protected void btnLogin_Click(object sender, EventArgs e)
{
//create a boolean variable to indicate is userID and password combination is found.
bool IsFound = false;
clsDataLayer dl = new clsDataLayer();
//set IsFound to true or false based on what is returned from GetUser.
IsFound = dl.GetUser(Server.MapPath("~/App_Data/AddressBook.mdb"), txtUserID.Text, txtPassword.Text);
//test if IsFound is true or fasle. If true redirect to frmUdpdateAddress.aspx. if false redirect to frmLogin.aspx and increment attempts counter.
if (IsFound)
{
//provide user access and redirect to frmUpdateAddress.aspx.
Response.Redirect("~/frmUpdateAddress.aspx");
}
else
{
//create variable to hold session object's AttemptCount. Increment counter by 1.
int myAttempts = Convert.ToInt32(Session["AttemptCount"]);
myAttempts = myAttempts + 1;
Session["AttemptCount"] = myAttempts;
//update lblStatus to reflect the log in attempt failed.
lblStatus.Text = "The User ID and/or Password supplied is incorrect. Please try again!";
//lock out user if number of invalid login attempts is 3 or greater
if (myAttempts >= 3)
{
//Code that locks user account.
dl.LockUserAcct(Server.MapPath("~/App_Data/AddressBook.mdb"), txtUserID.Text);
//update status message to indicate that the account is locked.
lblStatus.Text = "Your account is disabled.";
}
}
}
