Page 1 of 1
Login Form - Counting Invalid Attempts
Posted: Mon Jan 22, 2007 8:56 am
by ORiGIN
Hello, I have a login script that I found on the internet and it works great but I tried adding to it. I wanted to count how many times an invalid attempt happened. So what I did was just add this to the top: $var1 = 0; then I added to the invalid attempt area this:
Code: Select all
} else {
$var1 = $var1 + 1;
$invalidLogin = 'Invailid Username/Password! This has happened: '.$var1.' time(s). 2 more and your banned!';
}
When I login unsuccessfully it just always says: "Invailid Username/Password! This has happened: 1 time(s)." It doesn't ever add like I want it to
How do I accomplish this?
Posted: Mon Jan 22, 2007 9:05 am
by waqas_punjabian
You have to use session variable instead of using regular variables.
then count the same as u r doing here:
Code: Select all
} else {
$_session['invalid_attempt'] = $_session['invalid_attempt'] + 1;
$invalidLogin = 'Invailid Username/Password! This has happened: '.$_session['invalid_attempt'].' time(s). 2 more and your banned!';
}
hope it works
Posted: Mon Jan 22, 2007 9:10 am
by ORiGIN
Do I just put this at the top where $var1 = 0; was - $_session['invalid_attempt'] = 0;? Or do I need to do something else. And do I need to do a session_start? because I already have session_start at the very top.
Posted: Mon Jan 22, 2007 9:13 am
by waqas_punjabian
U should just replace $var1 with the $_SESSION['invalid_attempt'], where ever u r using it at the top or at the middle. there's no need to do session_start() again because u 've already it once.
Posted: Mon Jan 22, 2007 9:21 am
by ORiGIN
waqas_punjabian wrote:U should just replace $var1 with the $_SESSION['invalid_attempt'], where ever u r using it at the top or at the middle. there's no need to do session_start() again because u 've already it once.
I cannot get it...

I did everything like you said, but when I type in wrong stuff and press enter the page just refreshes and nothing changes. When I use the correct stuff it logs in though.
Here is the php code that I used (I found on these forums...):
Code: Select all
<?php
session_start();
$_SESSION['invalid_attempt'] = 0;
$errorMessage = 'You Better Really Be An Admin If You Are Here. 3 Invalid Login Attempts Will Get You A Permanent Ban From The Site And An Email Will Be Sent To Us Containing The Username(s) And Password(s) You Entered, The Date And Time, And Your IP Address.';
if (isset($_POST['txtUserName']) && isset($_POST['txtPassword'])) {
// connect to database here
include('config.php');
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$username = $_POST['txtUserName'];
$password = $_POST['txtPassword'];
$sql = "SELECT id, nickname, username
FROM $table
WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
list($userid, $nickname, $username) = mysql_fetch_array($result);
if (($userid) >= 1) {
$_SESSION['userid'] = $nickname;
print " <font size="1" face="Arial"> Welcome, $_SESSION[userid] <a href="logout.php">Logout</a></font>";
} else {
$_SESSION['invalid_attempt'] = $_SESSION['invalid_attempt'] + 1;
$invalidLogin = 'Invailid Username/Password! This has happened: '.$_session['invalid_attempt'].' time(s). 2 more and your banned!';
}
mysql_close();
}
?>
http://evgclan.net/new/newlogin.php - That is where it is located
Posted: Mon Jan 22, 2007 9:45 am
by Mohamed
should not you suppose to increment $_SESSION['invalid_attempt'].
in ever page load you are resetting variable to 0
Posted: Mon Jan 22, 2007 9:53 am
by ORiGIN
Mohamed wrote:
should not you suppose to increment $_SESSION['invalid_attempt'].
in ever page load you are resetting variable to 0
Thanks for that, but how would I fix this? I tried doing this instead, but it still won't work...
Code: Select all
if ( $_SESSION['invalid_attempt'] > 0 ) {
// Do Nothing
} else {
$_SESSION['invalid_attempt'] = 0;
}
Posted: Mon Jan 22, 2007 9:54 am
by waqas_punjabian
You should use this in some other page,
for example, use it in some other configuration page.
Posted: Mon Jan 22, 2007 9:56 am
by waqas_punjabian
Do increment here, where u do nothing.
Code: Select all
if ( $_SESSION['invalid_attempt'] > 0 ) {
$_SESSION['invalid_attempt']++;
} else {
$_SESSION['invalid_attempt'] = 0;
}
Posted: Mon Jan 22, 2007 10:31 am
by Mohamed
here is the code
Code: Select all
<?php
session_start();
if(isset($_SESSION['invalid_attempt'])){
$_SESSION['invalid_attempt']+=1;
}
else {
$_SESSION['invalid_attempt']=0;
}
?>
Posted: Thu Jan 25, 2007 9:00 am
by ORiGIN
Mohamed wrote:here is the code
Code: Select all
<?php
session_start();
if(isset($_SESSION['invalid_attempt'])){
$_SESSION['invalid_attempt']+=1;
}
else {
$_SESSION['invalid_attempt']=0;
}
?>
Thanks for all of your help, but it won't work. I have no idea why, but it just does not want to work. Logging in works perfect. But when it is wrong it just refreshes the page and nothing changes. I guess I don't really need to ban anybody. I was eventually going to use that as an admin login page, but seeing how I am a noob I will not
Thanks again for your help.