Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Question How to develop a login system that I can configure for 3 or 5 login attempts?

    This may have been asked before but I would like to learn how to develop a login system that I can configure for 3 or 5 login attempts.

    Is there anyone that knows what I mean? as I am sure that it's a counter thing that I need to do but really not sure where to start.

    I have the login table like this:
    PHP Code:
    <form action="$login_action;" method="POST" name="frmlogin">
    <
    table width="300" border="0" cellpadding="2" cellspacing="2">
    <
    tr>
    <
    td width="70" align="right">Username:</td>
    <
    td><input name="username" type="text" "username" maxlength="50" /></td>
    </
    tr>
    <
    tr>
    <
    td align="right">Password:</td>
    <
    td><input name="password" type="password" id="password" maxlength="50" /></td>
    </
    tr>
    <
    tr>
    <
    td>&nbsp;</td>
    <
    td><input type="submit" value="Log In" /></td>
    </
    tr>
    </
    table>
    </
    form
    Last edited by westmatrix99; 08-21-2007 at 02:37 PM. Reason: Infractions
    Thanks for you support!

  • #2
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    store the amount of times in a session and if more than 3 or 5 echo an error

  • #3
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Cool, I do like it but no clue where to place code.
    This is what I got but not tested it, let me test and come back.
    PHP Code:
    $limits = 5; //sets an limit for multiple tries 
    If ($session_name) == $limits 
    {
    ?> 
    You had 5 unsuccesfull login attempts.
    <? 
    } else if ($loginsuccesfull){
    //login code replace login succesful with when the login is succesfull code
    } else {
    login form and things 
    }
    Thanks for you support!

  • #4
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    try
    PHP Code:
    $limits = 5; //sets an limit for multiple tries 
    If ($_SESSION['tries'] == $limits) 
    {
    ?> 
    You had 5 unsuccesfull login attempts.
    <? 
    } else if ($_SESSION['logged_in'] == 'yes'){
    login
    //login code replace login succesful with when the login is succesfull code
    } elseif(!$_SESSION['logged_in'] == 'no' && $_POST['submit'] == 'yes'){
    $_SESSION['tries'] = $_SESSION['tries']++;
    login form and things 
    }else{
    login form and things 
    }

  • Users who have thanked rafiki for this post:

    westmatrix99 (08-21-2007)

  • #5
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Question

    Ok as have no exact clue what it is that I am doing here but this is what I got:
    PHP Code:
    <h4>Login</h4>
    <?php 
    $limits 
    5//sets an limit for multiple tries 
    if ($_SESSION['tries'] == $limits
    {
    $error "You had 5 unsuccesfull login attempts."
    ?>
    <? 

    else if (
    $_SESSION['logged_in'] == 'yes'){
    //login code replace login succesful with when the login is succesfull code
    } elseif(!$_SESSION['logged_in'] == 'no' && $_POST['submit'] == 'yes'){
    $_SESSION['tries'] = $_SESSION['tries']++;
    ?>
    <form ACTION="<?php echo $loginFormAction?>" METHOD="POST" name="frmlogin" id="frmlogin">
    <table width="200" border="0" cellspacing="2" cellpadding="2">
    <tr>
    <td><p>Username</p></td>
    <td><p>
    <input name="username" type="text" id="username">
    </p></td>
    </tr>
    <tr>
    <td><p>Password</p></td>
    <td><p>
    <input name="password" type="password" id="password">
    </p></td>
    </tr>
    <tr>
    <td colspan="2"><input type="submit" value="Login"> </td>
    </tr>
    <tr>
    <td colspan="2"><?php $error?> <input name="tries" type="text" id="tries" value="<?php echo $_SESSION['tries']; ?>" size="5"> <input name="logged_in" type="text" id="logged_in" value="<?php echo $_SESSION['logged_in']; ?>" size="10"></td>
    </tr>
    </table>
    </form>
    <?
    }else{
    ?>
    //same form as above...
    <?
    }
    ?>
    The idea with the textboxes is to post the data that is being checked?
    Thanks for you support!

  • #6
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    PHP Code:
    $limits = 5; //sets an limit for multiple tries 
    If ($_SESSION['tries'] == $limits)  // if tries is == limits
    {
    ?> 
    You had 5 unsuccesfull login attempts.
    <? 
    } else if ($_SESSION['logged_in'] == 'yes'){ // login
    login
    //login code replace login succesful with when the login is succesfull code
    } elseif(!$_SESSION['logged_in'] == 'no' && $_POST['submit'] == 'yes'){ //if //they submit the form and is not correct info
    $_SESSION['tries'] = $_SESSION['tries']++;
    login form and things 
    }else{
    login form and things //if form not submitted
    }
    i added a few comments to help you.

  • Users who have thanked rafiki for this post:

    westmatrix99 (08-21-2007)

  • #7
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    I am busy playing around with it now so will come back once complete.

    THANK YOU AGAIN!
    Thanks for you support!

  • #8
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    Remember that when using sessions, you must have session_start(); as your first line.

    Also, you'll want to first initialize $_SESSION['tries'], so put:
    PHP Code:
    $_SESSION['tries'] = 0
    in your last else { statement.

    You should also have a "check login" function that first checks to see if their login is correct. If it is, that's when you set:
    PHP Code:
    $_SESSION['logged_in'] = 'yes'
    And last, say someone gets 5 unsuccessful login attempts, that error will never be displayed because the rest of your code is all in the if...else statements.

    -Shane

  • #9
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,092
    Thanks
    2
    Thanked 322 Times in 314 Posts
    By default, a new session will be created for any visitor by closing the browser and then visiting your site again. You cannot use a session to hold the count. You must store this information in a database, where nothing the visitor can do (delete a cookie, close his browser...) will affect the accuracy of the data.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #10
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Thanks.
    Thanks for you support!

  • #11
    Regular Coder westmatrix99's Avatar
    Join Date
    Dec 2006
    Location
    South Africa
    Posts
    307
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Thank you all for your help, not complete yet.
    Thanks again.
    Thanks for you support!

  • #12
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    But in practical terms, the only reason you would time out after 3 failed attempts is to keep a bot from rifling through the dictionary in an effort to guess someone's password, and closing the browser/deleting cookies are not likely actions a bot script would undertake, so you're probably fine.

    Even better than locking a username after 3 bad attempts (which I think is a highly annoying security feature) is to enforce strong passwords. Combination of letters and numbers, 6 characters long, no repeated characters (in sequence), etc.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •