Disable textbox on error 3 login attempts
I need to disable the "Username" and "Password" text fields when the user cannot provide correct credentials 3 times. I have to use logic in JSP (using jQuery or javascript) or in a controller.
PS: I only need to redirect to the login page after a crash. You just need to update the "Account Disabled" error message.
Below is the JSP: Login.jsp
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login Form</title>
</head>
<body>
<form action="Login_Servlet_Test" method="POST">
Username <input type="text" name="uname"/><br>
Password <input type="text" name="paswd"/><br>
<input type="Submit" value="Submit"/>
</form>
</body>
</html>
Below is the servlet: LoginServlet
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void init() throws ServletException {
//we can create DB connection resource here and set it to Servlet context
if(getServletContext().getInitParameter("dbURL").equals("jdbc:mysql://localhost/mysql_db") &&
getServletContext().getInitParameter("dbUser").equals("mysql_user") &&
getServletContext().getInitParameter("dbUserPwd").equals("mysql_pwd"))
getServletContext().setAttribute("DB_Success", "True");
else throw new ServletException("DB Connection error");
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//get request parameters for userID and password
String user = request.getParameter("user");
String pwd = request.getParameter("pwd");
//get servlet config init params
String userID = getServletConfig().getInitParameter("user");
String password = getServletConfig().getInitParameter("password");
//logging example
log("User="+user+"::password="+pwd);
if(userID.equals(user) && password.equals(pwd)){
response.sendRedirect("LoginSuccess.jsp");
}else{
RequestDispatcher rd = getServletContext().getRequestDispatcher("Login.jsp");
PrintWriter out= response.getWriter();
out.println("<font color=red>Either user name or password is wrong.</font>");
rd.include(request, response);
}
}
}
source to share
You have to add two columns to your users table. One represents the login counter and the other represents the timestamp of the last login attempt. Most often, websites allow the user to log in after a certain amount of time after the account is locked out. This way you can check the time and clear the failed attempts if the specified specified time (for example, 30 minutes since the last login attempt) is longer or the user was able to log in successfully.
PreparedStatement pstmt = con.prepareStatement("select loginCount , loginAttemptDate from userstable where username=?");
pstmt.setString(1,username);//your username from login page
ResultSet rs = pstmt.executeQuery();
int loginAttempt=resultset.getint(1);
Date loginAttemptDate = new java.util.Date(resultSet.getTimestamp(2).get time());
request.setAttribute("loginCount",loginAttempt );
long diff= new Date().getTime() - loginAttemptDate.getTime();
if (diff < YOURTIMELIMITCONST && loginAttempt > 3 ){
RequestDispatcher rd = getServletContext().getRequestDispatcher("Login.jsp");
PrintWriter out= response.getWriter();
out.println("<font color=red>Either user name or password is wrong.</font>");
rd.include(request, response);
}else{
//do your login check
}
and in jsp you like to use scriptlets
<%if((Integer)request.getAttribute("loginCount") > 3){%>
document.getElementById("usernamebox").disabled = true;
document.getElementById("passwordbox").disabled = true;
<%}%>
I assumed the ids of your input fields in the above code
source to share