[SOLVED] secuity login idar.

[redarrow]

When a user join my web site, I send them a validation link to validate there account

via email, but also i send them.

 

username

password

4 digit code

 

The user has to enter there, username and password and select there

4 digit code via select box with 4 selections

 

o-9

 

what i want to no what is the possibility to get the select box number right if it forced.

 

i fort the maths was

 

10 * 4 * 10 = 400 possibility's

 

or is it

 

10 * 4 * 10 = 400 * 10 = 4000 possibility

 

 

does that sound right.

 

 

[revraz]

Wouldn't there be 9999 combinations?

[redarrow]

so you get the largest number then times by the 4 so 9999 that correct dont no.

 

yes it is thank u.

 

nine thousand nine hundred and nifty nine times

[revraz]

Just allow 3 attempts.

[Mark Baker]

Wouldn't there be 9999 combinations?

No, 10000, because 0000 is also a valid combination

[redarrow]

would you do that via a temp database or session.

 

revraz

 

maybe even a database logging system.

 

id ip timestamp attempts.

[revraz]

I would do it via a DB, if you do it via a Session, when they close their browser it will clear.

[redarrow]

well spotted mate cheers.