I want to log login attempts. If you do 3 failed logins with the same username the account is disabled for 5 minutes.
Now I got followoing table to log the data in MySQL.
TStamp as timestamp
User as char(15)
IP_Address as char(16)
Session as char(32)
I was thinking to use timestamp as primary as this logfile is not very important. If 2 users do a failed login at the same second I simply would catch the mysql error and don't write the 2nd login attempt.
Somehow I am not satisfied with this as it is a kind off faulty programming.
An auto increment key has to be reseted somehow as it might get big fast in an environment with many short living log entries.
Any Ideas how to solve this best?
Looking for best primary key
Moderator: General Moderators
I think I just add the microsecond part of microtime() to the primary key
This should make it near impossible to do stuff at the same time. In case someone has the same problem here is what I did:
This will come up with a medium INT
This should make it near impossible to do stuff at the same time. In case someone has the same problem here is what I did:
Code: Select all
<?php
$field = explode(" ", microtime());
$micro_sec = $field[0] * 1000000;
?>Would this actually need a primary key field? You could do a costom version of the "users online" script that is very common out there.
Store user (id or name) along with a timestamp in the database, without primary keys.
Upon each failed login, you "insert into table values('user', 'timestamp')".
Then you "delete from table where timestamp < now()-300" to erase all traces of users that failed login 5 minutes (or more) ago.
Then "select count(user) where user = 'user'" to get the amount of tries he/she have made...
If this is more than 3, well...
Hope I made myself understandable.
User online scripts can be found using google or by browsing the EvilWalrus site for more ideas.
Store user (id or name) along with a timestamp in the database, without primary keys.
Upon each failed login, you "insert into table values('user', 'timestamp')".
Then you "delete from table where timestamp < now()-300" to erase all traces of users that failed login 5 minutes (or more) ago.
Then "select count(user) where user = 'user'" to get the amount of tries he/she have made...
If this is more than 3, well...
Hope I made myself understandable.
User online scripts can be found using google or by browsing the EvilWalrus site for more ideas.
I am wondering if theJAM wrote: Upon each failed login, you "insert into table values('user', 'timestamp')".
Then you "delete from table where timestamp < now()-300" to erase all traces of users that failed login 5 minutes (or more) ago.
Then "select count(user) where user = 'user'" to get the amount of tries he/she have made...
Code: Select all
delete from table where timestamp < now()-300I forgive my ignorance, as i thought of the use of another function prior to deleteing/selecting data:
By using the mysql function unix_timestamp() (thus converting the timestamp into plain seconds) you have more and easier ways to deal with this issue.
To comment the first post after mine; You actually dont need it. It has advances in alot of cases, but as you are deleting X rows each time a user is verified, the table shouldn't grow into such large properties that you'd need one.
Code: Select all
delete from test where unix_timestamp(timest) < now()-800To comment the first post after mine; You actually dont need it. It has advances in alot of cases, but as you are deleting X rows each time a user is verified, the table shouldn't grow into such large properties that you'd need one.