Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    CBG
    CBG is offline
    New Coder
    Join Date
    Feb 2010
    Location
    UK
    Posts
    91
    Thanks
    26
    Thanked 0 Times in 0 Posts

    Question Limit wrong login then block for 10 minutes - How?

    Hi,

    I am needing some code, so that I can put a limit of the amount of wrong logins.
    For example ather 3 login, they get block for 10 minutes.

    I would like it to run via PHP/MySQL.

    I already have a login script that is being used by the script I am using which is a PHP/MySQL script
    Regards,
    CBG

  • #2
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Quote Originally Posted by CBG View Post
    I am needing some code
    This isn't a wishing well for code. If you just mis-phrased your meaning, though, here's what I"m doing in a current project.

    You can add a few fields to your users table and test them with some additional logic on login attempts.

    failed_login_count, int(11)
    last_access, datetime
    locked_out, tinyint(1)

    And then add core values for the lockout duration (in your case, 10 minutes) and failed login max (3, in your example).

    It shouldn't be too hard to work up pseudocode from that, and then to build that out into PHP.
    Are you a Help Vampire?

  • #3
    Regular Coder jfreak53's Avatar
    Join Date
    May 2004
    Location
    Guatemala
    Posts
    477
    Thanks
    19
    Thanked 10 Times in 10 Posts
    You can also add to the PHP code of yours and your DB a table for IP blocks. Then add a time limit for the IP in the table. When they reach 10 times, you block their IP till x time on the server. Real simple actually to block IPs, this would be better. You keep two records also, one record of login attemps in the user DB as tom said then you keep another login attempt record in the users session variable to compare against and block. That way you block the user from trying again and you also block the IP, in case they try another username. Now if they are leapfrogging then your stuck, but the user still gets blocked.

    Instead of using a 10 min blocking in the DB, this would require a start time to calculate also stored in DB. What you need to store is not the limit of blocking, what you need to do is calculate 10 minutes from now() and then store that time to re-activate in the DB. Then when you read the user login you read it to say, if time is past stored time, allow, else deny.

    Real simple and it's a double blocking mechanism.
    "FORTRAN is not a language. It's a way of turning a multi-million dollar mainframe, into a $50 programmable scientific calculator."
    http://www.microfastcat.com -- FastCat Software, the fastest software on the NET!
    http://www.microthosting.com -- Free reseller web hosting, Hosting, VPS, FREE SMALL HOSTING!!!
    http://www.microtronix-tech.com -- Web design and programming

  • #4
    New Coder
    Join Date
    Jun 2010
    Posts
    20
    Thanks
    0
    Thanked 1 Time in 1 Post
    This is depending on how secure you want your site.
    The best way to determine what you need to do is to log each attempt... each time a user logs in, track their email, username, ip address and if their password was right or not.
    Check these links for more info about secure login:

    Wide variety of captcha providers available for free.
    PHP Secure Login Tips And Tricks
    Nothing's imposible imagination is everything!
    Database Benchmark Software (GNU GPL) | world's fastest database


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •