droidus Posted August 7, 2011 Share Posted August 7, 2011 what would be the best way to count and limit the tries for a login? i wouldn't think that it would be cookies/sessions since they can be easily removed... would you do that through a database? Quote Link to comment https://forums.phpfreaks.com/topic/244148-3-tries-for-login/ Share on other sites More sharing options...
AyKay47 Posted August 7, 2011 Share Posted August 7, 2011 i would probably do this with a db yes, set an if else condition checking if the user was successful in logging in or not...if they aren't successful...use an update query to update a field called something like "tries" and increment it by 1 each failed attempt Quote Link to comment https://forums.phpfreaks.com/topic/244148-3-tries-for-login/#findComment-1253848 Share on other sites More sharing options...
voip03 Posted August 7, 2011 Share Posted August 7, 2011 Use counter Or Create the table login details and update the table with number of attempts When he reaches the limit, you can redirect. Quote Link to comment https://forums.phpfreaks.com/topic/244148-3-tries-for-login/#findComment-1253850 Share on other sites More sharing options...
droidus Posted August 7, 2011 Author Share Posted August 7, 2011 how would i get the time ten minutes from now, and then check to see if the user can login? here is what i used for my time: $time = date("H:i:s"); Quote Link to comment https://forums.phpfreaks.com/topic/244148-3-tries-for-login/#findComment-1253895 Share on other sites More sharing options...
droidus Posted August 7, 2011 Author Share Posted August 7, 2011 does this work?: <?php if (isset($_POST['login']) && (isset($login_errors))) { $IP = $_SERVER['SERVER_ADDR']; $query = "SELECT * FROM login_attempts WHERE IP='$IP'"; $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result) > 0) { // If this user is already in the DB, we give them the appropiate message $row = mysql_fetch_array($result) or die(mysql_error()); if ($row['tries'] == 3) { if (!(time() > $row['later_time'])) { $later_time = time() + 600; // This is 10 minutes echo "You've had your 3 failed attempts at logging in and now are locked out for 10 minutes. Please try again later!"; if (empty($row['time']) || empty($row['later_time'])) { mysql_query("UPDATE login_attempts SET time = '$time'"); mysql_query("UPDATE login_attempts SET later_time = '$later_time'"); } } else { echo "you may login now!"; } } else { $tries = $row['tries']+1; mysql_query("UPDATE login_attempts SET tries = '$tries'"); $tries = 3 - $row['tries']; echo "You have $tries tries left."; } } else { mysql_query("INSERT INTO login_attempts (tries, IP) VALUES ('1', '$IP')"); echo "This is your first attempt to login. After your third attempt, you will be locked out of your account for 10 minutes."; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/244148-3-tries-for-login/#findComment-1253903 Share on other sites More sharing options...
MasterACE14 Posted August 8, 2011 Share Posted August 8, 2011 does this work?: test it and find out. At a glance it looks ok. Quote Link to comment https://forums.phpfreaks.com/topic/244148-3-tries-for-login/#findComment-1253956 Share on other sites More sharing options...
AyKay47 Posted August 8, 2011 Share Posted August 8, 2011 how would i get the time ten minutes from now, and then check to see if the user can login? here is what i used for my time: $time = date("H:i:s"); $ten_min_future = date('Y-m-d H:i:s', strtotime("+10 minutes")); Quote Link to comment https://forums.phpfreaks.com/topic/244148-3-tries-for-login/#findComment-1254180 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.