Jump to content

Recommended Posts

Should have been more specific. Im already using the Ip ban, I have 4 functions. one to check the table guest users that hold there Ip, time, and login attempts.

 

One to block them if the results return > 5. One to unlock the guest after 15 or so minutes.

 

Well Ill keep working with my idea and post it later to have it reviewed. Im still new to php so I dont know the best way to do things ^_^.

Link to comment
https://forums.phpfreaks.com/topic/173599-failed-logins/#findComment-915075
Share on other sites

You need a column in your user table to hold the failed attempt count. Increment the count for each failed log in attempt. If the correct username/password is entered before the count reaches the limit you pick, reset the count. When the value is equal or greater than the limit you pick, all attempts to log in should fail, even if the correct username/password is entered. The only way to reset the count in this case would be through an administrator page. The real user would need to email you to get the account unlocked.

Link to comment
https://forums.phpfreaks.com/topic/173599-failed-logins/#findComment-915078
Share on other sites

Ya I was going to do it that way but if you do it user specific a person can change names then start again and lock out everyones accounts ^_^. Thats the way I started off till I realized I should use a guest using ip address as primary key. I give a copy of the code for review after I finish it.

Link to comment
https://forums.phpfreaks.com/topic/173599-failed-logins/#findComment-915090
Share on other sites

Ok here is what I came up with, this shows how many ppl are online and keeps track of there failed attempts. Im just having one problem when the page is refreshed or first accessed the failed attempts accumulate, this will probably not happen after I incorporate it into my site.

 

<?php
session_start();
include('inc/constants.php');
$dCon = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $dCon) or die(mysql_error());

/*The Bugs:
1. The attempts accumulate on refresh or new page visit. (not sure what to do with this one)
2. Remove guest not properly functioning.  (Fixed !!!)

Table that the data goes in

mysql_query("CREATE TABLE ".TBL_ACTIVE_GUESTS." (ipaddress varchar(15) primary key, lastvisit int(11), loginattempts int(11))")

/* Sets the user up when they first enter the site */

class test{
/* Sets the Guest account up in the database */
function setGuest($ipaddress){
	global $dCon;
	$time = date('his', time() +5);
	$sql = "INSERT INTO ".TBL_ACTIVE_GUESTS." (ipaddress, lastvisit) VALUES ('$ipaddress', '$time')";
	mysql_query($sql, $dCon);}

/* Detemines How many users are viewing the site */
function usersOnline(){
	global $dCon;
	$sql = "SELECT * FROM ".TBL_ACTIVE_GUESTS;
	$results = mysql_query($sql, $dCon);
	echo 'There are '.mysql_num_rows($results).' user(s) online';}

function checkGuest($ipaddress){
	global $dCon;
	$sql = "SELECT lastvisit, loginattempts FROM ".TBL_ACTIVE_GUESTS." WHERE ipaddress = '$ipaddress'";
	$result = mysql_query($sql, $dCon);
	return mysql_fetch_array($result);}	

function removeGuest(){
	global $dCon;
	$sql = "SELECT * FROM ".TBL_ACTIVE_GUESTS;
	$results = mysql_query($sql, $dCon);
	while($row = mysql_fetch_array($results)){
	if($row['lastvisit'] < date('his') && $row['lastvisit'] > -1){
	mysql_query("DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE lastvisit = ".$row['lastvisit']);
	echo $row['lastvisit']; echo '<br>';}}}

function lockGuest($ipaddress, $post){

	$time = date('his', time() +60);
	if($post != '5'){$_SESSION['attempts']++;
	mysql_query("UPDATE ".TBL_ACTIVE_GUESTS." SET loginattempts = ".$_SESSION['attempts']." WHERE ipaddress = '$ipaddress'");
	echo '<br>';
	echo 'You Failed To Login '.$_SESSION['attempts'].' times';}

	if($_SESSION['attempts'] > 5){mysql_query("UPDATE ".TBL_ACTIVE_GUESTS." SET lastvisit = '$time' WHERE ipaddress = '$ipaddress'"); 
	echo 'Locked';}}

function unlockGuest($ipaddress, $post){
	$unlock = test::checkGuest($ipaddress);
	if($unlock[0] < date('his', time())){echo 'UnLocked'; session_unset();
	mysql_query("UPDATE ".TBL_ACTIVE_GUESTS." SET loginattempts = '0' WHERE ipaddress = '$ipaddress'");}}


/* End Of Class */}
$ipaddress = $_SERVER['REMOTE_ADDR'];
$now = test::checkGuest($ipaddress);
test::setGuest($ipaddress);
echo $now[0];
test::lockGuest($ipaddress, $_POST['test']);
test::unlockGuest($ipaddress, $_POST['test']);
test::removeGuest();

$unlock = test::checkGuest($ipaddress);
echo '<br>';
echo $unlock[0];
?>
<form name="testform" method="post" action="test.php">
  <input type="text" name="test" id="test" value="<?php echo $_POST['test']; ?>">
  <input type="submit"  name="button" id="button" value="Submit">
</form>

Link to comment
https://forums.phpfreaks.com/topic/173599-failed-logins/#findComment-915744
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.