Jump to content

limited attempts for login and block a users account for a specific amout of time


lemeck

Recommended Posts

good day i have a problem with creating login attempts that will block an existing account from logging in if the user input incorrect details for 5 attempts i have an ajax and a database for it

i tried making a catch for attempts that has a value of 0. then every fail it gives + 1 but it won't add more than ones because i think the ajax command refreshes it again so the attempts recieves 1 loop only.

the login part is working but i can't make the attempts work and do you have any idea how to block the user if attempts is greater than 5 for 15 mins i have search a code for it but it's last used in 2007 so some of the code can't be read by php

here's my ajax code:

on the login page here's the ajax code:

<script type="text/javascript">
function validLogin(){
      var uname=$('#uname').val();
      var password=$('#password').val();
	  var attempts=0;
	  
      var dataString = 'uname='+ uname + '&password='+ password;
      $("#flash").show();
      $("#flash").fadeIn(400).html('<img src="images/loading.gif" />');
      $.ajax({
      type: "POST",
      url: "login_processed.php",
      data: dataString,
      cache: false,
      success: function(result){
               var result=trim(result);
               $("#flash").hide();
               if(result=='correct0'){
                     window.location='user_home.php';
					 }
				else if(result=='correct1'){
                     window.location='admin_home.php';
               }else{
                     $("#errorMessage").html(result);
					 		 $attempts++;
               }
			  
      }
      });
}
 
function trim(str){
     var str=str.replace(/^\s+|\s+$/,'');
     return str;
}
</script>

and here's the login_process.php code for processing of login where it catch the results and errors.

<?php
session_start();
include_once('includes/dbConnect.php');
$message=array();
$attempts=0;
if(isset($_POST['uname']) && !empty($_POST['uname'])){
    $uname=mysql_real_escape_string($_POST['uname']);
}else{
    $message[]='Please enter username';
}

if(isset($_POST['password']) && !empty($_POST['password'])){
    $password=mysql_real_escape_string($_POST['password']);
}else{
    $message[]='Please enter password';
	
}

$countError=count($message);

if($countError > 0){
          $attempts++;
  echo $attempts;
	 for($i=0;$i<$countError;$i++){
              echo ucwords($message[$i]).'</br>';

	 }

}


else{
    $query="select * from user where uname='$uname' and BINARY password='$password'";
	
    $res=mysql_query($query);
    $checkUser=mysql_num_rows($res);
	$row = mysql_fetch_assoc($res);
    if($checkUser > 0){
         $_SESSION['LOGIN_STATUS']=true;
         $_SESSION['UNAME']=$uname;
         echo 'correct'.$row['type'];
    }else{
         echo ucwords('Incorrect Username or Password');

    }
}
?>

any help would be really appreciated. and can you teach me for the login attempts blocking the user because if i block the ip of a user that have wrong attempts it can affect widely the place where a person login for example a computer shop. :D thanks . sorry i'm just a beginner 

 

here's my tables column for the users 


 
 
 
 
 
 
 
 
 
  Email Department uname password type LastName FirstName MI id 

 

Link to comment
Share on other sites

You'll need to store the failed login attempts in your database, then check the database to see if a site visitor has too many.

 

1) When the login page is presented, check the IP address to see if you should even show the form.

 

2) When the form is submitted, check if IP or username or email address is blocked for too many login attempts.

 

3) When login page is presented or form submitted, delete stale login attempts (this should actually be done first)

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.