For fun, I am setting up a messaging system with usernames and passwords. as a basic defence against hydra (brute force) attacks, I’ve attempted to implement a timer that activates after 5 incorrect attempts. For an unknown reason, the ‘incorrect username or password’ message does not seem to display, even though I reset the variable each time its loaded.

Expected: after 5 incorrect attempts, program forces user to wait 10 seconds and then resets. if 5 more incorrect attempts occur, the user is forced to wait 20 seconds and so on.

What happens: after 5 incorrect attempts, program forces user to wait 10 seconds and then resets. after reset, anything entered has no effect, even correct inputs.

Relevant code for reference:

#import stuff
import tkinter as tk
import os
from socket import *
import time

#initialize
print("initializing...")
login = False
host = ""
usernameenter = ""
passwordenter = ""
usernames = [""]
passwords = [""]
ipaddressname = [""]
ipaddress = [""]
usersipadname = [""]
usersipad = [""]
sendreceive = 0
antihydratimer = 10
antihydratries = 0
seconds = 0

#open files and assign relevant arrays
try:
    with open("usernames_file.txt", "r") as f:
        usernames = f.readlines()
    with open("passwords_file.txt", "r") as f:
        passwords = f.readlines()
    print("Storage files found. Loading complete.")
# if no files create them
except FileNotFoundError:
    print("No storage files found. Creating files...")
    open("usernames_file.txt", "a").close()
    open("passwords_file.txt", "a").close()

#setup an antihydra timer
def countdown_timer(seconds):
    #globalize variable
    global antihydratimer
    #timer
    while seconds:
        mins, secs = divmod(seconds, 60)
        timer = '{:02d}:{:02d}'.format(mins, secs)
        time.sleep(1)
        seconds -= 1
        
    #end timer and reset page
    print("Time's up!")
    enter_signin()
    antihydratries = 0

#setup screen reset for after user enters new acc data
def reset_screen():
    #idk what this is
    for widget in root.winfo_children():
        widget.destroy()

    #clear entered data and remove labels if they exist
    if 'button3' in globals():
        button3.destroy()
    if 'newusername_label' in globals():
        newusername_label.destroy()
    if 'newpassword_label' in globals():
        newpassword_label.destroy()
    if 'button4' in globals():
        button4.destroy()
    if 'username_label' in globals():
        username_label.destroy()
    if 'password_label' in globals():
        password_label.destroy()

    #set up initial page
    basic_GUI()

#setup new account page
def on_click_signup():
    #globalize relevant variables and tk stuff
    global newusername_label, newpassword_label, newusernameentered, newpasswordentered, button3, signupclicked, newusername_label
    #remove buttons to signin and signup
    button1.pack_forget()
    button2.pack_forget()
    
    #where user enters new username and saves it as 'newusernameentered'
    newusername_label = tk.Label(root, text="New username:", width=40)
    newusername_label.pack()
    newusernameentered = tk.Entry(root)
    newusernameentered.pack(padx=10, pady=10)

    #where user enters new password and saves it as 'newpasswordentered'
    newpassword_label = tk.Label(root, text="New password:", width=40)
    newpassword_label.pack()
    newpasswordentered = tk.Entry(root, show="*")
    newpasswordentered.pack(padx=10, pady=10)

    #enter key to begin transfer of entered data
    button3 = tk.Button(root, text="Enter", width=40, command=enter_signup)
    button3.pack(padx=10, pady=10)

def enter_signup():
    #enters entered data
    newusername = newusernameentered.get()
    newpassword = newpasswordentered.get()
    
    #pretty sure this doesnt work
    if newusername in usernames:
        print("Username already exists.")
        #resets page
        on_click_signup()
        
    #if username is valid
    else:
        #appends to array
        usernames.append(newusername)
        passwords.append(newpassword)

        #appends to .txt file
        with open("usernames_file.txt", "a") as f:
            f.write(newusername + "n")
        with open("passwords_file.txt", "a") as f:
            f.write(newpassword + "n")

        #yay
        print("Account created successfully!")
        print("Your new username is", newusername)
        print("Your new password is", newpassword)

        #destroys signup screen and shows initial screen
        reset_screen()
        #will add home button sometime

#setup entering acc page
def on_click_signin():
    #globalize relevant variables and tk stuff
    global username_label, password_label, usernameentered, passwordentered, button4, signinclicked
    #remove buttons to signin and signup
    button1.pack_forget()
    button2.pack_forget()

    #where user enters username and saves it as 'usernameentered'
    username_label = tk.Label(root, text="Username:")
    username_label.pack()
    usernameentered = tk.Entry(root)
    usernameentered.pack()

    #where user enters password and saves it as 'passwordentered'
    password_label = tk.Label(root, text="Password:")
    password_label.pack()
    passwordentered = tk.Entry(root, show="*")
    passwordentered.pack()

    #enter key to begin transfer of entered data
    button4 = tk.Button(root, text="Enter", width=40, command=enter_signin)
    button4.pack(padx=10, pady=10)

def enter_signin():
    #globalize relevant variables and tk stuff
    global login, antihydratimer, antihydratries, seconds
    #resets variable if giong through process 2nd time
    triestoincorrect = 0
    #enters entered data
    username = usernameentered.get()
    password = passwordentered.get()

    #if timer isnt active
    if seconds == 0:
        #runs loop based on length of usernames array
        for index in range(len(usernames)):
            #if statement regarding if entered username matches with current indexed username and password in array
            if usernames[index] == username and passwords[index] == password:
                #if true will let user in to their contacts
                print("Welcome aboard captain, all systems online.")
                login = True
                #should stop loop
                return
            #if current indexed username and password in array does not match raises triesto incorrect
            else:
                triestoincorrect += 1

        #if all indexed username and password in array does not match, the password or username must not be valid
        if triestoincorrect >= len(usernames):
            #adds 1 to antihydra
            antihydratries += 1
            #if antihydra happens 5 times activate security measures
            if antihydratries >= 5:
                #cumulative timer
                seconds = antihydratimer
                #digital gandalf defeats balrog
                print("YOU SHALL NOT PASS! for", antihydratimer, "seconds")
                #activates countdown timer
                countdown_timer(seconds)
                #adds 10s more for future incidents (you could probalby set a macro to close and reopen but ok)
                antihydratimer += 10
            else:
                print("Incorrect username or password")


root = tk.Tk()

#for after screen reset
def basic_GUI():
    global button1, button2
    button1 = tk.Button(root, text="Sign Up", width=40, command=on_click_signup)
    button1.pack(padx=10, pady=10)
    button2 = tk.Button(root, text="Sign In", width=40, command=on_click_signin)
    button2.pack(padx=10, pady=20)

basic_GUI()