Page 1 of 1
how to lock an account after 4 unsuccessful try to log in??
Posted: Tue Feb 16, 2010 2:18 am
by rrn
in my website , user login with username and password .. what i need to do is ,
if the user types wrong password for 4 times and he fails , account should be locked , after 4 tries only administrator should be able to log in . then tat user will be able to log in only after administrator changes his password ..
how can i implement this??
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Tue Feb 16, 2010 2:53 am
by papa
One way would be to use sessions. Store a variable that increments each time the guest is trying to login.
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Tue Feb 16, 2010 4:36 am
by rrn
How can i count the login attempts??
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Tue Feb 16, 2010 5:57 am
by papa
Code: Select all
<?php
// your auth method
function auth()
{
return 0;
}
$name = $_POST['name'];
$pw = $_POST['pw'];
session_start();
if(!empty($name) && !empty($pw))
{
if(!auth())
{
//Login attempts
$_SESSION['attempts'] += 1;
echo "Failed to log in. Attempt: {$_SESSION['attempts']} of 4.";
}
if($_SESSION['attempts'] == 4)
{
// Lock user
}
}
if($_SESSION['attempts'] < 4)
{
?>
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
Name: <input type="text" name="name" />
<br />
Password: <input type="password" name="pw" />
<br />
<input type="submit" value="Login" />
</form>
<?php
} else {
echo "<br /> <b>Your account has been locked.</b>";
}
Might get you an idea.
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Tue Feb 16, 2010 8:52 am
by AbraCadaver
Yes, but depending upon how long the session lives this will be lost at some point, maybe when the browser is closed. I would probably have a table that records this. You might also want to reset the login attempts counter to 0 after a successful login.
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Wed Feb 17, 2010 2:36 am
by rrn
thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Wed Feb 17, 2010 2:47 am
by John Cartwright
rrn wrote:thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??
Were not here to write code for you... what have you tried?
As suggested, you want to implement this on the database side.. a simple query along the lines of
Code: Select all
//increment
$sql = "UPDATE users SET loginattempts = loginattempts + 1 WHERE id = ". (int)$userid ."";
//reset
$sql = "UPDATE users SET loginattempts = 0 WHERE id = ". (int)$userid ."";
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Wed Feb 17, 2010 4:03 am
by rrn
Thanks
what i have tried is .......
Code: Select all
$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
if($a=mysql_fetch_array($result))
{
if($a["email"]==$email)
{
if($a["password"]==$password)
{
header("location:after_login.php");
}
else
{
if ($_SESSION['attempts']>3)
{
echo "Account locked";
}
}
}
}
if a user fails to log in for the 4th time , it will display "account locked" . but sessions goes on incrementing even after i close the browser and open it again and try to log in with the same user..
i want to reset the session to 0 when its value reaches 3..
hope u can help me now.
any help will be appreciated..
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Wed Feb 17, 2010 5:56 am
by papa
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Mon Feb 22, 2010 11:46 pm
by rrn
Thanks for the help ..
what i have tried is ..
Code: Select all
$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
if($a=mysql_fetch_array($result))
{
if($a["failed_login"] >= 3)
{
echo "Account locked";
}
else
{
if(($a["email"]==$email) and ($a["password"]==$password))
{
mysql_query("UPDATE ".TABLE_USERS." SET failed_login = 0 WHERE email='".($_POST['email'])."'");
header("location:after_login.php");
}
else
{
echo "Invalid password";
mysql_query("UPDATE ".TABLE_USERS." SET failed_login = failed_login + 1 WHERE email='".($_POST['email'])."'");
}
}
}
its working fine , but the problem is..
when a user log in and tries to login 2 times unsuccesfully , value in the database will be 2 . if the user closes the browser and tries to open the browser after sometime and log in , user will be able to atempt only the remaining 2 times , value in database will become 4 by then.. how to solve this problem?? please help...
Re: how to lock an account after 4 unsuccessful try to log in??
Posted: Tue Feb 23, 2010 3:48 am
by VladSun