Click here to Skip to main content
15,897,187 members
Search within:


How to block user account(how to block current user who is entering wrong user credentials) , if he enter more than 5 times wrong user credentials
Please Sign up or sign in to vote.
1.00/5 (1 vote)
how to user block if user enter five time wrong password and what is logic in SQL Server of block user for 30 minute if 5 time enter invalid password. and how to set this time 30 minute to 0 minute after 30 minute. I am trying in sql server


CREATE PROCEDURE Usp_CheckLoginDetail
-- Add the parameters for the stored procedure here
@Userid nvarchar(100),
@Password varchar(500),
@ResponseMsg int OUTPUT
AS
BEGIN
  -- SET NOCOUNT ON added to prevent extra result sets from
  -- interfering with SELECT statements.
  SET NOCOUNT ON;
 
  BEGIN TRY

    IF EXISTS (SELECT Count(*) FROM TM_UserDetails WHERE UserId = @UserId) --Check User is Valid or not
    BEGIN
      IF EXISTS (SELECT Count(*) FROM TM_UserDetails WHERE UserId = @UserId AND [Password] = @Password and FirstLoginStatus=0 and FreezeStatus = 0 and BlockedStatus = 0)--Check User id and password is Valid 
      BEGIN
        SELECT          *
        FROM TM_UserDetails 
      END
      ELSE if EXISTS(SELECT Count(*) FROM TM_UserDetails WHERE UserId = @UserId AND [Password] = @Password and FirstLoginStatus=1 and FreezeStatus = 1 and BlockedStatus = 0)--Check User id and password is Valid but user is doing first time login
      BEGIN
        SET @ResponseMsg = 2  -- First Time User
		--Code Will be write later
      END
	  ELSE ---If User Enter Wrong Password code block
      BEGIN
	  declare @Couter int = 1
	  declare @Count int
	  declare @BlockCount int,@BlockedDte datetime,@BlockStatus bit 
	  select  @BlockCount = ISNULL(BlockCount,0) , @BlockedDte = ISNULL(BlockedDate,getdate()) ,@BlockStatus = ISNULL(BlockedStatus,0) from TM_UserDetails where UserId = @Userid
	  if @BlockCount < 5
	  begin
	  set @BlockCount = @BlockCount + 1
	  update TM_UserDetails set BlockCount = @BlockCount , BlockedStatus = 1 , BlockedDate = GETDATE() where  UserId = @Userid
	  End
	  else if @BlockCount = 5
	  begin
	  SET @ResponseMsg = 5 -- Blocked User
	  end

      END
    END
    ELSE
    BEGIN
      SET @ResponseMsg = 1  -- Invalid User
    END
  END TRY
  BEGIN CATCH
    SET @ResponseMsg = 3  -- Invalid User
  END CATCH


END

GO


What I have tried:

I tried this solution in sql Procedure but problem is that what i will take time between
two request to check user id and password to refresh counter value in database. because
user enter continues 5 times wrong user id and password then it will be block 30 minute.
Posted
Updated 3-Jul-17 3:52am
v3
Add a Solution
Comments
F-ES Sitecore 3-Jul-17 4:18am    
It depends how you are authenticating people and as you haven't said it's impossible to give an answer.
sandeepbhatt1989 3-Jul-17 5:01am    
i am taking whole day to check user enter wrong password. In 24 hrs if user enter 5 time wrong password then user become block. Then how to implement this activity in Sql Procedure.

2 solutions

when you find user have enter 5 times wrong user password you can add one column as i suggest and add datetime.now + 30 min.we call as blockTime .. and no of try set to be 0.
like i am typeing wrong user name and password 4 time . at 9:30AM i have enter wrong username and password so . DatetimNow+30 min =10:00AM . so user is block 10:00 AM..
and set NoOfTimes to be zero.

in 9:30 to 10:00 am he is trying to autheicate he is block for that time. in each time when you are authenticate user check datetime now is less than block time or not.

after 10:00 am user try to access then remove block time as user is trying to access 10:05 and same process you can carry on
 
Share this answer
 
Posted
Updated 3-Jul-17 3:54am
v2
Comments
sandeepbhatt1989 3-Jul-17 11:08am    
Grt I will Try this logic...
Put one conunter in in authenticate table.

like
UserName| Password |NoOfTime |BlockTime |
xyz | xyz |0 |
ABC | abc |5 |2:30PM

where user enter wrong cridenticial increase nooftime values when you Are trying to authenticate .. if authenticate is proper then set nooftime values to 0.
if NoOfTime<5
Set Value in BlockTime and set NoOfTime to 0.


in this way you can do it.
 
Share this answer
 
Posted
Comments
sandeepbhatt1989 3-Jul-17 8:59am    
but what is logic in SQL Server of block user for 30 minute if 5 time enter invalid password. and how to set this time 30 minute to 0 minute after 30 minute. I am trying

IF EXISTS (SELECT Count(*) FROM TM_UserDetails WHERE UserId = @UserId) --Check User is Valid or not
BEGIN
IF EXISTS (SELECT Count(*) FROM TM_UserDetails WHERE UserId = @UserId AND [Password] = @Password and FirstLoginStatus=0 and FreezeStatus = 0 and BlockedStatus = 0)--Check User id and password is Valid
BEGIN
SELECT *
FROM TM_Password_History
END
ELSE if EXISTS(SELECT Count(*) FROM TM_UserDetails WHERE UserId = @UserId AND [Password] = @Password and FirstLoginStatus=1 and FreezeStatus = 1 and BlockedStatus = 0)--Check User id and password is Valid but user is doing first time login
BEGIN
SET @ResponseMsg = 2 -- First Time User
--Code Will be write later
END
ELSE ---If User Enter Wrong Password code block
BEGIN
declare @Couter int = 1
declare @Count int
declare @BlockCount int,@BlockedDte datetime,@BlockStatus bit
select @BlockCount = ISNULL(BlockCount,0) , @BlockedDte = ISNULL(BlockedDate,getdate()) ,@BlockStatus = ISNULL(BlockedStatus,0) from TM_UserDetails where UserId = @Userid
if @BlockCount < 5
begin
set @BlockCount = @BlockCount + 1
update TM_UserDetails set BlockCount = @BlockCount , BlockedStatus = 1 , BlockedDate = GETDATE() where UserId = @Userid
End
else if @BlockCount = 5
begin
SET @ResponseMsg = 5 -- Blocked User
end
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to use session to allow user enter 3 login attempt failed account or password ?
how to lock the user for 24 hrs if he entered wrong password for more than 3 times
If user authenticate for parent website then no need to enter credentials for child website
Users credentials to access web service
If user enters wrong password three times, then block the login for some minutes how to add below program
Check user credentials against active directory
Block ip address if user attempt wrong password in 3 times
CrystalReportViewer Asking for user credentials
How to show a string from column whose record matched with the credentials a user has entered ?
How to restrict user to enter only one period '.' that too after a digit

Advertise
Privacy
Cookies
Terms of Use
Last Updated 3 Jul 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900