND pwProvided = '#pwProvided#'

 </CFQUERY>

 <CFIF CHECKADMIN.RECORDCOUNT IS 1>

  <CFSET SESSION.LogCount=0>

  <CFSET SESSION.LoggedIn="Yes">

  <CFSET SESSION.UserId=Check.Id>

  <cflocation url="gotopage.cfm" addtoken="No">

 <CFelse>

  <cfparam name="SESSION.LogCount" value="0" >

  <CFSET SESSION.LogCount=SESSION.LogCount+1>

  <cfif SESSION.LogCount GT 3 >

    <cflocation url="quitlogin.cfm" >

  </cfif>

  <script language="JavaScript">

    alert( 'Please try again.');

    self.location="backtologin.cfm";

  </script>

  </cfif>

</CFIF>

Open in new window

0
 

Author Comment

by:tartarus78
ID: 24435530
Wonderful, thanks Zvonko!!!

I changed value="0" to default="0" in CFPARAM. Any idea why the JavaScript ALERT is not working?
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 24436474
Uhps, sorry for the default.

Do you have method=post in your form tag?
I do get the alert() in my tests.

0
 

Author Comment

by:tartarus78
ID: 24442373
Yes, I do have method=post on my form tag. Very weird.
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 24444425
Look into browser html page source where you expect the alert() and look for broken html tags. Sometimes it is a simple missing closing " for the string to prevent whole script form execution.

Post here the html page source and I can check for you.

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now