gangsterwanster1 Posted July 1, 2009 Share Posted July 1, 2009 How can i do it so if a user failed to login in 5 times the site automatically blocks there IP for say 30 minutes? (Without using mysql database? - only one user is on the site, credentials pre-set by user) Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/ Share on other sites More sharing options...
Bendude14 Posted July 1, 2009 Share Posted July 1, 2009 you could create a session on first attempt and keep count in a session variable. Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-867203 Share on other sites More sharing options...
gangsterwanster1 Posted July 1, 2009 Author Share Posted July 1, 2009 I am already using the session variable for the login script but can you provide a example on counting the sessions variable? (Not sure where to start on the block counter) Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-867205 Share on other sites More sharing options...
PFMaBiSmAd Posted July 1, 2009 Share Posted July 1, 2009 You need to store the IP, the failed try count, the fact that they are locked out, and the time the lockout occurred persistently using a method that the visitor cannot reset. If you use a session, the visitor can just reset the values by dropping the existing session id and starting a new session. If you are not using a mysql database, you will need to store this information in a flat-file database. Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-867209 Share on other sites More sharing options...
gangsterwanster1 Posted July 1, 2009 Author Share Posted July 1, 2009 You need to store the IP, the failed try count, the fact that they are locked out, and the time the lockout occurred persistently using a method that the visitor cannot reset. If you use a session, the visitor can just reset the values by dropping the existing session id and starting a new session. If you are not using a mysql database, you will need to store this information in a flat-file database. So you would use the fwrite function to write the IP to a textfile, and when logging in read the textfile to check the amount of logins / time and determine it from there? Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-867211 Share on other sites More sharing options...
gangsterwanster1 Posted July 1, 2009 Author Share Posted July 1, 2009 Can you add an example, i am having troubles getting this to work. Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-867219 Share on other sites More sharing options...
gangsterwanster1 Posted July 2, 2009 Author Share Posted July 2, 2009 ?????????? Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-867471 Share on other sites More sharing options...
Tonic-_- Posted July 2, 2009 Share Posted July 2, 2009 Are you looking to permanently block the user after so many failed attempts? Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-867676 Share on other sites More sharing options...
gangsterwanster1 Posted July 3, 2009 Author Share Posted July 3, 2009 Are you looking to permanently block the user after so many failed attempts? No just block the IP for 30 minutes. //Am using database now. Link to comment https://forums.phpfreaks.com/topic/164401-failed-login-block/#findComment-868108 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.