max_power Posted May 19, 2010 Share Posted May 19, 2010 Hi all, I want to create a login function for my .hta file that allows the user to only make three invalid login attempts before he/she gets locked out. So the process is like the following: If the login details do not exist, a session called $_SESSION[‘FailedLogin’] is created and is given the value of 1, while the ‘Login failed – try again’ message appears to the user. Basically, before showing the login form I want to check if the value of $_SESSION[‘FailedLogin’] is equal to 3. If it is not and the user fails their login again, the value is updated by 1 again (so +1). If the value of $_SESSION[‘FailedLogin’] reads as 3 then the user will get a message ‘three login attempts failed – login now blocked’. How would I create such a function? The fields in the userAuthentication table are UserID, Username and UserPassword. Thanks, Max Quote Link to comment Share on other sites More sharing options...
ignace Posted May 19, 2010 Share Posted May 19, 2010 I want to create a login function for my .hta file that allows the user to only make three invalid login attempts before he/she gets locked out. I wouldn't do that and display a CAPTCHA after 3 times instead. The reason for this is that my name is quite popular apparently and I always have to come up with different variations on my name which means that every time I login I have to go over multiple possibilities before I get it right to actually login. Quote Link to comment Share on other sites More sharing options...
max_power Posted May 20, 2010 Author Share Posted May 20, 2010 Thanks for the reply. Would the coding look something like this: session_start(); $_SESSION['FailedLogin']; mysql query... If($result != 1) { echo "login failed"; $_SESSION['FailedLogin'] = $_SESSION['FailedLogin'] + 1; if($_SESSION['FailedLogin'] == 3;) { //lock out user. } else { //redirect user back to login form code. } } That is where I am getting confused. I can't map out the logic in code. I will look into protecting the user passwords once I get this sorted. Quote Link to comment Share on other sites More sharing options...
ignace Posted May 20, 2010 Share Posted May 20, 2010 Yes something like that, but like I said DON'T LOCK-OUT YOUR USER some valid users will require more then 3 times to log-in (like myself due to my name being "popular") require_once('recaptchalib.php'); $enableCaptcha = FALSE; if (array_key_exists(array('username', 'password'), $_POST)) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); if (!array_key_exists('logon_tries', $_SESSION)) { $_SESSION['logon_tries'] = 1; } else { $_SESSION['logon_tries']++; } if ($_SESSION['logon_tries'] === 3) { $enableCaptcha = TRUE;//only show reCaptcha don't yet validate } if ($_SESSION['logon_tries'] > 3) { $enableCaptcha = TRUE; if (!array_key_exists(array('recaptcha_challenge_field', 'recaptcha_response_field'), $_POST)) { //user is messing with the HTML, lock him out } $privatekey = "..."; $response = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$response->is_valid) { //reCaptcha invalid. } } } if ($enableCaptcha) { $publickey = "..."; // you got this from the signup page echo recaptcha_get_html($publickey); } This will show a reCaptcha once the user enters login information for the third time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.