PHP-General - PHP counter for invalid nickname password

Hello,

Can anybody write for me a very simple example of how I can have a counter on my site? basically, a counter that would inform a user that the wrong nickname and/or password has been entered, 3 times would kick him/her out of the site for 15 minutes.

It might sound like I'm asking too much but I only want the basic principle, I'm not really a newbie but it is definitely the first time I write a counter program in PHP. I wrote a program but my counter variable won't store the updated values, no idea what I'm doing wrong.

Thanks a lot.

You would probably want to keep that count as a column in the database along with the user password, etc. You could use a session variable that does not expire but that might be too easily circumvented depending on how secure you what this to be.

Like gw1500se says, you're going to need two extra fields in your user table; "number_of_tries" and "lockout_datetime"; by default, the number stored in "number_of_tries" is 0. When the user fails to log in, the number in that field is increased by 1 and when it reaches 3, set the "lockout_datetime" to the current date/time and then when the user tries to log back in, if it's still within 15 mins (or whatever) of the lockout time, then tell the user to clear off!

If it's outside of that time then reset the counter to 0 and start again!

Maybe overkill, but another option is to store the username, datetime, client's IP, etc every time.

Then upon logging in, do a query for the given user and return results just for the past 15 minutes.

Guys thanks a lot, based on your suggestions I did the first part with the new columns in MySQL and it worked. The second part would be to do something once the user has reached the max number of attempts, we'll see how that goes.

thank you for share