I'm in the process of making a website, I know the basics of PHP etc.. and have a page where a user has to sign up and activiate thier account via e-mail, when they clikc the link it change a field in the MySQL database from 0 to 1. If it remains 0 the user cannot login in.
What I want to do, is set it up so if the password is wrong say 5 times then this activiation number is updated and changed to 0 again. How would be best to do this? If statement? While loop or what??
I have attached the work in progress of the code and any help would be appreciated ASAP! -
<?php
-
-
include "dbconnect.php";
-
session_start();
-
$email =$_POST["email"];
-
$password =$_POST["password"];
-
$password2 = md5("$password");
-
$activation = 1;
-
$i=0;
-
if ($i < 5)
-
{
-
-
-
-
-
if (empty($email) or empty($password))
-
{
-
$_SESSION["message"] = "Must enter your E-mail and Password " ;
-
header("Location: login.php"); //This sets the redirection information
-
//Ends the script and redirects to above
-
}
-
-
$query = "SELECT * FROM clients_details WHERE email = '$email' AND password = '$password2' AND activation = '$activation' ";
-
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
-
// see if any rows were returned
-
if (mysql_num_rows($result) > 0)
-
{
-
$_SESSION["authenticatedUser"] = $email;
-
// Relocate to the logged-in page
-
header("Location: usercontrol.php");
-
}
-
else
-
{
-
$i = + 1;
-
$_SESSION["message"] = "Could not login as $email " ;
-
header("Location: login.php");
-
-
-
}
-
-
}
-
else {
-
$query = " UPDATE clients_details SET activation = '0' WHERE email= '$email' ";
-
$_SESSION["message"] = "$email your account has been blocked, please contact the systems administrator! " ;
-
header("Location: login.php");
-
}
-
-
exit;
-
?>
17  9566 
You may consider adding a time window for the login attempts...for example, 5 minutes or something.
You could use session to keep track of the number of times a user has attempted to log in from a particular browser. Or you could use a hiddenfield (which is client side so this could be reset and probably shouldn't be depended on). Or you could use a cookie (also stored client side)...or you could store this number in the database.....
-Frinny
I have a timeout session in place, whcih logs out the user after 600 seconds, but I thought it would be a simple if statement. Stating the password is wrong of the 5th time then update the database, make the activiation code to 0 and therefore blocking the account.
This is some help that has been suggested to me:
Looks like $i will be re-set to 0 each time the script is run.
May need to create a session variable counter and pass it back and forward between the form and script.
Any help would be appreciated
thanks
Well, when the user clicks the "login" button, you should authenticate the password. If the password is wrong then increment the variable in session that keeps track of the number of times that that the user has provided an invalid password. If an invalid password has been provided incorrectly 5 times, then preform the necessary steps to deactivate the account. (You need to use if-statements to accomplish this).
-Frinny
Would it be possible for you to include some coding for an example please
The $_POST is array of variables passed to the current script via the HTTP POST method. If your submit button was clicked then your submit button will be part of the post.
The isset method determines if a variable is set and is not NULL. If the submit is part of the array of variables passed in to the current script, then it will not be null and you know the user clicked your submit button. -
if (isset($_POST['Submit'])) {
-
//In here check if the user has provided the correct password
-
//If the user has not provided the correct password:
-
// grab the Session variable for tracking the number of times
-
// the user has provided an incorrect password and increment the counter
-
// If the user has provided an incorrect password more than 5 times then:
-
// do what is necessary to deactivate the account
-
}
would this go on the login.php page or loginaction.php page tho?
You never mentioned either of these pages....
What is the purpose of each page?
Are they combined? Do you have more than one submit on the same page?
Sorry my mistake, login.php takes the user details e-mail and password via a input form and then when the button submit is clicked. The data is posted to loginaction.php the code i posted earlier.
Retrieve $i from session instead of setting it to 0.
Before you exit the page be sure to store $i in session so that you can retrieve it next time the page is submitted to check if the user has provided an invalid password more 5 times...
Nope still cant get it to work grr!!
Ok post what you have :)
I'm not really a PhP expert but I think I can still give you a hand.
