Navees_

Could you please provide me a link to the 10 other forums I have posted this on? I have posted it here, and on stack overflow. I wanted to get a range of opinions, but the question has been answered, and I have considered the answers in the previous post.

Hi guys, I am creating a piece of code that blocks a user a for 48 hours after attempting to login 5 times with the wrong password, within a 24hour period. If the user logs in successful within the 24hr and, it should reset the attempt count. The issue I'm having ATM is that with the attempt count, It is only updating the first row of that user, if i attempt more times. Here is an example of whats going on: User - Time - Attempt- count() User 1 10:00pm Attempt 1 (5) User 1 10:02pm Attempt 2 (4) User 1 10:04pm Attempt 3 (3) User 1 10:06pm Attempt 4 (2) User 1 10:07pm Attempt 5 (1) User 2 10:15pm Attempt 1 (2) User 2 10:20pm Attempt 2 (1) As you can see, all the attempts will increment (the numbers in the bracket) but the latest attempt will be set to one. How do I get it so that all the attempts are incremented so it looks like this. User - Time - Attempt- count() User 1 10:00pm Attempt 1 (5) User 1 10:02pm Attempt 2 (5) User 1 10:04pm Attempt 3 (5) User 1 10:06pm Attempt 4 (5) User 1 10:07pm Attempt 5 (5) User 2 10:15pm Attempt 1 (2) User 2 10:20pm Attempt 2 (2) Here is a snippet of my code: if (!$pw_ok) { if (isset($_SERVER["REMOTE_ADDR"])) { $str_RemoteHost = $_SERVER["REMOTE_ADDR"]; } else { $str_RemoteHost = ''; } $qry_WriteToDatabase = " INSERT INTO cms_user_login_attempts ( cula_user_id, cula_date_time, cula_remote_host, cula_attempt_count ) VALUES ( " . $db->SQLString($row->user_id) . ", Now(), " . $db->SQLString($str_RemoteHost, true) . ", 'cula_attempt_count' )"; $db->query($qry_WriteToDatabase); $qry_UpdateCount = " UPDATE cms_user_login_attempts SET cula_attempt_count = cula_attempt_count + 1 WHERE cula_user_id = " . $db->SQLString($row->user_id) . " "; $db->query($qry_UpdateCount); $qry_CheckDatabase = " SELECT CASE WHEN count(*) >= 5 THEN 0 ELSE 1 END as allowed_login FROM cms_user_login_attempts WHERE cula_date_time >= DATE_SUB(CURRENT_TIMESTAMP, interval 48 hour) AND cula_user_id = " . $db->SQLString($row->user_id) . ""; $rs_CheckDatabase = $db->query($qry_CheckDatabase); if (! (isset($qry_CheckDatabase) && $qry_CheckDatabase)) { $errors->defineError("invalid_user_pass", "Too many attempts, account locked for 48hours.", array("username","password")); } }

Hello, I have already created the table, the code writes to the database if the password is incorrect. I'm just stuck on the part the of the code finding the amount of bad attempts, checking it within a time period etc.

hope you all had a good Christmas/New Year. I'm creating a a login attempt piece of code for my website portal. The idea behind it is, if a user enters a password incorrectly 5 times consecutively within a 24 hour period, the system should lock them out for 48 hours. I have created the table in mysql for it, and written up some code, but im struggling to do the login attempt side of things. Here is a snippet of the code for the login attempt: if (! (isset($pw_ok) && $pw_ok)) { if (isset($_SERVER["REMOTE_ADDR"])) { $str_RemoteHost = $_SERVER["REMOTE_ADDR"]; } else { $str_RemoteHost = ''; } $errors->defineError("invalid_user_pass", "Your username or password is invalid. Please try again.", array("username","password")); $qry = " INSERT INTO cms_user_login_attempts ( cula_user_id, cula_date_time, cula_remote_host ) VALUES ( " . $db->SQLString($row->user_id) . ", Now(), " . $db->SQLString($str_RemoteHost, true) . " )"; $db->query($qry); } edit: Is it possible someone could help me with writing the code so that it is able to count the amount of attempts a specific user has made, check the database for how many attempts within the 24hr period and if the person has 5 attempts, lock them out. Also if a user enters the correct password within the 5 attempts, i want the attempts to reset for that user.