Solved

Show alert after 3 wrong login attempts

Posted on 2011-09-27
5
302 Views
Last Modified: 2012-06-27
So, I'm trying to create an if/else statement that sends a warning to someone who has tried more than 3 invalid login attempts. When someone tries to login it looks to a MySQL db and if a username with that password matches, it forwards them on. But if it’s wrong I want it to begin a count and then at 4 wrong attempts display an error message. So right now, here’s what I have:

On the login page:
<login form>
if ($i>3) {echo “error message”;}

On the check login info page:
if (login is right)
{ assign variables and pass on}
else
{ $i++;}

Any help would be appreciated!
0
Comment
Question by:brendan-amex
  • 2
  • 2
5 Comments
 
LVL 8

Expert Comment

by:Rik-Legger
Comment Utility
You could do this by using sessions,

session_start();

if ($_SESSION['login_attempts'] > 3) {
    echo  'error message';
    die;
}

if (login is right) {
    // 
} else {
    $_SESSION['login_attempts']++;
}

Open in new window

0
 
LVL 13

Expert Comment

by:Hugh McCurdy
Comment Utility
Sessions only works if your record the 3 attempts in the database.  Otherwise someone could just close the browser and get 3 more sessions.  A hacker would figure that trick out quickly and just destroy the session variable using software.

What I would do is record the attempts in the database record belonging to the user.

The simple approach is to simply keep a counter in the database record.  Be sure you reset the counter to 0 if the login attempt is successful.  If the counter gets to 3, then lock the account, produce instructions on how to unlock it, etc.

A more complicated approach has the counter but also records the time of each login attempt (successful or not).  You'd keep a history of at least 3 but it could be more, like 10.  This might help if you wanted to investigate further.
0
 

Author Comment

by:brendan-amex
Comment Utility
I see, recording it in a database makes sense but what if a couple people enter a wrong password at the same time and then it locks out for all of them? Could I grab the IP address from the computer and put that in the database as well to associate with it....
0
 
LVL 13

Accepted Solution

by:
Hugh McCurdy earned 500 total points
Comment Utility
I guess I wasn't clear.

You want to store the failed attempts in the record (table row) that  is associated with the user attempting to login.

If more than one user is trying to login under the same user name from different locations, you have enough of a problem to justify locking the account right then.

Your idea of IP address is good.  If you know the user is in Detroit and you start getting login attempts from an IP in Armenia, you might want to know about it.
0
 

Author Closing Comment

by:brendan-amex
Comment Utility
I understand what you're saying now. I have a CAPTCHA come up after 3 wrong attempts from the same IP address. Hopefully this helps against bot attacks. Thanks for your help.
0

Featured Post

Easy Project Management (No User Manual Required)

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now