#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    8
    Rep Power
    0

    PHP counter for invalid nickname password


    Hello,

    Can anybody write for me a very simple example of how I can have a counter on my site? basically, a counter that would inform a user that the wrong nickname and/or password has been entered, 3 times would kick him/her out of the site for 15 minutes.

    It might sound like I'm asking too much but I only want the basic principle, I'm not really a newbie but it is definitely the first time I write a counter program in PHP. I wrote a program but my counter variable won't store the updated values, no idea what I'm doing wrong.

    Thanks a lot.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,600
    Rep Power
    595
    You would probably want to keep that count as a column in the database along with the user password, etc. You could use a session variable that does not expire but that might be too easily circumvented depending on how secure you what this to be.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. Confused badger
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    1,184
    Rep Power
    492
    Like gw1500se says, you're going to need two extra fields in your user table; "number_of_tries" and "lockout_datetime"; by default, the number stored in "number_of_tries" is 0. When the user fails to log in, the number in that field is increased by 1 and when it reaches 3, set the "lockout_datetime" to the current date/time and then when the user tries to log back in, if it's still within 15 mins (or whatever) of the lockout time, then tell the user to clear off!

    If it's outside of that time then reset the counter to 0 and start again!
    "For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
    - George Orwell, 1984
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,042
    Rep Power
    535
    Maybe overkill, but another option is to store the username, datetime, client's IP, etc every time.

    Then upon logging in, do a query for the given user and return results just for the past 15 minutes.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2012
    Posts
    8
    Rep Power
    0
    Guys thanks a lot, based on your suggestions I did the first part with the new columns in MySQL and it worked. The second part would be to do something once the user has reached the max number of attempts, we'll see how that goes.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    1
    Rep Power
    0
    thank you for share

IMN logo majestic logo threadwatch logo seochat tools logo