Search the Community
Showing results for tags 'wrong information'.
Found 1 result
-
As title says i need to block user for 30 minutes after he enter invalid data 3 times in a row. I know i need to enter ip and time in database, but how to stop form to be submited. i have this code for count failed attempts, he increment value in session every time submit is pressed // postavi ili povecaj broj u sessiji ako je Login button aktiviran if (empty($_SESSION['failed_login'])) { $_SESSION['failed_login'] = 1; } elseif (isset($_POST['login'])) { $_SESSION['failed_login']++; } // if login fail 3 times if ($_SESSION['failed_login'] > 3) { $error[] = 'U failed to login 3 times ' . $_SESSION['failed_login']; } This is whole login.php <?php // protect page from direct access if (!defined('AUTH')) { die('You are not authorized to see this page !'); } if ($general->is_logged() === true) { header('Location: index.php'); exit(); } $last_login_date = time(); $ip = $general->get_ip(); // postavi ili povecaj broj u sessiji ako je Login button aktiviran if (empty($_SESSION['failed_login'])) { $_SESSION['failed_login'] = 1; } elseif (isset($_POST['login'])) { $_SESSION['failed_login']++; } // if login fail 3 times if ($_SESSION['failed_login'] > 3) { $error[] = 'U failed to login 3 times ' . $_SESSION['failed_login']; } // login form if (isset($_POST['login'])) { $username = trim($_POST['username']); $password = trim($general->safepass($_POST['password'])); // if user entered username and password if (empty($username) || empty($password)) { $error[] = 'Please enter username and password'; } else { // login query $login = $users->login($username, $password); // cookie login if (isset($_POST['stay_logged'])) { // check if username and password is valid if ($login) { $user_id = $login['id']; // expire time for cookie 1 month $expire = time()+60*60*24*30; // make random code for token $rand = hash('sha512', mt_rand()); // set cookies setcookie('token', $rand, $expire); setcookie('username', $login['username'], $expire); setcookie('id', $login['id'], $expire); // update user last_login, ip, token code $update_login_data = $users->update_cookie_login($last_login_date, $ip, $rand, $user_id); // redirect user to index.php and exit script header('Location: index.php'); exit(); } else { // if username or password is not valid $error[] = 'Invalid username or password'; } } // session login else { // check if username and password is valid if ($login) { // make sessions with user_id and username $_SESSION['id'] = $login['id']; $_SESSION['username'] = $login['username']; $user_id = (int)$_SESSION['id']; // update user last_login, ip $update_login = $users->update_user_ip_login($last_login_date, $ip, $user_id); // redirect user to index.php and exit script header('Location: index.php'); exit(); } else { // if username or password is not valid $error[] = 'Invalid username or password'; } } } } ?> <h3>Log in</h3> <?php if (!empty($error)) { echo '<div class="big-error-msg"><ul style="margin:0 0 0 20px;">'; foreach ($error as $error) { echo '<li>'.$error. '</li>'; } echo '</ul></div>'; } ?> <form action="" method="POST" class="login-form"> <input type="text" name="username" placeholder="Username" required> <input type="password" name="password" placeholder="Password" required><br><br> <input type="checkbox" name="stay_logged"><label style="padding:0 0 0 10px;">Remember me ?</label><br> <input type="submit" name="login" value="Log in" class="small-button"> <label> <p><a href="index.php?page=forgotten_pass" title="Forgotten password ?">Forgotten password ?</a></p> <p>Don't have an account ? <a href="index.php?page=register" title="Register">Register</a></p> </label> </form>