Page 1 of 1

how to lock an account after 4 unsuccessful try to log in??

Posted: Tue Feb 16, 2010 2:18 am
by rrn
in my website , user login with username and password .. what i need to do is ,
if the user types wrong password for 4 times and he fails , account should be locked , after 4 tries only administrator should be able to log in . then tat user will be able to log in only after administrator changes his password ..
how can i implement this??

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Tue Feb 16, 2010 2:53 am
by papa
One way would be to use sessions. Store a variable that increments each time the guest is trying to login.

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Tue Feb 16, 2010 4:36 am
by rrn
How can i count the login attempts??

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Tue Feb 16, 2010 5:57 am
by papa

Code: Select all

 
<?php
 
// your auth method
function auth()
{
    return 0;
}
 
$name = $_POST['name'];
$pw = $_POST['pw'];
 
session_start();
 
if(!empty($name) && !empty($pw))
{
    if(!auth())
    {
        //Login attempts
        $_SESSION['attempts'] += 1;
        echo "Failed to log in. Attempt: {$_SESSION['attempts']} of 4.";
    }
    if($_SESSION['attempts'] == 4)
    {
        // Lock user
    }
}
 
if($_SESSION['attempts'] < 4)
{
?>
 
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
 
Name: <input type="text" name="name" />
<br /> 
Password: <input type="password" name="pw" />
<br />
<input type="submit" value="Login" />
 
</form>
<?php
} else {
    echo "<br /> <b>Your account has been locked.</b>";
}
 
Might get you an idea.

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Tue Feb 16, 2010 8:52 am
by AbraCadaver
Yes, but depending upon how long the session lives this will be lost at some point, maybe when the browser is closed. I would probably have a table that records this. You might also want to reset the login attempts counter to 0 after a successful login.

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Wed Feb 17, 2010 2:36 am
by rrn
thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Wed Feb 17, 2010 2:47 am
by John Cartwright
rrn wrote:thanks for the suggestions and code , papa........
how can i reset the session or login counter to 0 ??
Were not here to write code for you... what have you tried?

As suggested, you want to implement this on the database side.. a simple query along the lines of

Code: Select all

 
//increment
$sql = "UPDATE users SET loginattempts = loginattempts + 1 WHERE id = ". (int)$userid .""; 
 
//reset
$sql = "UPDATE users SET loginattempts = 0 WHERE id = ". (int)$userid .""; 
 

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Wed Feb 17, 2010 4:03 am
by rrn
Thanks
what i have tried is .......

Code: Select all

$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
 
 
if($a=mysql_fetch_array($result))
{
 
   if($a["email"]==$email)
    {
 
      if($a["password"]==$password)
      {
            header("location:after_login.php");
           }
          else
       {
        
            if ($_SESSION['attempts']>3)
               {
                echo "Account locked";
               }
        
           }
 
        }
 
 
       }
if a user fails to log in for the 4th time , it will display "account locked" . but sessions goes on incrementing even after i close the browser and open it again and try to log in with the same user..

i want to reset the session to 0 when its value reaches 3..
hope u can help me now.
any help will be appreciated..

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Wed Feb 17, 2010 5:56 am
by papa
Google?

First post

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Mon Feb 22, 2010 11:46 pm
by rrn
Thanks for the help ..
what i have tried is ..

Code: Select all

$result=mysql_query("SELECT * FROM "USERS" where email='".($_POST['email'])."'");
 
 
if($a=mysql_fetch_array($result))
{
    if($a["failed_login"] >= 3)
    {
 
        echo "Account locked";
    }
    else
    {
 
         if(($a["email"]==$email) and ($a["password"]==$password))
         {
            
                mysql_query("UPDATE ".TABLE_USERS." SET failed_login = 0    WHERE email='".($_POST['email'])."'");
 
           
            header("location:after_login.php");
        }
        else
        {
            echo "Invalid password";
            mysql_query("UPDATE ".TABLE_USERS." SET failed_login = failed_login + 1 WHERE email='".($_POST['email'])."'");
        }
    }
}
its working fine , but the problem is..
when a user log in and tries to login 2 times unsuccesfully , value in the database will be 2 . if the user closes the browser and tries to open the browser after sometime and log in , user will be able to atempt only the remaining 2 times , value in database will become 4 by then.. how to solve this problem?? please help...

Re: how to lock an account after 4 unsuccessful try to log in??

Posted: Tue Feb 23, 2010 3:48 am
by VladSun