I have a question that i try to solve since yesterday. I know how to block user textbox input that is simple but now i would like to do it during a specific time (1 hour). Is the case when a user enter his password more than 3 times.
It means that i need create a countdown and is the point where i am blocked. So I tried to use a Timer. But when i debug my program with a breakpoint in the method TextBoxTimer_Tick this event is never fired.
Here is some code that i did :
Private TextBoxTimer As New Timer()
Dim TextboxCompteur As Integer
Private Sub TbxUtilisateur_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs)
Handles TbxUtilisateur.TextChanged
AddHandler TextBoxTimer.Tick, AddressOf TextBoxTimer_Tick
TextBoxTimer.Interval = 1000 'Every 1 seconde
TextBoxTimer.Enabled = True
TextboxCompteur = 10 'during 10 secondes the textbox will be blocked for test
.
. some other code
.
End Sub
Protected Sub TextBoxTimer_Tick(ByVal sender As Object, ByVal e As System.EventArgs)
TextboxCompteur -= 1
If Not TextboxCompteur = 0 Then Exit Sub
TextBoxTimer.Enabled = False
TextBoxTimer.Dispose()
RemoveHandler TextBoxTimer.Tick, AddressOf TextBoxTimer_Tick
TbxMotDePasse.ReadOnly = False
End Sub
Maybe someone will see what i missed ? Otherwise if you have some others ideas on how deal with this i am listening
Thanks for your future answers !
You can't easily use a timer in a web application like this; you should instead implement a solution where you, at the time you decide to lock the user out for one hour, update a database column that locks the user out until one hour after the current time. Here is pseudo code:
bool Login(string username, string password){
User x = DoDbLookupForUser(username)
//user table has USERNAME, HASHEDPASSWORD, WRONGATTEMPTSCOUNTER, LOCKEDOUTUNTILDATE columns
if x == null
throw new UserNotFoundException
if DateTime.Now < x.LockedOutUntilDate
throw new UserLockedOutException
if x.HashedPassword != Hash(password){
x.WrongAttemptsCounter++
if x.WrongAttemptsCounter >= 3
x.LockedOutUntilDate = DateTime.Now.AddHours(1)
SaveUser(x)
throw new UserPasswordIncorrectException
}
x.WrongAttemptsCounter = 0;
SaveUser(x)
return true
}
After 3 attempts the user is locked out. They can try again after one hour. If they get it wrong again they are locked out for another hour. If you want to give them 3 attempts in an hour reset the counter to 0 when you set the date rather than on successful login. There is no need to reset the lockout date to null; as soon as it goes into the past it will be ignored. It can be handy to know if a user has ever locked themselves out and when so might as well keep the data