I'm in the process of making a website, I know the basics of PHP etc.. and have a page where a user has to sign up and activiate thier account via e-mail, when they clikc the link it change a field in the MySQL database from 0 to 1. If it remains 0 the user cannot login in.
What I want to do, is set it up so if the password is wrong say 5 times then this activiation number is updated and changed to 0 again. How would be best to do this? If statement? While loop or what??
I have attached the work in progress of the code and any help would be appreciated ASAP! -
<?php
-
-
include "dbconnect.php";
-
session_start();
-
$email =$_POST["email"];
-
$password =$_POST["password"];
-
$password2 = md5("$password");
-
$activation = 1;
-
$i=0;
-
if ($i < 5)
-
{
-
-
-
-
-
if (empty($email) or empty($password))
-
{
-
$_SESSION["message"] = "Must enter your E-mail and Password " ;
-
header("Location: login.php"); //This sets the redirection information
-
//Ends the script and redirects to above
-
}
-
-
$query = "SELECT * FROM clients_details WHERE email = '$email' AND password = '$password2' AND activation = '$activation' ";
-
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
-
// see if any rows were returned
-
if (mysql_num_rows($result) > 0)
-
{
-
$_SESSION["authenticatedUser"] = $email;
-
// Relocate to the logged-in page
-
header("Location: usercontrol.php");
-
}
-
else
-
{
-
$i = + 1;
-
$_SESSION["message"] = "Could not login as $email " ;
-
header("Location: login.php");
-
-
-
}
-
-
}
-
else {
-
$query = " UPDATE clients_details SET activation = '0' WHERE email= '$email' ";
-
$_SESSION["message"] = "$email your account has been blocked, please contact the systems administrator! " ;
-
header("Location: login.php");
-
}
-
-
exit;
-
?>
17 9608 Frinavale 9,735
Recognized Expert Moderator Expert
You may consider adding a time window for the login attempts...for example, 5 minutes or something.
You could use session to keep track of the number of times a user has attempted to log in from a particular browser. Or you could use a hiddenfield (which is client side so this could be reset and probably shouldn't be depended on). Or you could use a cookie (also stored client side)...or you could store this number in the database.....
-Frinny
I have a timeout session in place, whcih logs out the user after 600 seconds, but I thought it would be a simple if statement. Stating the password is wrong of the 5th time then update the database, make the activiation code to 0 and therefore blocking the account.
This is some help that has been suggested to me:
Looks like $i will be re-set to 0 each time the script is run.
May need to create a session variable counter and pass it back and forward between the form and script.
Any help would be appreciated
thanks
Frinavale 9,735
Recognized Expert Moderator Expert
Well, when the user clicks the "login" button, you should authenticate the password. If the password is wrong then increment the variable in session that keeps track of the number of times that that the user has provided an invalid password. If an invalid password has been provided incorrectly 5 times, then preform the necessary steps to deactivate the account. (You need to use if-statements to accomplish this).
-Frinny
Would it be possible for you to include some coding for an example please
Frinavale 9,735
Recognized Expert Moderator Expert
The $_POST is array of variables passed to the current script via the HTTP POST method. If your submit button was clicked then your submit button will be part of the post.
The isset method determines if a variable is set and is not NULL. If the submit is part of the array of variables passed in to the current script, then it will not be null and you know the user clicked your submit button. -
if (isset($_POST['Submit'])) {
-
//In here check if the user has provided the correct password
-
//If the user has not provided the correct password:
-
// grab the Session variable for tracking the number of times
-
// the user has provided an incorrect password and increment the counter
-
// If the user has provided an incorrect password more than 5 times then:
-
// do what is necessary to deactivate the account
-
}
would this go on the login.php page or loginaction.php page tho?
Frinavale 9,735
Recognized Expert Moderator Expert
You never mentioned either of these pages....
What is the purpose of each page?
Are they combined? Do you have more than one submit on the same page?
Sorry my mistake, login.php takes the user details e-mail and password via a input form and then when the button submit is clicked. The data is posted to loginaction.php the code i posted earlier.
Frinavale 9,735
Recognized Expert Moderator Expert
Retrieve $i from session instead of setting it to 0.
Before you exit the page be sure to store $i in session so that you can retrieve it next time the page is submitted to check if the user has provided an invalid password more 5 times...
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Gary |
last post by:
Hi, guys!
Some of my applications are sharing same SQL login/password to connect
to a database called "MyDB" on server "MyServer" . The password is
encrypted and stored in registry or some configuration file the
applications use. The applications use certain arithmetic to decrypt
the password and then connect to MyDB.
The problem is a few developers know the arithmetic. So virtually
there is no security here.
|
by: tchangmian |
last post by:
I want to limit user login by writing ASP program. In details, if a
user had logged in wrongly for more than three times, then the user
will not be abled to log in to the system anymore even thought he key
in correctly the username and password in the 4th time. That's means
he cant login forever until the administrator edit his status in the
database
Can i refer to any ASP sample coding for this application?
|
by: ad |
last post by:
I want the if a user enter invalid password by tree times, the system will
hold.
How can I limit max Invalid Password Attempts with Login Controls?
I have set the maxInvalidPasswordAttempts in web.config like below, but it
no effect.
<membership defaultProvider="MyMembershipProvider">
<providers>
|
by: matias.cornejo |
last post by:
I have some users that have 5 or 6 connections with the same login at
the same time. I want to limit that each user can have less than 3
connectios per login. How can I do that??
Thanks in advance
|
by: Breana |
last post by:
How can i limit the number of results to 10 and have a Next >> button appear or << Back on the bottom if there is more than 10 results?
Because as of now it's only 7 members but it will soon be 400 lol
And have it fit into this code...
<?
$sql = "select login, gender, aboutme from users";
$_res = mysql_query($sql);
while( $_row = mysql_fetch_assoc($_res) )
{
echo '<font face="Geneva size="-2">', '<font...
| |
by: Drew |
last post by:
I am trying to limit access to certain pages on our intranet, and have been
using the following code to do so,
dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))
|
by: parun |
last post by:
Hello, is there a possibility to log on to a user whose length is greater
than 8 characters. My system is AIX and system base authentication . At
IBM I found this information:
Limit Windows Linux / UNIX
Group Name Length Up to 30 characters Up to 30 characters
User Name Length Up to 30 characters (1) (2) Up to 8 characters
Case Case insensitive Lowercase only
I have created a user system and I can login in the system, however, when
|
by: =?Utf-8?B?QmlsbHkgWmhhbmc=?= |
last post by:
I want to limit the user only login the system one time at the same time.
I don't want him login the system two with the same user at the same time.
How to do this?
If i have a table to record if this user has logined, this user didn't
logout and just close IE, how do i set his recoed in the table logout?
Thanks,
-Billy
|
by: bilibytes |
last post by:
Hi everyone,
I have new questions for tonight.
I would like to know the best ways to prevent Denial Of Service Attacks.
Well my question is a bit more precise than that.
I can see of three vectors of implementing a DoS attack (an attacker will certainly use a combination of the 3 ...) here they are:
1. Iteration: using a program that will repeatedly make requests with GET/POST.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |