bahaa Posted June 1, 2011 Share Posted June 1, 2011 Hello, Can any one help me limit the login attempts? for example: making the user wait 15 minutes after 5 unsuccessful login. Thank in advance. Link to comment Share on other sites More sharing options...
Larry Posted June 2, 2011 Share Posted June 2, 2011 Add a wrong_logins column to whatever users table. For each wrong login, increase this by 1. Add a wait_logins column of type TIMESTAMP. When wrong_logins gets to 5, update this column to NOW() plus 15 minutes. When the user properly logs in, set wrong_logins to 0 and wait_logins to NULL. Add a check to the login process that wait_logins must be NULL. That's the basic idea. Link to comment Share on other sites More sharing options...
bahaa Posted June 2, 2011 Author Share Posted June 2, 2011 Add a wrong_logins column to whatever users table. For each wrong login, increase this by 1. Add a wait_logins column of type TIMESTAMP. When wrong_logins gets to 5, update this column to NOW() plus 15 minutes. When the user properly logs in, set wrong_logins to 0 and wait_logins to NULL. Add a check to the login process that wait_logins must be NULL. That's the basic idea. Thanks Larry. I will try it and let you know> Link to comment Share on other sites More sharing options...
bahaa Posted June 2, 2011 Author Share Posted June 2, 2011 I have a little problem, which is one I update the wait_login NOW() plus 15, it resets if to zeroz. Link to comment Share on other sites More sharing options...
bahaa Posted June 3, 2011 Author Share Posted June 3, 2011 I tries this and it worked. is it good enough ? $q = " select username, password, login_count, wait_login from users where username = '$username' and password = '$password' limit 1 "; $r = mysql_query($q, $con); confirm_query($r); if(mysql_num_rows($r) == 1){ $row = mysql_fetch_array($r); $wait_login = $row['wait_login']; if($wait_login > time()){ echo " you are locked out for 15 minutes"; }else { echo "You are logged in!"; $q = " UPDATE users set login_count = 0 where username = '$username' "; $r = mysql_query($q, $con); confirm_query($r); } } else { echo "Incorrect password!"; $q = " UPDATE users set login_count = login_count +1 where username = '$username' "; $r = mysql_query($q, $con); confirm_query($r); $q = " SELECT login_count, wait_login from users where username = '$username' "; $r = mysql_query($q, $con); confirm_query($r); $row = mysql_fetch_array($r); $login_count = $row['login_count']; $login_wait =$row['wait_login']; if($login_count>5){ echo " You are locked out for 15 Minute!";} elseif($login_wait<=time()){ $q = " UPDATE users set wait_login ='$lockout' where username = '$username' "; $r = mysql_query($q, $con); confirm_query($r); } } Link to comment Share on other sites More sharing options...
Antonio Conte Posted June 3, 2011 Share Posted June 3, 2011 From Mysqli reference: ADDTIME(expr1,expr2) ADDTIME() adds expr2 to expr1 and returns the result. expr1 is a time or datetime expression, and expr2 is a time expression. Something like: ADDTIME('NOW()', '00:15:00') might work. 1 Link to comment Share on other sites More sharing options...
Recommended Posts