-Frinny
login.php -
<h2>Login</h2>
-
<?php
-
// Include the formatted error message
-
if (isset($_SESSION['message']))
-
echo
-
"<h4>".$_SESSION['message']." and ".$_SESSION['count']. "</h4>";
-
// Generate the login <form> layout
-
if (isset($_SESSION['message']))
-
echo
-
"<h4>".$_SESSION['count']. "</h4>";
-
?>
-
<!-- InstanceEndEditable -->
-
<div class="preparation">
-
<!-- InstanceBeginEditable name="paragraph" -->
-
-
<form action="loginaction.php" method="post" name="login" target="_self">
-
<table class="tablelogin" >
-
<tr>
-
<td>
-
<label for="email">E-mail Address</label>
-
</td>
-
<td>
-
<input type="text" name="email" id="email" />
-
</td>
-
</tr>
-
<tr>
-
<td>
-
<label for="password">Password</label>
-
</td>
-
<td>
-
<input type="password" name="password" id="password" />
-
</td>
-
</tr>
-
<tr>
-
<td>
-
</td>
-
<td>
-
</td>
-
</tr>
-
<tr>
-
<td>
-
</td>
-
<td>
-
<input type="hidden" name="count" id="count" value="1" />
-
<input type="reset" name="reset" id="reset" value="Clear" />
-
<input type="submit" name="submit" id="submit" value="Log in" />
-
</td>
-
</tr>
-
</table>
-
</form>
loginaction.php -
<?php
-
-
include "dbconnect.php";
-
session_start();
-
$email =$_POST["email"];
-
$password =$_POST["password"];
-
$password2 = md5("$password");
-
$activation = 1;
-
-
if ($i < 5)
-
{
-
$i=0;
-
-
-
-
-
-
if (empty($email) or empty($password))
-
{
-
$_SESSION["message"] = "Must enter your E-mail and Password " ;
-
header("Location: login.php"); //This sets the redirection information
-
//Ends the script and redirects to above
-
}
-
-
$query = "SELECT * FROM clients_details WHERE email = '$email' AND password = '$password2' AND activation = '$activation' ";
-
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
-
// see if any rows were returned
-
if (mysql_num_rows($result) > 0)
-
{
-
$_SESSION["authenticatedUser"] = $email;
-
// Relocate to the logged-in page
-
header("Location: usercontrol.php");
-
}
-
else
-
{
-
$_SESSION["count"] = $i + 1 ;
-
$_SESSION["message"] = "Could not login as $email " ;
-
header("Location: login.php");
-
-
-
}
-
$_SESSION["count"] = $i + 1 ;
-
}
-
else {
-
$query = " UPDATE clients_details SET activation = '0' WHERE email= '$email' ";
-
$_SESSION["message"] = "$email your account has been blocked, please contact the systems administrator! " ;
-
header("Location: login.php");
-
}
-
-
-
exit;
-
?>
Thats my coding to the point I'm ripping my hair out :p gonna go get a tea and have 5 mins away from the pc. Then have another look at it, hopefully between us we'll figure it out :p
Please post code in [code] tags. It makes things a lot easier.
On line 12 in loginaction.php..shouldn't you be setting $i = $_SESSION['count']?
And, shouldn't this be done before your if statement on line 10?
Yeh I've just made them alterations, the error message now pops up on the on 6th attempt, but it isn't updating the database. Any ideas why?
Well it looks like your SQL query is right but it looks like you aren't actually updating the table? This is probably why.
-Frinny
oh :s can u explain please?
Firgued it out i was missing "mysql_query" from the front of update, thanks so much for your help.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Gary |
last post by:
Hi, guys!
Some of my applications are sharing same SQL login/password to connect
to a database called "MyDB" on server "MyServer" . The password is
encrypted and stored in registry or some...
|
by: tchangmian |
last post by:
I want to limit user login by writing ASP program. In details, if a
user had logged in wrongly for more than three times, then the user
will not be abled to log in to the system anymore even...
|
by: ad |
last post by:
I want the if a user enter invalid password by tree times, the system will
hold.
How can I limit max Invalid Password Attempts with Login Controls?
I have set the maxInvalidPasswordAttempts in...
|
by: matias.cornejo |
last post by:
I have some users that have 5 or 6 connections with the same login at
the same time. I want to limit that each user can have less than 3
connectios per login. How can I do that??
Thanks in...
|
by: Breana |
last post by:
How can i limit the number of results to 10 and have a Next >> button appear or << Back on the bottom if there is more than 10 results?
Because as of now it's only 7 members but it will soon be 400...
|
by: Drew |
last post by:
I am trying to limit access to certain pages on our intranet, and have been
using the following code to do so,
dim Login, L, LL, StringLen, NTUser
Set Login =...
|
by: parun |
last post by:
Hello, is there a possibility to log on to a user whose length is greater
than 8 characters. My system is AIX and system base authentication . At
IBM I found this information:
Limit Windows...
|
by: =?Utf-8?B?QmlsbHkgWmhhbmc=?= |
last post by:
I want to limit the user only login the system one time at the same time.
I don't want him login the system two with the same user at the same time.
How to do this?
If i have a table to record...
|
by: bilibytes |
last post by:
Hi everyone,
I have new questions for tonight.
I would like to know the best ways to prevent Denial Of Service Attacks.
Well my question is a bit more precise than that.
I can see of three...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
