how to lock an account after 4 unsuccessful try to log in??
Moderator: General Moderators
how to lock an account after 4 unsuccessful try to log in??
in my website , user login with username and password .. what i need to do is ,
if the user types wrong password for 4 times and he fails , account should be locked , after 4 tries only administrator should be able to log in . then tat user will be able to log in only after administrator changes his password ..
how can i implement this??
if the user types wrong password for 4 times and he fails , account should be locked , after 4 tries only administrator should be able to log in . then tat user will be able to log in only after administrator changes his password ..
how can i implement this??
Re: how to lock an account after 4 unsuccessful try to log in??
One way would be to use sessions. Store a variable that increments each time the guest is trying to login.
Re: how to lock an account after 4 unsuccessful try to log in??
How can i count the login attempts??
Re: how to lock an account after 4 unsuccessful try to log in??
Code: Select all
<?php
// your auth method
function auth()
{
return 0;
}
$name = $_POST['name'];
$pw = $_POST['pw'];
session_start();
if(!empty($name) && !empty($pw))
{
if(!auth())
{
//Login attempts
$_SESSION['attempts'] += 1;
echo "Failed to log in. Attempt: {$_SESSION['attempts']} of 4.";
}
if($_SESSION['attempts'] == 4)
{
// Lock user
}
}
if($_SESSION['attempts'] < 4)
{
?>
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
Name: <input type="text" name="name" />
<br />
Password: <input type="password" name="pw" />
<br />
<input type="submit" value="Login" />
</form>
<?php
} else {
echo "<br /> <b>Your account has been locked.</b>";
}
- AbraCadaver
- DevNet Master
- Posts: 2572
- Joined: Mon Feb 24, 2003 10:12 am
- Location: The Republic of Texas
- Contact:
Re: how to lock an account after 4 unsuccessful try to log in??
Yes, but depending upon how long the session lives this will be lost at some point, maybe when the browser is closed. I would probably have a table that records this. You might also want to reset the login attempts counter to 0 after a successful login.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Re: how to lock an account after 4 unsuccessful try to log in??
thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??
how can i reset the session or login counter to 0 ??
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: how to lock an account after 4 unsuccessful try to log in??
Were not here to write code for you... what have you tried?rrn wrote:thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??
As suggested, you want to implement this on the database side.. a simple query along the lines of
Code: Select all
//increment
$sql = "UPDATE users SET loginattempts = loginattempts + 1 WHERE id = ". (int)$userid ."";
//reset
$sql = "UPDATE users SET loginattempts = 0 WHERE id = ". (int)$userid ."";
Re: how to lock an account after 4 unsuccessful try to log in??
Thanks
what i have tried is .......
if a user fails to log in for the 4th time , it will display "account locked" . but sessions goes on incrementing even after i close the browser and open it again and try to log in with the same user..
i want to reset the session to 0 when its value reaches 3..
hope u can help me now.
any help will be appreciated..
what i have tried is .......
Code: Select all
$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
header("location:after_login.php");
}
else
{
if ($_SESSION['attempts']>3)
{
echo "Account locked";
}
}
}
}i want to reset the session to 0 when its value reaches 3..
hope u can help me now.
any help will be appreciated..
Re: how to lock an account after 4 unsuccessful try to log in??
Thanks for the help ..
what i have tried is ..
its working fine , but the problem is..
when a user log in and tries to login 2 times unsuccesfully , value in the database will be 2 . if the user closes the browser and tries to open the browser after sometime and log in , user will be able to atempt only the remaining 2 times , value in database will become 4 by then.. how to solve this problem?? please help...
what i have tried is ..
Code: Select all
$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
if($a=mysql_fetch_array($result))
{
if($a["failed_login"] >= 3)
{
echo "Account locked";
}
else
{
if(($a["email"]==$email) and ($a["password"]==$password))
{
mysql_query("UPDATE ".TABLE_USERS." SET failed_login = 0 WHERE email='".($_POST['email'])."'");
header("location:after_login.php");
}
else
{
echo "Invalid password";
mysql_query("UPDATE ".TABLE_USERS." SET failed_login = failed_login + 1 WHERE email='".($_POST['email'])."'");
}
}
}when a user log in and tries to login 2 times unsuccesfully , value in the database will be 2 . if the user closes the browser and tries to open the browser after sometime and log in , user will be able to atempt only the remaining 2 times , value in database will become 4 by then.. how to solve this problem?? please help...
Re: how to lock an account after 4 unsuccessful try to log in??
There are 10 types of people in this world, those who understand binary and those who don't