[SOLVED] back button/ recaptcha

[gevensen]

I put a little check in my login page that when you input a bad user name OR password 3x you bring up a recaptcha page

 

of course you can manually hit the back button and resubmit

 

i want to try to eliminate/cut down on any autobot that would try to hack my login

 

is there a way to disable the backbutton via php or am i wasting my time?

 

i also have a another check where if there is a bad user AND password x number of times the ip is blacklisted until an admin can get involved

 

everything is written in php

 

i have also considered lifting that ban by forwarding to a page that allows you to enter your email and if it matches the database unblocks the ip and sends you to the forgot password/user routine

[kickstart]

Hi

 

Ultimately preventing the back button is probably a waste of time. You are trying to control the front end, something that any potential hacker / cracker has ultimate control over.

 

Personally, store the login attempts on a table somewhere. Maybe a count against IP (although again people can just use a proxy to get round that), updated each attempted login and reset to zero on a successful login. Each time the page is sent / processed check this count and act how you wish.

 

All the best

 

Keith

[gevensen]

thanks keith for the input

 

thats exactly what i am doing i am glad i am on the right track

 

i am almost finished writing the routine if they get blocked they can lift the block by entering a valid email thats in the database and responding to the email which will send them to a forgot login info routine using secret questions they would only know having filled out when they were set up as a user

[J.Daniels]

You can also just send a no cache header on your login page.  This will cause the page to refresh every time it is visited.

 

<?php
    header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
?>

 

Taken from the PHP Manual