October 25th, 2012, 08:06 AM
PHP counter for invalid nickname password
Can anybody write for me a very simple example of how I can have a counter on my site? basically, a counter that would inform a user that the wrong nickname and/or password has been entered, 3 times would kick him/her out of the site for 15 minutes.
It might sound like I'm asking too much but I only want the basic principle, I'm not really a newbie but it is definitely the first time I write a counter program in PHP. I wrote a program but my counter variable won't store the updated values, no idea what I'm doing wrong.
Thanks a lot.
October 25th, 2012, 08:13 AM
You would probably want to keep that count as a column in the database along with the user password, etc. You could use a session variable that does not expire but that might be too easily circumvented depending on how secure you what this to be.
There are 10 kinds of people in the world. Those that understand binary and those that don't.
October 25th, 2012, 08:23 AM
Like gw1500se says, you're going to need two extra fields in your user table; "number_of_tries" and "lockout_datetime"; by default, the number stored in "number_of_tries" is 0. When the user fails to log in, the number in that field is increased by 1 and when it reaches 3, set the "lockout_datetime" to the current date/time and then when the user tries to log back in, if it's still within 15 mins (or whatever) of the lockout time, then tell the user to clear off!
If it's outside of that time then reset the counter to 0 and start again!
"For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
- George Orwell, 1984
October 25th, 2012, 08:37 AM
Maybe overkill, but another option is to store the username, datetime, client's IP, etc every time.
Then upon logging in, do a query for the given user and return results just for the past 15 minutes.
October 26th, 2012, 08:49 AM
Guys thanks a lot, based on your suggestions I did the first part with the new columns in MySQL and it worked. The second part would be to do something once the user has reached the max number of attempts, we'll see how that goes.
November 2nd, 2012, 01:26 AM