Temporarily disable login after failed attempts

Question

I am trying to create a login screen for my app that disables the login button for 5 minutes after 3 failed login attempts.

However, in my app, the button can be easily enabled again by closing the app and starting it again.

How do I fix this?

Code:

public class LogIn extends Activity {

    EditText username = null;
    EditText password = null;

    Button loginbutton = null;

    int counter = 2;

    String user = "admin";
    String pw = "password";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_log_in);
        username = (EditText) findViewById(R.id.username);
        password = (EditText) findViewById(R.id.password);

        loginbutton = (Button) findViewById(R.id.loginbutton);
        loginbutton.setOnClickListener(new View.OnClickListener() {
            public void onClick(View v)
            {   String name = username.getText().toString();
                String pass = password.getText().toString();

                if (name.equals(user) && pass.equals(pw))
                // Successful Login
                {   Intent intent = new Intent(LogIn.this, MainApp.class);
                    startActivity(intent);
                }

                else if (name.equals("") || pass.equals(""))
                // Missing username or password
                {   Toast alert = Toast.makeText(LogIn.this, "Please enter a username or password", Toast.LENGTH_SHORT);
                    alert.show();
                }

                else if (counter == 0)
                // Disable button after 3 failed attempts
                {   loginbutton.setEnabled(false);

                    Toast alert = Toast.makeText(LogIn.this, "Login Disabled for 5 mins", Toast.LENGTH_SHORT);
                    alert.show();

                    final Handler handler = new Handler();
                    handler.postDelayed(new Runnable()
                    {   @Override
                        public void run()
                        {   loginbutton.setEnabled(true);
                            counter = 2;
                        }
                    }, 300000);
                }

                else
                // Wrong password
                {   Toast alert = Toast.makeText(LogIn.this, "Wrong Credentials", Toast.LENGTH_SHORT);
                    alert.show();
                    counter--;  
                };
            }
        });
    };
}

Answer 1

In that case you can save the CurrentTime in the preference and check it before attempting to login again

This is how a preference works

// Initiate the preference with Preference Filename and Access Mode for other Apps

SharedPreferences pref = getSharedPreferences("LoginTrack", Context.MODE_PRIVATE); // "LoginTrack" is the preference Name

// read the preference

long l = prefs.getLong("LastLoginDateTime", new Date().getTime()); 
String Attempts= pref.getString("MaxAttempts", "");


//To edit and save preferences again when you try login

Date dt = new Date(); // Current Time to Track loginTime
prefs.edit().putLong("LastLoginDateTime", dt.getTime()).commit();
prefs.edit().putString("MaxAttempts", "5").commit();

After Retrieve the data compere them and validate as you wish

Answer 2

You can use Shared Preference to store no of failure attempts. If a user fails to login into the app you can store no of attempts and time of that attempt in shared pref.

SharedPreferences pref = this.getSharedPreferences("Sample", Context.MODE_PRIVATE);
SharedPreferences.Editor editor = pref.edit();
editor.putString("ATTEMPTs", "5");
editor.putString("ATTEMPT_Time", System.currentTimeMillis());
editor.commit();

On launch of login activity check no of attempts in shared preference and enable or disable login button accordingly.

SharedPreferences  pref = this.getSharedPreferences("Sample", Context.MODE_PRIVATE);
String no_attempt = pref.getString("ATTEMPTs", "");
String time= pref.getString("ATTEMPT_Time"," ");

if(no_attempt>5 && Long.parseLong(time)>(System.currentTimeMillis()-300000))
{
  btn_login.setVisibilty(View.INVISIBLE);
}
else
{
   //login
}