PHP form values

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jogen143
Forum Newbie
Posts: 15
Joined: Tue Mar 25, 2003 2:51 am

PHP form values

Post by jogen143 »

If a user entered invalid username 3 times i want keep that username value some where each time a username entered and compare them and do a process, can someone help.


Thanks
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

Could you give us a slight bit more information? Because I've got a few different positions in where I could head with this. :)
Image Image
jogen143
Forum Newbie
Posts: 15
Joined: Tue Mar 25, 2003 2:51 am

Post by jogen143 »

phice wrote:Could you give us a slight bit more information? Because I've got a few different positions in where I could head with this. :)

yes, say if a user type username or password which is invalid i want to catch that username entered and take a count, like that if a user type the invalid username or password for the second time I want to catch that username as well and take a count so on.

And when user typed invalid username or password for the 3rd time want to block the user if he as typed the same user name 3 times.

Thanks
Tubbietoeter
Forum Contributor
Posts: 149
Joined: Fri Mar 14, 2003 2:41 am
Location: Germany

Post by Tubbietoeter »

I'd use session variables for that; on each page you must start a session with session_start().

Then you can access session variables.

// init of <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> login counter
if (!isset($_SESSION['error_count'])) $_SESSION['error_count']=0;

// increment on each invalid login
if ($login="<span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span>") $_SESSION['error_count']++;

// make user leave
if ($_SESSION['error_count']==3) get_rid_of_user();


The problem is, this only works for the session, so if the user closes the browser and reopens it, he can try again.

another way is to do logfiles or cookies (but if the user knows that he just needs to delete the cookie) or logtables in a database, where you realize one counter per ip-address plus the time of last invalid login. rememer to set the counter back to 0 after 24 hrs or so.

maybe anyone here has a better solution.
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

As mentioned above, you can use sessions or cookies to log repeated attempts.

Then you could ban the IP address for a fixed period. Not for too long - it could be dynamically assigned - just long enough to make them go away.
Post Reply