How can I implement failed attempts with “x” amount of times into the login script below. Solely locking on a IP/username basis. I set up a separate DB like this failed_logins: IP/uusername/failed_attempts
The login script
[php]<?php
include(“config.php”);
session_start();
if($_SERVER[“REQUEST_METHOD”] == “POST”)
// username and password sent from Form
$myusername=mysql_real_escape_string($_POST[‘username’]);
$mypassword=mysql_real_escape_string($_POST[‘password’]);
$passcode=sha1(“some hashing performed here”); // Encrypted Password
if (($strUser != “$myusername”)&&($strPassword != “$passcode”)){
$sql=“SELECT id FROM user WHERE username=’”.$myusername."’ and password=’".$passcode."’";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION[‘myusername’];
$_SESSION[‘login_user’]=$myusername;
header(“location: index.php”);
}
else{
$error=“Your Login Name or Password is invalid”;
}
}
?>[/php]