Jump to content

Recommended Posts

Hi guys, I am creating a piece of code that blocks a user a for 48 hours after attempting to login 5 times with the wrong password, within a 24hour period. If the user logs in successful within the 24hr and, it should reset the attempt count.

 

The issue I'm having ATM is that with the attempt count, It is only updating the first row of that user, if i attempt more times. Here is an example of whats going on:

 

 

User  -  Time -    Attempt- count()

User 1 10:00pm Attempt 1 (5)

User 1 10:02pm Attempt 2 (4)

User 1 10:04pm Attempt 3 (3)

User 1 10:06pm Attempt 4 (2)

User 1 10:07pm Attempt 5 (1)

User 2 10:15pm Attempt 1 (2)

User 2 10:20pm Attempt 2 (1)

 

As you can see, all the attempts will increment (the numbers in the bracket) but the latest attempt will be set to one. How do I get it so that all the attempts are incremented so it looks like this.

 

User  -  Time -    Attempt- count()

User 1 10:00pm Attempt 1 (5)

User 1 10:02pm Attempt 2 (5)

User 1 10:04pm Attempt 3 (5)

User 1 10:06pm Attempt 4 (5)

User 1 10:07pm Attempt 5 (5)

User 2 10:15pm Attempt 1 (2)

User 2 10:20pm Attempt 2 (2)

 

 

Here is a snippet of my code:

if (!$pw_ok)	{
				if (isset($_SERVER["REMOTE_ADDR"])) {
						$str_RemoteHost = $_SERVER["REMOTE_ADDR"];
					} else {
						$str_RemoteHost = '';
					}
	
					$qry_WriteToDatabase = "	INSERT INTO	cms_user_login_attempts
											(
												cula_user_id,
												cula_date_time,
												cula_remote_host,
												cula_attempt_count
											)
								VALUES			(
												" . $db->SQLString($row->user_id) . ",
												Now(),
												" . $db->SQLString($str_RemoteHost, true) . ",
												'cula_attempt_count'
											)";
					$db->query($qry_WriteToDatabase);
					
					$qry_UpdateCount = "	UPDATE 
												cms_user_login_attempts
											SET 
												cula_attempt_count = cula_attempt_count + 1
											WHERE 
												cula_user_id = " . $db->SQLString($row->user_id) . " ";
					$db->query($qry_UpdateCount);							
					
					
					
					$qry_CheckDatabase = "	SELECT 
												CASE WHEN count(*) >= 5 THEN 0 ELSE 1 END as allowed_login 
											FROM
												cms_user_login_attempts
											WHERE
												cula_date_time >= DATE_SUB(CURRENT_TIMESTAMP, interval 48 hour) 
											AND 
												cula_user_id = " . $db->SQLString($row->user_id) . "";
					$rs_CheckDatabase = $db->query($qry_CheckDatabase);
					
					if (! (isset($qry_CheckDatabase) && $qry_CheckDatabase)) {
					$errors->defineError("invalid_user_pass", "Too many attempts, account locked for 48hours.", array("username","password"));
					}
					
				
					
			}
Edited by Navees_
Link to comment
https://forums.phpfreaks.com/topic/293765-login-attempt-page-limit/
Share on other sites

Navees_, how about you actually read our replies instead of posting the same question into 10 other forums?

 

I already told you that log-in checks are difficult to implement, and I pointed you to some sample code. But for some reason you've decided to ignore this and instead make all the mistakes I warned you of. That's not very useful.

 

 

 

The application is being built for Sony

 

How do you know that? Judging from the code quality, I hope this is just for some personal home page. ;)

Navees_, how about you actually read our replies instead of posting the same question into 10 other forums?

 

Could you please provide me a link to the 10 other forums I have posted this on? I have posted it here, and on stack overflow. I wanted to get a range of opinions, but the question has been answered, and I have considered the answers in the previous post.

You've asked the question at least twice on this forum and twice on stackoverflow, yet the code is still completely wrong. That means you're either not listening, or you're listening to the wrong people.

 

But if you're happy with the code, well, that's up to you.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.