Page 1 of 1
PHP form values
Posted: Tue Apr 01, 2003 10:06 pm
by jogen143
If a user entered invalid username 3 times i want keep that username value some where each time a username entered and compare them and do a process, can someone help.
Thanks
Posted: Tue Apr 01, 2003 10:42 pm
by phice
Could you give us a slight bit more information? Because I've got a few different positions in where I could head with this.

Posted: Tue Apr 01, 2003 11:17 pm
by jogen143
phice wrote:Could you give us a slight bit more information? Because I've got a few different positions in where I could head with this.

yes, say if a user type username or password which is invalid i want to catch that username entered and take a count, like that if a user type the invalid username or password for the second time I want to catch that username as well and take a count so on.
And when user typed invalid username or password for the 3rd time want to block the user if he as typed the same user name 3 times.
Thanks
Posted: Wed Apr 02, 2003 2:07 am
by Tubbietoeter
I'd use session variables for that; on each page you must start a session with session_start().
Then you can access session variables.
// init of <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> login counter
if (!isset($_SESSION['error_count'])) $_SESSION['error_count']=0;
// increment on each invalid login
if ($login="<span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>") $_SESSION['error_count']++;
// make user leave
if ($_SESSION['error_count']==3) get_rid_of_user();
The problem is, this only works for the session, so if the user closes the browser and reopens it, he can try again.
another way is to do logfiles or cookies (but if the user knows that he just needs to delete the cookie) or logtables in a database, where you realize one counter per ip-address plus the time of last invalid login. rememer to set the counter back to 0 after 24 hrs or so.
maybe anyone here has a better solution.
Posted: Wed Apr 02, 2003 1:55 pm
by McGruff
As mentioned above, you can use sessions or cookies to log repeated attempts.
Then you could ban the IP address for a fixed period. Not for too long - it could be dynamically assigned - just long enough to make them go away.