Hi There.

I built a system that will check out for the usere's Username and Password.
I also need to make it that way thatIf the user tries to login with the right Username but the wrong Password more than 3 times he will forward to a different page.

The problem is that I don't know how to do the 3 times part.

I'm susing a session (for each user) and I'm giving the session a number:
session("& username &") = 1
now I need to raise that number but I don't know how 'cause everytime the session("& username &") = 1 is reseting the value to 1 again.

Here's the code:

SQL = "SELECT Pass FROM tstTBL WHERE Pass='" & pass & "'"
Set rs = Server.CreateObject("ADODB.RecordSet")

rs.Open SQL,DSN,3,1
If NOT rs.eof then
response.redirect "good.asp"
Else
session("& username &") = 1
If session("& username &") < 3 Then
session("& username &") = 1 + 1
Else
response.redirect "bad.asp"
End If
response.redirect "logIn.asp"
End If

rs.Close
Set rs = Nothing


What to do?

The simple answer is to keep a hidden input in your form that records the number of attempts. Test and set this value on each attempt. That should work reliably.

The other way would be to create an anonymous session and record the value there during login. Then dumping that session afterwards, or just adding the user's info to it after successfully logging in.

The hidden Idea can work but I don't want to give anything in the code.

The other thing you suggested with the session sounds cool but I'm not sure how to do it right...
do you have an exsample or os?

Thanks a lot man

As I say to every ASP person out there, my asp is rusty. Here's the language independent algorithm in pseudo-pseudo code:

If is defined session.count and session.count is not equal to 3 {

If session not started
Start Session

If login is okay {
Set session info here
} else {
Set session.count += 1
}

} else {
print: You tried too many times
}

I can't really understand how to do certain stuff in that code.
sorry... but thanks any way man. I appriciate it.

Simple example:


<%

If Session("count") < 3 Then

' Attempt the login with your database lookup code here

' If the login is successful, do whatever you want on success
If loggedIn = true Then
response.Write("Yeah!")

Else
response.Write("Awww. :(")
Session("count") = Session("count") + 1

End If

Else
response.Write("You tried too many times")
End If
%>

looks good but one thing I can't get:
What's "loggedIn" in the "If loggedIn = true Then" stand for?

How can I apply your idea to here:


SQL = "SELECT Pass FROM tstTBL WHERE Pass='" & pass & "'"
Set rs = Server.CreateObject("ADODB.RecordSet")

rs.Open SQL,DSN,3,1
If NOT rs.eof then
response.redirect "good.asp"
Else
session("& username &") = 1
If session("& username &") < 3 Then
session("& username &") = 1 + 1
Else
response.redirect "bad.asp"
End If
response.redirect "logIn.asp"
End If

rs.Close
Set rs = Nothing

This should work. Let me know what happens.

If Session("count") < 3 Then
' Attempt the login with your database lookup code here
SQL = "SELECT Pass FROM tstTBL WHERE Pass='" & pass & "'"
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.Open SQL,DSN,3,1

' If the login is successful there should be one record returned
If rs.recordcount = 1 Then
' You'll want to close the recordset and release the memory here
' because in your previous code these lines would not occur on
' a successful login
rs.Close
Set rs = Nothing

' Go to the good page
response.redirect "good.asp"

Else
' Increment the number of tries so far and return them to the login page
Session("count") = Session("count") + 1
response.redirect "logIn.asp"

End If

Else
' If the attempts is not less than 3, they tried too many times.
' Send them to the bad place
response.redirect "bad.asp"
End If

I forgot! You'll also want to close the recordset and free the memory on a failed attempt, before redirecting.

It's working just great!!!
I hope you'll read the message.
Thanks a lot man, I appriciate it.