Jump to content

After 3 Fail Login Attemp User Block For 3Mins


daikumi

Recommended Posts

<html>
<head>
<title>LOG IN</title>
</head>
<?php
session_start();
$username = (@$_POST['username']);
$password = (@$_POST['password']);

$error['alert'] = '';
$error['username'] = '';
$error['password'] = '';
$input['username'] = '';
$input['password'] = '';
if (isset($_POST['submit']))
{
if ($_POST['username'] == '' || $_POST['password'] == '')
{
if ($_POST['username'] == '') {
$error['username'] = 'required'; }
if ($_POST['password'] == '') {
$error['password'] = 'required'; }
$error['alert'] = 'Please fill in required fields!';
$_POST['username'];
$_POST['password'];
include('v_login.php');

}
else
$error['alert'] = "Username or Password is incorrect";
{
if ($username&&$password)
{
$connect = mysql_connect("server","dbusername","dbpassword");
mysql_select_db("dbname") or die ("Couldn't find db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");

$numrows= mysql_num_rows($query);
if($numrows!==0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername= $row['username'];
$dbpassword= $row['password'];
$activated= $row['activated'];
if($activated=='0')
{
header("location:not_active.php");
exit();
}

}
if($username==$dbusername&& md5($password)==$dbpassword)
{

header("location:member.php");
$_SESSION['username']=$username;
}
else
$error['alert'] = "Username or Password is incorrect";
include('v_login.php');
}
else
{
$error['alert'] = "Username or Password is incorrect";
include('v_login.php');
}

}
else
{
echo "";
}
}

}
else
{
include('v_login.php');
}

?>
</html>

 

I would like some codes for the login attemp that will block the user for 3mins if the user fail to input correct password in 3 times

Edited by daikumi
Link to comment
Share on other sites

Welcome to the forums!

 

Let me greet you by saying, posting your code and then requesting us to add functionality to it rarely goes over well. What is better if posting the relevant sections of your code, and your attempts. If you need help with the logic of it, request that and we can point you in the right direction. If you want this done for you, I would suggest the freelance forums and offering some monetary value for the code.

 

Thanks!

Link to comment
Share on other sites

You need to create a session variable that stores the time on the third submission (which needs to also be tracked). When the difference between that time, and the current time is greater than 180 seconds(current - oldtime), then you can allow the next submission.

 

An example would be:

if((time() - $_SESSION['time_of_block']) > 180) {
//allow submission
} else {
echo 'You have attempted to login 3 times, please try again later!';
}

 

Now this will work on only this session, closing the browser, and reopening will let someone login before the 3 minutes is up. However, changing it from a session to a cookie would breach the "close and reopen" thing. To get even more secure, save this to the database in a new table, joining it to the user table on the checkin.

 

Now, if you would allow me to give you some pointers in your script, I would be happy to do so.

<html>
<head>
<title>LOG IN</title>
</head>
<?php
session_start(); //this call is required to be made before headers are sent to the browser, but it isn't in this case. Move it to the very top of the script.
$username = (@$_POST['username']); //don't suppress errors, verify that the index exists *isset() or empty()*.
$password = (@$_POST['password']); //why even set this at all, if you use the $_POST array for everything below?

$error['alert'] = '';
$error['username'] = '';
$error['password'] = '';
$input['username'] = '';
$input['password'] = '';
if (isset($_POST['submit']))
{
if ($_POST['username'] == '' || $_POST['password'] == '') //I'm not sure which is faster, this way or empty()?
{
if ($_POST['username'] == '') {
$error['username'] = 'required'; }
if ($_POST['password'] == '') {
$error['password'] = 'required'; }
$error['alert'] = 'Please fill in required fields!';
$_POST['username'];
$_POST['password'];
include('v_login.php');

}
else
$error['alert'] = "Username or Password is incorrect";
{
if ($username&&$password)//since these variables are not explicitly 'true' or 'false', I personally don't like using them in this context. I prefer empty(), as it returns true or false.
{
$connect = mysql_connect("server","dbusername","dbpassword"); //mysql libraries are out of date, I suggest using the prefered mysqli libraries.
mysql_select_db("dbname") or die ("Couldn't find db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");

$numrows= mysql_num_rows($query);
if($numrows!==0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername= $row['username']; //to save on memory (which isn't a problem in small scripts), I suggest using the array indexes, instead of saving to a variable.
$dbpassword= $row['password']; //this might not make a difference on a script this size, but is a good coding habit to form.
$activated= $row['activated']; //and will save your hands from typing that little bit extra .
if($activated=='0')
{
header("location:not_active.php"); //headers are already sent, this should cause an error.
exit(); //bravo, this is a commonly missed necessity.
}

}
if($username==$dbusername&& md5($password)==$dbpassword)
{

header("location:member.php"); //headers are already sent, should error out.
$_SESSION['username']=$username;
}
else
$error['alert'] = "Username or Password is incorrect";
include('v_login.php');
}
else
{
$error['alert'] = "Username or Password is incorrect";
include('v_login.php');
}

}
else
{
echo ""; //no need to echo an empty string.
}
}

}
else
{
include('v_login.php');
}

?>
</html>

Link to comment
Share on other sites

Thank you for the reply sir jcbones. The codes I posted is already running. I just don't know how to add a login attempt in that code, but thnaks for correcting my code.

 

Sir premiso, sorry if I posted it like that Im still a beginner and I don't have much knowledge on php and Im running out of time :'(

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.