faulty_by_design

I don't think it's exactly what you guys were suggesting, but I've sorted it (I think!). Thanks!

That sounds great, but now the problem is I have no idea how to accomplish what ye say! I'm not very experienced with PHP. I'm sure I'll be able to find a tutorial on how to get the IP address somewhere from google, and I know how to communicate with mysql, add the info and so on. The problem would be how to count the number of attempted logins? What I am thinking now (please, correct me if I'm wrong!) is: ->Write a program to check if after a failed login, their IP is in the database. If not, then put it in and set column->numAttempts to 1. ->Then reload the login page to try again. If it is another failure, check if the IP is in the database and if it is then check to see what column->numAttempts holds and increase by 1. ->Keep repeating until column->numAttempts reaches 5. ->When the login page loads and it sees the IP that is attempting to login has column->numAttempts=5, it loads a different page saying that login is disabled. That seems to me like it could work and is something like you are suggesting? But, it still leaves me with the problem of how do I delete the record from the database after a set amount of time? Thanks for ye'r help!

Hello all I'm building a site where members can login and I would appreciate if anybody can help me with a way to limit the number of retries allowed for a login? What I was thinking is to create a cookie at the login page with a variable set to 0. Then after a failed login, it increments the variable by 1 until after 5 retries the variable reaches 5. My problem is then how to set a time limit until they can try logging in again? Would setting a time limit on the destruction of the cookie be the best way? Or even, is there a better way than using cookies to complete the task seeing as if somebody deletes the cookie it resets anyway? I had thought of a session but then just closing the browser would reset it (am I right?).