...

View Full Version : How to develop a login system that I can configure for 3 or 5 login attempts?



westmatrix99
08-21-2007, 03:25 PM
This may have been asked before but I would like to learn how to develop a login system that I can configure for 3 or 5 login attempts.

Is there anyone that knows what I mean? as I am sure that it's a counter thing that I need to do but really not sure where to start.

I have the login table like this:


<form action="$login_action;" method="POST" name="frmlogin">
<table width="300" border="0" cellpadding="2" cellspacing="2">
<tr>
<td width="70" align="right">Username:</td>
<td><input name="username" type="text" "username" maxlength="50" /></td>
</tr>
<tr>
<td align="right">Password:</td>
<td><input name="password" type="password" id="password" maxlength="50" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" value="Log In" /></td>
</tr>
</table>
</form>

rafiki
08-21-2007, 04:07 PM
store the amount of times in a session and if more than 3 or 5 echo an error

westmatrix99
08-21-2007, 04:19 PM
Cool, I do like it but no clue where to place code.
This is what I got but not tested it, let me test and come back.


$limits = 5; //sets an limit for multiple tries
If ($session_name) == $limits
{
?>
You had 5 unsuccesfull login attempts.
<?
} else if ($loginsuccesfull){
//login code replace login succesful with when the login is succesfull code
} else {
login form and things
}

rafiki
08-21-2007, 04:24 PM
try

$limits = 5; //sets an limit for multiple tries
If ($_SESSION['tries'] == $limits)
{
?>
You had 5 unsuccesfull login attempts.
<?
} else if ($_SESSION['logged_in'] == 'yes'){
login
//login code replace login succesful with when the login is succesfull code
} elseif(!$_SESSION['logged_in'] == 'no' && $_POST['submit'] == 'yes'){
$_SESSION['tries'] = $_SESSION['tries']++;
login form and things
}else{
login form and things
}

westmatrix99
08-21-2007, 05:05 PM
Ok as have no exact clue what it is that I am doing here but this is what I got:


<h4>Login</h4>
<?php
$limits = 5; //sets an limit for multiple tries
if ($_SESSION['tries'] == $limits)
{
$error = "You had 5 unsuccesfull login attempts."
?>
<?
}
else if ($_SESSION['logged_in'] == 'yes'){
//login code replace login succesful with when the login is succesfull code
} elseif(!$_SESSION['logged_in'] == 'no' && $_POST['submit'] == 'yes'){
$_SESSION['tries'] = $_SESSION['tries']++;
?>
<form ACTION="<?php echo $loginFormAction; ?>" METHOD="POST" name="frmlogin" id="frmlogin">
<table width="200" border="0" cellspacing="2" cellpadding="2">
<tr>
<td><p>Username</p></td>
<td><p>
<input name="username" type="text" id="username">
</p></td>
</tr>
<tr>
<td><p>Password</p></td>
<td><p>
<input name="password" type="password" id="password">
</p></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Login"> </td>
</tr>
<tr>
<td colspan="2"><?php $error; ?> <input name="tries" type="text" id="tries" value="<?php echo $_SESSION['tries']; ?>" size="5"> <input name="logged_in" type="text" id="logged_in" value="<?php echo $_SESSION['logged_in']; ?>" size="10"></td>
</tr>
</table>
</form>
<?
}else{
?>
//same form as above...
<?
}
?>


The idea with the textboxes is to post the data that is being checked?

rafiki
08-21-2007, 05:10 PM
$limits = 5; //sets an limit for multiple tries
If ($_SESSION['tries'] == $limits) // if tries is == limits
{
?>
You had 5 unsuccesfull login attempts.
<?
} else if ($_SESSION['logged_in'] == 'yes'){ // login
login
//login code replace login succesful with when the login is succesfull code
} elseif(!$_SESSION['logged_in'] == 'no' && $_POST['submit'] == 'yes'){ //if //they submit the form and is not correct info
$_SESSION['tries'] = $_SESSION['tries']++;
login form and things
}else{
login form and things //if form not submitted
}

i added a few comments to help you.

westmatrix99
08-21-2007, 05:35 PM
I am busy playing around with it now so will come back once complete.

THANK YOU AGAIN!

TheShaner
08-21-2007, 06:15 PM
Remember that when using sessions, you must have session_start(); as your first line.

Also, you'll want to first initialize $_SESSION['tries'], so put:

$_SESSION['tries'] = 0;
in your last else { statement.

You should also have a "check login" function that first checks to see if their login is correct. If it is, that's when you set:

$_SESSION['logged_in'] = 'yes';

And last, say someone gets 5 unsuccessful login attempts, that error will never be displayed because the rest of your code is all in the if...else statements.

-Shane

CFMaBiSmAd
08-21-2007, 06:31 PM
By default, a new session will be created for any visitor by closing the browser and then visiting your site again. You cannot use a session to hold the count. You must store this information in a database, where nothing the visitor can do (delete a cookie, close his browser...) will affect the accuracy of the data.

westmatrix99
08-21-2007, 06:33 PM
Thanks.

westmatrix99
08-21-2007, 06:49 PM
Thank you all for your help, not complete yet.
Thanks again.

Fumigator
08-21-2007, 09:58 PM
But in practical terms, the only reason you would time out after 3 failed attempts is to keep a bot from rifling through the dictionary in an effort to guess someone's password, and closing the browser/deleting cookies are not likely actions a bot script would undertake, so you're probably fine.

Even better than locking a username after 3 bad attempts (which I think is a highly annoying security feature) is to enforce strong passwords. Combination of letters and numbers, 6 characters long, no repeated characters (in sequence), etc.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum