Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page Limit wrong login then block for 10 minutes - How?

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 06-17-2010, 02:01 PM   PM User | #1
CBG
New Coder

 
Join Date: Feb 2010
Location: UK
Posts: 86
Thanks: 24
Thanked 0 Times in 0 Posts
CBG is an unknown quantity at this point
Question Limit wrong login then block for 10 minutes - How?
Hi,

I am needing some code, so that I can put a limit of the amount of wrong logins.
For example ather 3 login, they get block for 10 minutes.

I would like it to run via PHP/MySQL.

I already have a login script that is being used by the script I am using which is a PHP/MySQL script
__________________
Regards,
CBG
CBG is offline   Reply With Quote
Old 06-17-2010, 03:31 PM   PM User | #2
tomws
Senior Coder

 
tomws's Avatar
 
Join Date: Nov 2007
Location: Arkansas
Posts: 2,644
Thanks: 29
Thanked 330 Times in 326 Posts
tomws will become famous soon enoughtomws will become famous soon enough
Quote:
Originally Posted by CBG View Post
I am needing some code
This isn't a wishing well for code. If you just mis-phrased your meaning, though, here's what I"m doing in a current project.

You can add a few fields to your users table and test them with some additional logic on login attempts.

failed_login_count, int(11)
last_access, datetime
locked_out, tinyint(1)

And then add core values for the lockout duration (in your case, 10 minutes) and failed login max (3, in your example).

It shouldn't be too hard to work up pseudocode from that, and then to build that out into PHP.
__________________
Are you a Help Vampire?
tomws is offline   Reply With Quote
Old 06-18-2010, 03:31 PM   PM User | #3
jfreak53
Regular Coder

 
jfreak53's Avatar
 
Join Date: May 2004
Location: Guatemala
Posts: 477
Thanks: 19
Thanked 10 Times in 10 Posts
jfreak53 is an unknown quantity at this point
You can also add to the PHP code of yours and your DB a table for IP blocks. Then add a time limit for the IP in the table. When they reach 10 times, you block their IP till x time on the server. Real simple actually to block IPs, this would be better. You keep two records also, one record of login attemps in the user DB as tom said then you keep another login attempt record in the users session variable to compare against and block. That way you block the user from trying again and you also block the IP, in case they try another username. Now if they are leapfrogging then your stuck, but the user still gets blocked.

Instead of using a 10 min blocking in the DB, this would require a start time to calculate also stored in DB. What you need to store is not the limit of blocking, what you need to do is calculate 10 minutes from now() and then store that time to re-activate in the DB. Then when you read the user login you read it to say, if time is past stored time, allow, else deny.

Real simple and it's a double blocking mechanism.
__________________
"FORTRAN is not a language. It's a way of turning a multi-million dollar mainframe, into a $50 programmable scientific calculator."
http://www.microfastcat.com -- FastCat Software, the fastest software on the NET!
http://www.microthosting.com -- Free reseller web hosting, Hosting, VPS, FREE SMALL HOSTING!!!
http://www.microtronix-tech.com -- Web design and programming
jfreak53 is offline   Reply With Quote
Old 06-18-2010, 05:12 PM   PM User | #4
saviola
New Coder

 
Join Date: Jun 2010
Posts: 20
Thanks: 0
Thanked 1 Time in 1 Post
saviola is an unknown quantity at this point
This is depending on how secure you want your site.
The best way to determine what you need to do is to log each attempt... each time a user logs in, track their email, username, ip address and if their password was right or not.
Check these links for more info about secure login:

Wide variety of captcha providers available for free.
PHP Secure Login Tips And Tricks
__________________
Nothing's imposible imagination is everything!
Database Benchmark Software (GNU GPL) | world's fastest database
saviola is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 12:53 PM.
Advertisement
Log in to turn off these ads.