After X failed attempts

[lunkn]

My problem is to get the counter to work for x failed logins.

My columns in MySQL are: id, username, password, attempts & adress!

 

 

if ($result[0]['total'] == true)
{

$_SESSION['userLogin'] = $result[0]['total'];
$_SESSION['isLoggedIn'] = $login;
header('location: index.php?id=home');
$db->query("UPDATE authenticate SET attempts=0, adress='$ip' WHERE username='$login'");
exit;
}
else
{
$rs = mysql_query('SELECT id,username,password,attempts,address FROM authenticate WHERE username = '.$username.'');
$num = mysql_num_rows($rs);
if ($row['attempts'] > 3) {
	// Redirect to captcha
	header('location: captcha.php');
} else {
	$ip = $_SERVER['REMOTE_ADDR'];
	if ($row['address'] != $ip) {
	// New ip adress, reset failed logins
	$failed_logins = 0;
	} else {
	// Increment failed logins
	$failed_logins = $row['attempts']+1;
	}
	mysql_query('UPDATE authenticate SET attempts = '.$failed_logins.',address = '.$ip.' WHERE id = '.$row['id'].' ');
}
header('location: index.php');
exit;
}

[Zane]

You can't just expect us to look at this and figure out what your problem is. You've made it apparent that you want to show a captcha after 3 failed login attempts, but it would make things move smoother for everyone if you pointed out what is or is not doing correctly?

[lunkn]

The script can login or fail to login in, it goes back to

header('location: index.php');

. But the counter does not increase. They told me to debug, but how ^^

[Zane]

They told me to debug, but how ^^

Well first off, where is this $row variable created? Not to mention $result[0]...

You ask for help with debugging yet you do not provide all the relevant code. That's like taking out your car's alternator.. bringing it to the mechanic and saying "My car just won't start.. why not?"

[Christian F.]

Here's some resources to learn how to debug your PHP scripts:

 

First off I recommend this article on basic debugging principles, as well this thread on StackOverflow that lists a lot of IDEs and debuggers (along with links on how to set them up).

 

Once you've read those, there's a lot of hits on Google, for more detailed and/or advanced debugging techniques.

[lunkn]

Well first off, where is this $row variable created? Not to mention $result[0]...

You ask for help with debugging yet you do not provide all the relevant code. That's like taking out your car's alternator.. bringing it to the mechanic and saying "My car just won't start.. why not?"

 

Tell me if i should change the concept or keep on writing on this one...

Here is my full code:

 

<?php
require_once 'libs/config.php';

ini_set('display_errors', 'On'); error_reporting(E_ALL);

$login = @mysql_real_escape_string(trim($_POST['username']));
$password = @mysql_real_escape_string(trim(sha1($_POST['password'])));

$db->query("
SELECT COUNT(id) AS total, username
FROM authenticate
WHERE username = '$login'
AND password = '$password' LIMIT 1
");
$result = $db->get();


if ($result[0]['total'] == true)
{

 $_SESSION['userLogin'] = $result[0]['total'];
 $_SESSION['isLoggedIn'] = $login;
 header('location: index.php?id=home');
 $db->query("UPDATE authenticate SET attempts=0, adress='$ip' WHERE username='$login'");
 exit;
}
else
{
 $rs = mysql_query('SELECT id,username,password,attempts,address FROM authenticate WHERE username = '.$username.'');
 $num = mysql_num_rows($rs);
 if ($row['attempts'] > 3) {
		 // Redirect to captcha
		 header('location: captcha.php');
 } else {
		 $ip = $_SERVER['REMOTE_ADDR'];
		 if ($row['address'] != $ip) {
		 // New ip adress, reset failed logins
		 $failed_logins = 0;
		 } else {
		 // Increment failed logins
		 $failed_logins = $row['attempts']+1;
		 }
		 mysql_query('UPDATE authenticate SET attempts = '.$failed_logins.',address = '.$ip.' WHERE id = '.$row['id'].' ');
 }
header('location: index.php');
exit;
}