login security php

[atck]

i have designed a penpal page with few columns using mysql and php. users need to login to the penpal page to access the db. i want to limit how many times they can try if they forget their password. what is the easist way to do this ...? via my sql or php ? i need just a guidance.
thanks :)

[alpine]

add attempts in a session and/or in a mysql table logging all ongoing attempts.

[atck]

can you give coding about this problum to i soft?

[mansuang]

Here is some guideline for session.

[code]
if($loged_in==true){
  //login script
}else{
  if($_SESSION['attempt']>$allow_attempt){
    //some error
  }else{
    $_SESSION['attempt']++;
  }
}
[/code]

[atck]

correct this code plz..

[attachment deleted by admin]

[atck]

correct this code


[code]<div id="SignIn">
<form method="post" action="web.php?insert=ok">
<table width="350" border="0" bgcolor="#000077">
<tr>
<td colspan="2" style="font:bold">
<font color="#DDDDDD" style="font:large">web</font>
</td>
</tr>
</table>
<table width="350" border="0" class="alphabox">
<tr>
<td width="161" height="35">User Name: </td>
<td width="253" height="35">
<input type="text" name="username" />
</td>
</tr>
<tr>
<td height="36" width="161">Password: </td>
<td width="253" height="36">
<input type="password" name="password" />
</td>
</tr>
<tr>
<td colspan="2">
<input type="Submit" name="Submit" value="    Login    " width="60">
</td>
</tr>
</table>
<table width="350" border="0">
<tr>
<td colspan="3">
<a href="pwd4got.php"><font size="2"> Forgot Password? Click here for assistance </font> </a>
</td>
</tr>
</table>
</form>
</div>[/code]

[mansuang]

[code]
<?php
//start session
session_start();

//define some variables
$username = "demo";
$password = "password";
$allow_attempt = 3;

//check attempt time(s)
if(isset($_SESSION['attempt']) && $_SESSION['attempt']>$allow_attempt){
echo "you tried more than $allow_attempt times !";
exit;
}

//check if user submit form
if(isset($_POST['Submit'])){
//firstly, assume username & password are incorrect
$loged_in = false;

//check username & password
if($_POST['username']==$username && $_POST['password']==$password){
$loged_in= true;
}

if($loged_in==true){
  echo "You are loged in<br>";

}else{
//if login incorrect, plus attempt time
$_SESSION['attempt']++;
header("Location: $_SERVER[PHP_SELF]");
}
}

if(!empty($_SESSION['attempt'])){
echo "Number of attempt : ".$_SESSION['attempt'];
}
?>
<div id="SignIn">
<form method="post" action="<?=$_SERVER['PHP_SELF']; ?>?insert=ok">
<table width="350" border="0" bgcolor="#000077">
<tr>
<td colspan="2" style="font:bold">
<font color="#DDDDDD" style="font:large">web</font>
</td>
</tr>
</table>
<table width="350" border="0" class="alphabox">
<tr>
<td width="161" height="35">User Name: </td>
<td width="253" height="35">
<input type="text" name="username" />
</td>
</tr>
<tr>
<td height="36" width="161">Password: </td>
<td width="253" height="36">
<input type="password" name="password" />
</td>
</tr>
<tr>
<td colspan="2">
<input type="Submit" name="Submit" value="    Login    " width="60">
</td>
</tr>
</table>
<table width="350" border="0">
<tr>
<td colspan="3">
<a href="pwd4got.php"><font size="2"> Forgot Password? Click here for assistance </font> </a>
</td>
</tr>
</table>
</form>
</div>
[/code]

Remember,
The session will be destroy when user close browser then user can re attempt again

[atck]

i cannot do it..
give detile example plz..

[atck]

can give me coding about this problum...
i want login security 4 user difrent..
plz..

[alpine]

Please visit the freelance section if you want someone to write you a fully working script.

http://www.phpfreaks.com/forums/index.php/board,8.0.html