javascript - Disable text box on failure of 3 login attempts -
i have disable "username" & "password" text boxes when user fails provide correct credentials 3times. should use logic in jsp itself(using jquery or javascript) or in controller.
ps : have redirect login page after failure. need update error message "your account has been disabled".
below jsp: login.jsp
<html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>login form</title> </head> <body> <form action="login_servlet_test" method="post"> username <input type="text" name="uname"/><br> password <input type="text" name="paswd"/><br> <input type="submit" value="submit"/> </form> </body> </html> below servlet: loginservlet
public class loginservlet extends httpservlet { private static final long serialversionuid = 1l; public void init() throws servletexception { //we can create db connection resource here , set servlet context if(getservletcontext().getinitparameter("dburl").equals("jdbc:mysql://localhost/mysql_db") && getservletcontext().getinitparameter("dbuser").equals("mysql_user") && getservletcontext().getinitparameter("dbuserpwd").equals("mysql_pwd")) getservletcontext().setattribute("db_success", "true"); else throw new servletexception("db connection error"); } protected void dopost(httpservletrequest request, httpservletresponse response) throws servletexception, ioexception { //get request parameters userid , password string user = request.getparameter("user"); string pwd = request.getparameter("pwd"); //get servlet config init params string userid = getservletconfig().getinitparameter("user"); string password = getservletconfig().getinitparameter("password"); //logging example log("user="+user+"::password="+pwd); if(userid.equals(user) && password.equals(pwd)){ response.sendredirect("loginsuccess.jsp"); }else{ requestdispatcher rd = getservletcontext().getrequestdispatcher("login.jsp"); printwriter out= response.getwriter(); out.println("<font color=red>either user name or password wrong.</font>"); rd.include(request, response); } } }
you add 2 columns in users table. 1 representing login count , representing timestamp of last login attempt. web sites allow user attempt login after specific time after account locked. may want check time , clear unsuccessful attempts if specified time(e.g. 30 minutes since last login attempt) exceeds or user able login successfully.
preparedstatement pstmt = con.preparestatement("select logincount , loginattemptdate userstable username=?"); pstmt.setstring(1,username);//your username login page resultset rs = pstmt.executequery(); int loginattempt=resultset.getint(1); date loginattemptdate = new java.util.date(resultset.gettimestamp(2).get time()); request.setattribute("logincount",loginattempt ); long diff= new date().gettime() - loginattemptdate.gettime(); if (diff < yourtimelimitconst && loginattempt > 3 ){ requestdispatcher rd = getservletcontext().getrequestdispatcher("login.jsp"); printwriter out= response.getwriter(); out.println("<font color=red>either user name or password wrong.</font>"); rd.include(request, response); }else{ //do login check } and in jsp using scriptlets
<%if((integer)request.getattribute("logincount") > 3){%> document.getelementbyid("usernamebox").disabled = true; document.getelementbyid("passwordbox").disabled = true; <%}%> i assumed ids of input boxes in above code
Comments
Post a Comment