473,562 Members | 2,673 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How to limit login attemps?

10 New Member
I'm in the process of making a website, I know the basics of PHP etc.. and have a page where a user has to sign up and activiate thier account via e-mail, when they clikc the link it change a field in the MySQL database from 0 to 1. If it remains 0 the user cannot login in.

What I want to do, is set it up so if the password is wrong say 5 times then this activiation number is updated and changed to 0 again. How would be best to do this? If statement? While loop or what??

I have attached the work in progress of the code and any help would be appreciated ASAP!

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.  
  3.     include "dbconnect.php";
  4.     session_start();
  5.        $email =$_POST["email"]; 
  6.        $password =$_POST["password"];
  7.        $password2 = md5("$password"); 
  8.        $activation = 1; 
  9.        $i=0;
  10.         if ($i < 5) 
  11.         {
  12.  
  13.  
  14.  
  15.  
  16.        if (empty($email) or empty($password)) 
  17.            {
  18.            $_SESSION["message"] = "Must enter your E-mail and Password " ;
  19.            header("Location: login.php"); //This sets the redirection information
  20.             //Ends the script and redirects to above
  21.            } 
  22.  
  23.           $query = "SELECT * FROM clients_details WHERE email = '$email' AND  password = '$password2' AND activation = '$activation' ";
  24.           $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
  25.         // see if any rows were returned 
  26.         if (mysql_num_rows($result) > 0) 
  27.          { 
  28.            $_SESSION["authenticatedUser"] = $email;
  29.              // Relocate to the logged-in page
  30.             header("Location: usercontrol.php");
  31.          } 
  32.         else  
  33.          {
  34.              $i = + 1;
  35.            $_SESSION["message"] = "Could not login as $email " ;
  36.            header("Location: login.php");
  37.  
  38.  
  39.          }
  40.  
  41.         }
  42.         else {
  43.         $query = " UPDATE clients_details SET activation = '0' WHERE email= '$email' ";
  44.             $_SESSION["message"] = "$email your account has been blocked, please contact the systems administrator! " ;
  45.                header("Location: login.php"); 
  46.  }
  47.  
  48.          exit;
  49. ?>
Jan 6 '10 #1
17 9579
Frinavale
9,735 Recognized Expert Moderator Expert
You may consider adding a time window for the login attempts...for example, 5 minutes or something.

You could use session to keep track of the number of times a user has attempted to log in from a particular browser. Or you could use a hiddenfield (which is client side so this could be reset and probably shouldn't be depended on). Or you could use a cookie (also stored client side)...or you could store this number in the database.....

-Frinny
Jan 6 '10 #2
RRosebury
10 New Member
I have a timeout session in place, whcih logs out the user after 600 seconds, but I thought it would be a simple if statement. Stating the password is wrong of the 5th time then update the database, make the activiation code to 0 and therefore blocking the account.

This is some help that has been suggested to me:

Looks like $i will be re-set to 0 each time the script is run.
May need to create a session variable counter and pass it back and forward between the form and script.

Any help would be appreciated

thanks
Jan 7 '10 #3
Frinavale
9,735 Recognized Expert Moderator Expert
Well, when the user clicks the "login" button, you should authenticate the password. If the password is wrong then increment the variable in session that keeps track of the number of times that that the user has provided an invalid password. If an invalid password has been provided incorrectly 5 times, then preform the necessary steps to deactivate the account. (You need to use if-statements to accomplish this).

-Frinny
Jan 7 '10 #4
RRosebury
10 New Member
Would it be possible for you to include some coding for an example please
Jan 7 '10 #5
Frinavale
9,735 Recognized Expert Moderator Expert
The $_POST is array of variables passed to the current script via the HTTP POST method. If your submit button was clicked then your submit button will be part of the post.


The isset method determines if a variable is set and is not NULL. If the submit is part of the array of variables passed in to the current script, then it will not be null and you know the user clicked your submit button.

