Hi,
I'm trying to make a login system ( which is done ) that can lock a user out after 4 bad login attempts.

so far I've got all the info being logged to sql.
logging:
ip, date, time, user, password, domain,

and my code so far:

ip = Request.ServerVariables("REMOTE_ADDR")

SQL = "SELECT TOP 10 * FROM LockoutLog WHERE ipaddress='"&ip&"' AND ORDER by lid DESC"



and trying to use
DateDiff("n", Now(), rs("logtime")
to start writing some if statements,
but I'm a little stuck at the moment on how to best accomplish this.

any help would be greate!

thanks in advance for your time!
-Ken
[/php]

ah ok,, i've figured it out.


ip = Request.ServerVariables("REMOTE_ADDR")
SQL = "SELECT TOP 10 * FROM LockoutLog WHERE ipaddress='"&ip&"' ORDER by lid DESC"
set rs = conn.Execute( SQL )

logincount = 0

Do Until rs.EOF

lastlogin = DateDiff("n", Now(), rs("logtime"))
lastlogin = replace(lastlogin,"-","")
If int(lastlogin) < 5 Then
logincount = logincount + 1
response.write replace(lastlogin,"-","")&"<br />"
End If
rs.MoveNext
Loop
response.write "<br />total: "&logincount&"<br />"

if NOT logincount > "3" then
response.write "Try again!"
Else
response.write "locked out!"
end if

I think you could set up a counter variable when they attemp to login, and keep incrementing it each time the login fails, and once they hit the max number of attempts, you can set a flag in your table that lets you know they need to reset their password or whatever the routine is.

EDIT: tisk tisk i'm too slow :o

hehe, np.
thats a good idea too, but we want to lock out a use with too bad logins within a 5 minute period.

thanks though,
-Ken