Navees_ Posted January 8, 2015 Share Posted January 8, 2015 Hi guys, I am creating a piece of code that blocks a user a for 48 hours after attempting to login 5 times with the wrong password, within a 24hour period. If the user logs in successful within the 24hr and, it should reset the attempt count. The issue I'm having ATM is that with the attempt count, It is only updating the first row of that user, if i attempt more times. Here is an example of whats going on: User - Time - Attempt- count() User 1 10:00pm Attempt 1 (5) User 1 10:02pm Attempt 2 (4) User 1 10:04pm Attempt 3 (3) User 1 10:06pm Attempt 4 (2) User 1 10:07pm Attempt 5 (1) User 2 10:15pm Attempt 1 (2) User 2 10:20pm Attempt 2 (1) As you can see, all the attempts will increment (the numbers in the bracket) but the latest attempt will be set to one. How do I get it so that all the attempts are incremented so it looks like this. User - Time - Attempt- count() User 1 10:00pm Attempt 1 (5) User 1 10:02pm Attempt 2 (5) User 1 10:04pm Attempt 3 (5) User 1 10:06pm Attempt 4 (5) User 1 10:07pm Attempt 5 (5) User 2 10:15pm Attempt 1 (2) User 2 10:20pm Attempt 2 (2) Here is a snippet of my code: if (!$pw_ok) { if (isset($_SERVER["REMOTE_ADDR"])) { $str_RemoteHost = $_SERVER["REMOTE_ADDR"]; } else { $str_RemoteHost = ''; } $qry_WriteToDatabase = " INSERT INTO cms_user_login_attempts ( cula_user_id, cula_date_time, cula_remote_host, cula_attempt_count ) VALUES ( " . $db->SQLString($row->user_id) . ", Now(), " . $db->SQLString($str_RemoteHost, true) . ", 'cula_attempt_count' )"; $db->query($qry_WriteToDatabase); $qry_UpdateCount = " UPDATE cms_user_login_attempts SET cula_attempt_count = cula_attempt_count + 1 WHERE cula_user_id = " . $db->SQLString($row->user_id) . " "; $db->query($qry_UpdateCount); $qry_CheckDatabase = " SELECT CASE WHEN count(*) >= 5 THEN 0 ELSE 1 END as allowed_login FROM cms_user_login_attempts WHERE cula_date_time >= DATE_SUB(CURRENT_TIMESTAMP, interval 48 hour) AND cula_user_id = " . $db->SQLString($row->user_id) . ""; $rs_CheckDatabase = $db->query($qry_CheckDatabase); if (! (isset($qry_CheckDatabase) && $qry_CheckDatabase)) { $errors->defineError("invalid_user_pass", "Too many attempts, account locked for 48hours.", array("username","password")); } } Link to comment https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/ Share on other sites More sharing options...
ginerjm Posted January 9, 2015 Share Posted January 9, 2015 Didn't you get advised on another post of this problem that to lock out the legitimate user for 48 hours would be a serious issue? Link to comment https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/#findComment-1502211 Share on other sites More sharing options...
NotionCommotion Posted January 9, 2015 Share Posted January 9, 2015 Didn't you get advised on another post of this problem that to lock out the legitimate user for 48 hours would be a serious issue? The application is being built for Sony, and it is a business rule which they will not budge on. Link to comment https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/#findComment-1502215 Share on other sites More sharing options...
Jacques1 Posted January 9, 2015 Share Posted January 9, 2015 Navees_, how about you actually read our replies instead of posting the same question into 10 other forums? I already told you that log-in checks are difficult to implement, and I pointed you to some sample code. But for some reason you've decided to ignore this and instead make all the mistakes I warned you of. That's not very useful. The application is being built for Sony How do you know that? Judging from the code quality, I hope this is just for some personal home page. Link to comment https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/#findComment-1502233 Share on other sites More sharing options...
Navees_ Posted January 9, 2015 Author Share Posted January 9, 2015 Navees_, how about you actually read our replies instead of posting the same question into 10 other forums? Could you please provide me a link to the 10 other forums I have posted this on? I have posted it here, and on stack overflow. I wanted to get a range of opinions, but the question has been answered, and I have considered the answers in the previous post. Link to comment https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/#findComment-1502243 Share on other sites More sharing options...
Jacques1 Posted January 9, 2015 Share Posted January 9, 2015 You've asked the question at least twice on this forum and twice on stackoverflow, yet the code is still completely wrong. That means you're either not listening, or you're listening to the wrong people. But if you're happy with the code, well, that's up to you. Link to comment https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/#findComment-1502312 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.