Banning users by reading variable via Java

Question

I am creating a basic password based login system. It uses MD5 to secure the password. The correct password is "csk" (without quotes). If anyone enters that correctly, he gets access to a key.html file in the local computer. But if someone enters the wrong password for three consecutive times, he gets "banned" from logging in again. But the design that I have constructed bans the user only for that particular session. If he opens the terminal again, it starts from the very beginning. If the variable count is greater than 3 (three) from the last time, then the program, on execution via void main() would display "You are banned". I want to keep it basic and not use JDBC and SQL and such. Also, this is a local application and not a web-based one. I'm quite confused what approach I should take on this. Here's my code that I've cooked up:

import java.math.*;
import java.security.*;
import java.io.*;
import java.util.*;
import java.net.HttpURLConnection;

public class pwd {


public static void main(String[] args)throws NoSuchAlgorithmException, IOException,     InterruptedException {
    int count = 1;
    boolean run = true;
    while (run && count<4){

    System.out.println("Enter the password");
    Scanner kb = new Scanner(System.in);
    String pass = kb.nextLine();
    String pd = "ea0882721f7f44384ce772375696f9a6"; //Password is "csk" without quotes  geeks, this is it's MD5
    // so enter "csk" in the terminal
    // to run the program on execution
    String md5sum = md5(pass);

    String os = System.getProperty("os.name");
    boolean o = false;
    int win = os.indexOf("Windows");
    if (md5sum.equals(pd)){

        System.out.println("You've logged in successfully, get the Key now");
        String url = "file:///C:/Users/<username>/Desktop/key.html"; // example www
        Runtime.getRuntime().exec("rundll32 url.dll,FileProtocolHandler " + url);
        run = false;

    }
    else {

        System.out.println("You've entered the wrong password, try again.");
        System.out.println();
        run = true;

        if (count>=3) {
            System.out.println("You are banned from logging in, due to repeated  unsuccessful login attempts.");
        }
        ++count;


    }

    }

}




 public static String md5(String input)throws NoSuchAlgorithmException, IOException {

    String md5 = null;
    MessageDigest digest = MessageDigest.getInstance("MD5");
    digest.update(input.getBytes(), 0, input.length());
    md5 = new BigInteger(1, digest.digest()).toString(16);
   return md5;
 }



 }

EDIT: There's no need for me to change MD5 hashing to anything else, it's just a basic one.

Answer 1

you can simply write to a file with java.io.FileWriter

FileWriter writer = null;
String text = "username";
try{
     writer = new FileWriter("banned.txt", true);
     writer.write("\r\n"); 
     writer.write(text,0,text.length());
}catch(IOException ex){
    ex.printStackTrace();
}finally{
  if(writer != null){
     writer.close();
  }
}

The above code allows you to add a line in a file.

To read the file, you can do like this (java.io.BufferedReader):

BufferedReader reader = new BufferedReader(new FileReader("banned.txt"));
String line = null;
while ((line = reader.readLine()) != null) {
    // check the username here
}

Answer 2

Hum what you want to do can be done but you have to create a kind of "login page" because as it is now (with the code you gave) there is no user information involved.

To save the important information of the ban, you can for example save a boolean in a file (or the user when you have it) and read this same file at the beginning of your code in order to know if user is ban or not. In this case you have to change your code to add the information of ban or not before trying the new input codes ;)

If you don't have a login page, so no user once you ban someone no one will be able to log any more :)

PS: Java class start with a Upper case not pwd but Pwd normally

PS2: Your count will always be increased because it's not in a else ;) so every try of new code will increase it even if the user is ban ;)