how to lock an account after 4 unsuccessful try to log in??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

how to lock an account after 4 unsuccessful try to log in??

Post by rrn »

in my website , user login with username and password .. what i need to do is ,
if the user types wrong password for 4 times and he fails , account should be locked , after 4 tries only administrator should be able to log in . then tat user will be able to log in only after administrator changes his password ..
how can i implement this??
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: how to lock an account after 4 unsuccessful try to log in??

Post by papa »

One way would be to use sessions. Store a variable that increments each time the guest is trying to login.
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: how to lock an account after 4 unsuccessful try to log in??

Post by rrn »

How can i count the login attempts??
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: how to lock an account after 4 unsuccessful try to log in??

Post by papa »

Code: Select all

 
<?php
 
// your auth method
function auth()
{
    return 0;
}
 
$name = $_POST['name'];
$pw = $_POST['pw'];
 
session_start();
 
if(!empty($name) && !empty($pw))
{
    if(!auth())
    {
        //Login attempts
        $_SESSION['attempts'] += 1;
        echo "Failed to log in. Attempt: {$_SESSION['attempts']} of 4.";
    }
    if($_SESSION['attempts'] == 4)
    {
        // Lock user
    }
}
 
if($_SESSION['attempts'] < 4)
{
?>
 
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
 
Name: <input type="text" name="name" />
<br /> 
Password: <input type="password" name="pw" />
<br />
<input type="submit" value="Login" />
 
</form>
<?php
} else {
    echo "<br /> <b>Your account has been locked.</b>";
}
 
Might get you an idea.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: how to lock an account after 4 unsuccessful try to log in??

Post by AbraCadaver »

Yes, but depending upon how long the session lives this will be lost at some point, maybe when the browser is closed. I would probably have a table that records this. You might also want to reset the login attempts counter to 0 after a successful login.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: how to lock an account after 4 unsuccessful try to log in??

Post by rrn »

thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: how to lock an account after 4 unsuccessful try to log in??

Post by John Cartwright »

rrn wrote:thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??
Were not here to write code for you... what have you tried?

As suggested, you want to implement this on the database side.. a simple query along the lines of

Code: Select all

 
//increment
$sql = "UPDATE users SET loginattempts = loginattempts + 1 WHERE id = ". (int)$userid .""; 
 
//reset
$sql = "UPDATE users SET loginattempts = 0 WHERE id = ". (int)$userid .""; 
 
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: how to lock an account after 4 unsuccessful try to log in??

Post by rrn »

Thanks
what i have tried is .......

Code: Select all

$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
 
 
if($a=mysql_fetch_array($result))
{
 
   if($a["email"]==$email)
    {
 
      if($a["password"]==$password)
      {
            header("location:after_login.php");
           }
          else
       {
        
            if ($_SESSION['attempts']>3)
               {
                echo "Account locked";
               }
        
           }
 
        }
 
 
       }
if a user fails to log in for the 4th time , it will display "account locked" . but sessions goes on incrementing even after i close the browser and open it again and try to log in with the same user..

i want to reset the session to 0 when its value reaches 3..
hope u can help me now.
any help will be appreciated..
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: how to lock an account after 4 unsuccessful try to log in??

Post by papa »

Google?

First post
rrn
Forum Commoner
Posts: 46
Joined: Wed Apr 15, 2009 7:54 am

Re: how to lock an account after 4 unsuccessful try to log in??

Post by rrn »

Thanks for the help ..
what i have tried is ..

Code: Select all

$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
 
 
if($a=mysql_fetch_array($result))
{
    if($a["failed_login"] >= 3)
    {
 
        echo "Account locked";
    }
    else
    {
 
         if(($a["email"]==$email) and ($a["password"]==$password))
         {
            
                mysql_query("UPDATE ".TABLE_USERS." SET failed_login = 0    WHERE email='".($_POST['email'])."'");
 
           
            header("location:after_login.php");
        }
        else
        {
            echo "Invalid password";
            mysql_query("UPDATE ".TABLE_USERS." SET failed_login = failed_login + 1 WHERE email='".($_POST['email'])."'");
        }
    }
}
its working fine , but the problem is..
when a user log in and tries to login 2 times unsuccesfully , value in the database will be 2 . if the user closes the browser and tries to open the browser after sometime and log in , user will be able to atempt only the remaining 2 times , value in database will become 4 by then.. how to solve this problem?? please help...
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: how to lock an account after 4 unsuccessful try to log in??

Post by VladSun »

There are 10 types of people in this world, those who understand binary and those who don't
Post Reply