Expand|Select|Wrap|Line Numbers
  1. if (isset($_POST['Submit'])) {
  2.   //In here check if the user has provided the correct password
  3.   //If the user has not provided the correct password:
  4.   //  grab the Session variable for tracking the number of times 
  5.   //  the user has provided an incorrect password and increment the counter
  6.   // If the user has provided an incorrect password more than 5 times then:
  7.   //  do what is necessary to  deactivate the account
  8. }
Jan 7 '10 #6
RRosebury
10 New Member
would this go on the login.php page or loginaction.php page tho?
Jan 7 '10 #7
Frinavale
9,735 Recognized Expert Moderator Expert
You never mentioned either of these pages....
What is the purpose of each page?
Are they combined? Do you have more than one submit on the same page?
Jan 7 '10 #8
RRosebury
10 New Member
Sorry my mistake, login.php takes the user details e-mail and password via a input form and then when the button submit is clicked. The data is posted to loginaction.php the code i posted earlier.
Jan 7 '10 #9
Frinavale
9,735 Recognized Expert Moderator Expert
Retrieve $i from session instead of setting it to 0.
Before you exit the page be sure to store $i in session so that you can retrieve it next time the page is submitted to check if the user has provided an invalid password more 5 times...
Jan 7 '10 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

3
1962
by: Gary | last post by:
Hi, guys! Some of my applications are sharing same SQL login/password to connect to a database called "MyDB" on server "MyServer" . The password is encrypted and stored in registry or some configuration file the applications use. The applications use certain arithmetic to decrypt the password and then connect to MyDB. The problem is a...
3
2370
by: tchangmian | last post by:
I want to limit user login by writing ASP program. In details, if a user had logged in wrongly for more than three times, then the user will not be abled to log in to the system anymore even thought he key in correctly the username and password in the 4th time. That's means he cant login forever until the administrator edit his status in the...
1
7249
by: ad | last post by:
I want the if a user enter invalid password by tree times, the system will hold. How can I limit max Invalid Password Attempts with Login Controls? I have set the maxInvalidPasswordAttempts in web.config like below, but it no effect. <membership defaultProvider="MyMembershipProvider"> <providers>
2
1644
by: matias.cornejo | last post by:
I have some users that have 5 or 6 connections with the same login at the same time. I want to limit that each user can have less than 3 connectios per login. How can I do that?? Thanks in advance
6
2713
by: Breana | last post by:
How can i limit the number of results to 10 and have a Next >> button appear or << Back on the bottom if there is more than 10 results? Because as of now it's only 7 members but it will soon be 400 lol And have it fit into this code... <? $sql = "select login, gender, aboutme from users"; $_res = mysql_query($sql); while(...
10
2462
by: Drew | last post by:
I am trying to limit access to certain pages on our intranet, and have been using the following code to do so, dim Login, L, LL, StringLen, NTUser Set Login = Request.ServerVariables("LOGON_USER") L=Len(Login) LL=InStr(Login, "\") StringLen=L-LL NTUser = (Right(Login, StringLen))
0
2527
by: parun | last post by:
Hello, is there a possibility to log on to a user whose length is greater than 8 characters. My system is AIX and system base authentication . At IBM I found this information: Limit Windows Linux / UNIX Group Name Length Up to 30 characters Up to 30 characters User Name Length Up to 30 characters (1) (2) Up to 8 characters Case Case...
3
4023
by: =?Utf-8?B?QmlsbHkgWmhhbmc=?= | last post by:
I want to limit the user only login the system one time at the same time. I don't want him login the system two with the same user at the same time. How to do this? If i have a table to record if this user has logined, this user didn't logout and just close IE, how do i set his recoed in the table logout? Thanks, -Billy
1
3966
bilibytes
by: bilibytes | last post by:
Hi everyone, I have new questions for tonight. I would like to know the best ways to prevent Denial Of Service Attacks. Well my question is a bit more precise than that. I can see of three vectors of implementing a DoS attack (an attacker will certainly use a combination of the 3 ...) here they are: 1. Iteration: using a program that...
0
7655
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7869
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8101
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7627
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
6221
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5193
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3623
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3608
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1191
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.