Sign in to follow this  
Followers 0
Thudo

Adding a count to lock a user if too many password attempts is reached

8 posts in this topic

#1 ·  Posted (edited)

My code:

Func _PasswordCheck()
$bPasswordHash=(FileReadLine($sav, 5))
$bMasterPasswordHash=(FileReadLine($sav, 6)) 
$sPassword=InputBox("Login","Enter Password      "&(FileReadLine($sav, 5)),"",'',320,100)
If _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bPasswordHash or _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bMasterPasswordHash Then
Else
    MsgBox(16,"Access Denied","Password Incorrect!")
EndIf
EndFunc
So when a user continues to get the MsgBox "Access Denied" I want to lock them out after a certain # of attempts has passed. Essentially, I want after X times to have a pop-up happen saying "too many failed attempted logins have occurred". I feel like a dolt I know this is simple somewhere. :blink:

Thanks everyone!

Edited by Thudo

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Something like this ?

Switch _PasswordCheck()
    Case 1
        MsgBox(0, "Result", "Login Correct")
    Case 0
        MsgBox(0, "Result", "Login Cancelled ")
    case -1
        MsgBox(0, "Result", "Failed 3 times lock out user")
EndSwitch

Func _PasswordCheck()
    Local $iXTimes = 3, $iCount = 1
    While 1
        Local $sPassword = InputBox("Login", "Enter Password", "", "", 320, 100)
        Select
            Case $sPassword = "Correct"
                Return 1
            Case $iCount = $iXTimes
                MsgBox(16, "Access Denied", "Too many failed attempted logins have occurred !")
                Return -1
            Case $sPassword = ""
                If @error = 1 Then Return 0
            Case Else
                MsgBox(16, "Access Denied", "Password Incorrect!" & @CR & "You have " & $iXTimes - $iCount & " trys left")
                $iCount += 1
        EndSelect
    WEnd
EndFunc   ;==>_PasswordCheck
Edited by Yoriz

GDIPlusDispose - A modified version of GDIPlus that auto disposes of its own objects before shutdown of the Dll using the same function Syntax as the original.EzMySql UDF - Use MySql Databases with autoit with syntax similar to SQLite UDF.

Share this post


Link to post
Share on other sites

Thanks - this helped me out - I was looking for exactly this tonight.

Do you want to reverse the order of two of the cases such that checking for the proper password comes first?

This way if you get it on the last attempt it still recognizes it.

Case $sPassword = "Correct"

Return 1

Case $iCount = $iXTimes

MsgBox(16,"Access Denied", "Too many failed attempted logins have occurred !")

Return -1

Ed

Share this post


Link to post
Share on other sites

Well spotted EdWilson, i have switched them around in the original post, as suggested.


GDIPlusDispose - A modified version of GDIPlus that auto disposes of its own objects before shutdown of the Dll using the same function Syntax as the original.EzMySql UDF - Use MySql Databases with autoit with syntax similar to SQLite UDF.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Forgive my ignorance but where does:

If _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bPasswordHash or _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bMasterPasswordHash Then
fit in there? Password has to be validated by the encryption. :blink:

Ah and can you also compensate for the user hitting the ESC key and when user hits OK just leaving the input box blank it should count as an invalid login? Hitting ESC bypasses the prompt. Huge security flaw. ;)

Now have to figure out how to lock the user's mouse/keyboard to the login prompt during and after the logins have failed.

Really appreciate this help!

Edited by Thudo

Share this post


Link to post
Share on other sites

I dont know what _Crypt_HashData returns but the code checks the password is correct with this line so alter it to suit.

Case $sPassword = "Correct"

To have ESC key and when user hits OK just leaving the input box blank count as an attempt to login just comment out the following.

Case $sPassword = ""

If @error = 1 Then Return 0

Locking the mouse/keyboard sounds a bit harsh, why not just set that user to disabled , then once that user account has been investigated it can be reanabled or lock it out for a certain time or something.


GDIPlusDispose - A modified version of GDIPlus that auto disposes of its own objects before shutdown of the Dll using the same function Syntax as the original.EzMySql UDF - Use MySql Databases with autoit with syntax similar to SQLite UDF.

Share this post


Link to post
Share on other sites

I dont know what _Crypt_HashData returns but the code checks the password is correct with this line so alter it to suit.

Case $sPassword = "Correct"

Return Value

Success: Returns hash or hash object if $fFinal=False

Sets @error to 0

Failure: Returns -1 and sets @error:

1 - Failed to create hash object

2 - Failed to hash data

3 - Failed to get hash size

4 - Failed to get hash

I'm still figuring out where to put it in your code. ;)

To have ESC key and when user hits OK just leaving the input box blank count as an attempt to login just comment out the following.

Case $sPassword = ""

If @error = 1 Then Return 0

Yep worked great!

Locking the mouse/keyboard sounds a bit harsh, why not just set that user to disabled , then once that user account has been investigated it can be reanabled or lock it out for a certain time or something.

Yeah harsh I know but security wants this locked up so noone can use it. They don't have Windows authentication via AD enabled on such boxes hence the need to fully simulate it. :blink: We'll likely work out a compromise.

Share this post


Link to post
Share on other sites

Ah gotcha..

If _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bPasswordHash or _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bMasterPasswordHash Then Return $sPassword
Works great.. :blink:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0