how to check password for 3 times enterd wrong password

[sk.mahaboobbhasha@gmail.c]

hi

can any one help me in this.. i have a html/jsp form in that i have a field .. enter password... first time password will be stored in the databse... from second time when user enters passowrd wrongly for 3 times then it has to dispay some msg contact ur administrator. can any one send me this code? plzzzzzzzzzzzzzzzz send it ASAp


here is my code

import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class Validation extends HttpServlet
{
private ServletConfig config;
public void init(ServletConfig config)throws ServletException
{
this.config=config;
}

public void service(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException
{
String userName = request.getParameter("user");
String password = request.getParameter("pass");
PrintWriter out =response.getWriter();
HttpSession session = request.getSession();

boolean login(String userName, String password)
{
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con =DriverManager.getConnection("jdbc:mysql://localhost/basha","root","3ptec");
Statement s = con.createStatement();
String sql = "SELECT user FROM user" +
" WHERE user='" + user + "'" +
" AND Password='" + password + "'";
ResultSet rs = s.executeQuery(sql);
if (rs.next())
{
rs.close();
s.close();
con.close();
return true;
}
rs.close();
s.close();
con.close();
}

if(userName.equals(request.getParameter("user"))&& password.equals(request.getParameter("pass")))
{
out.println("<h1>User is Valid</h1>");
}
else
{
out.println("<h1>User is InValid</h1>");
}

if (!login(username, password) )
{
int count = Integer.parseInt( session.getAttribute("count") );
if (count > 3) {
response.sendRedirect("badbadUser.jsp");
}
else {
count++;
session.setAttribute("count");
response.sendRedirect("woopsWrongPasswordTryAgain. jsp");
}

catch (ClassNotFoundException e)
{
System.out.println(e.toString());
}
catch (SQLException e) {
System.out.println(e.toString());
}
catch (Exception e) {
System.out.println(e.toString());
}
return false;
}
}




}
}

[Nicholas Jordan]

At least this is posted in correct forum, passwords from 30,000 meters ( ! ) maybe we should check for ice on the wings or something...

boolean BooLeen =false; String sting = ServletRequest.getParameter("passoword in the clear");if(collection.contains(sting.hashCode())){ doLogin();}else{BooLeen = checkCounter(sting.hashCode());}if(Booleen){...... } and so on.

I hope this is a student project and there are no valuable data floating around.....needful to use java.security or javax.crypto ( HMAC or something )

[serjant]

You can make a hidden div in jsp file,then in Servlet (if your framework is Spring) create a ModelAndView object,then if the password was failed,add the object to it as a String with fail info and the number of times it was failed,and redirect again to your jsp page.Between the hidden div check if the password was failed,return the ModelAndView objects in the div message.Then if it failed three times update it in database,and don't let the servlet to go through those actions.If you don't use Spring,u can use HttpSession.