Jump to content

Login attempt page limit


Navees_

Recommended Posts

Hi guys, I am creating a piece of code that blocks a user a for 48 hours after attempting to login 5 times with the wrong password, within a 24hour period. If the user logs in successful within the 24hr and, it should reset the attempt count.

 

The issue I'm having ATM is that with the attempt count, It is only updating the first row of that user, if i attempt more times. Here is an example of whats going on:

 

 

User  -  Time -    Attempt- count()

User 1 10:00pm Attempt 1 (5)

User 1 10:02pm Attempt 2 (4)

User 1 10:04pm Attempt 3 (3)

User 1 10:06pm Attempt 4 (2)

User 1 10:07pm Attempt 5 (1)

User 2 10:15pm Attempt 1 (2)

User 2 10:20pm Attempt 2 (1)

 

As you can see, all the attempts will increment (the numbers in the bracket) but the latest attempt will be set to one. How do I get it so that all the attempts are incremented so it looks like this.

 

User  -  Time -    Attempt- count()

User 1 10:00pm Attempt 1 (5)

User 1 10:02pm Attempt 2 (5)

User 1 10:04pm Attempt 3 (5)

User 1 10:06pm Attempt 4 (5)

User 1 10:07pm Attempt 5 (5)

User 2 10:15pm Attempt 1 (2)

User 2 10:20pm Attempt 2 (2)

 

 

Here is a snippet of my code:

if (!$pw_ok)	{
				if (isset($_SERVER["REMOTE_ADDR"])) {
						$str_RemoteHost = $_SERVER["REMOTE_ADDR"];
					} else {
						$str_RemoteHost = '';
					}
	
					$qry_WriteToDatabase = "	INSERT INTO	cms_user_login_attempts
											(
												cula_user_id,
												cula_date_time,
												cula_remote_host,
												cula_attempt_count
											)
								VALUES			(
												" . $db->SQLString($row->user_id) . ",
												Now(),
												" . $db->SQLString($str_RemoteHost, true) . ",
												'cula_attempt_count'
											)";
					$db->query($qry_WriteToDatabase);
					
					$qry_UpdateCount = "	UPDATE 
												cms_user_login_attempts
											SET 
												cula_attempt_count = cula_attempt_count + 1
											WHERE 
												cula_user_id = " . $db->SQLString($row->user_id) . " ";
					$db->query($qry_UpdateCount);							
					
					
					
					$qry_CheckDatabase = "	SELECT 
												CASE WHEN count(*) >= 5 THEN 0 ELSE 1 END as allowed_login 
											FROM
												cms_user_login_attempts
											WHERE
												cula_date_time >= DATE_SUB(CURRENT_TIMESTAMP, interval 48 hour) 
											AND 
												cula_user_id = " . $db->SQLString($row->user_id) . "";
					$rs_CheckDatabase = $db->query($qry_CheckDatabase);
					
					if (! (isset($qry_CheckDatabase) && $qry_CheckDatabase)) {
					$errors->defineError("invalid_user_pass", "Too many attempts, account locked for 48hours.", array("username","password"));
					}
					
				
					
			}
Link to comment
https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/
Share on other sites

Navees_, how about you actually read our replies instead of posting the same question into 10 other forums?

 

I already told you that log-in checks are difficult to implement, and I pointed you to some sample code. But for some reason you've decided to ignore this and instead make all the mistakes I warned you of. That's not very useful.

 

 

 

The application is being built for Sony

 

How do you know that? Judging from the code quality, I hope this is just for some personal home page. ;)

Navees_, how about you actually read our replies instead of posting the same question into 10 other forums?

 

Could you please provide me a link to the 10 other forums I have posted this on? I have posted it here, and on stack overflow. I wanted to get a range of opinions, but the question has been answered, and I have considered the answers in the previous post.

You've asked the question at least twice on this forum and twice on stackoverflow, yet the code is still completely wrong. That means you're either not listening, or you're listening to the wrong people.

 

But if you're happy with the code, well, that's up to you.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.