failed attempts

How can I implement failed attempts with “x” amount of times into the login script below. Solely locking on a IP/username basis. I set up a separate DB like this failed_logins: IP/uusername/failed_attempts

The login script

[php]<?php
include(“config.php”);
session_start();
if($_SERVER[“REQUEST_METHOD”] == “POST”)

// username and password sent from Form
$myusername=mysql_real_escape_string($_POST[‘username’]);
$mypassword=mysql_real_escape_string($_POST[‘password’]);
$passcode=sha1(“some hashing performed here”); // Encrypted Password
if (($strUser != “$myusername”)&&($strPassword != “$passcode”)){
$sql=“SELECT id FROM user WHERE username=’”.$myusername."’ and password=’".$passcode."’";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION[‘myusername’];
$_SESSION[‘login_user’]=$myusername;
header(“location: index.php”);
}
else{
$error=“Your Login Name or Password is invalid”;
}
}

?>[/php]

for me i’d put a counter in this part of the code:
[php]else{
$error=“Your Login Name or Password is invalid”;
}[/php]

like so:
[php]$attempt = 0; // start the counter at zero!
if($count==1){
$_SESSION[‘myusername’];
$_SESSION[‘login_user’]=$myusername;
header(“location: index.php”);
}
else{
$error=“Your Login Name or Password is invalid”;
$attempt++; // im using a counter increment, probably better to store the count (and ip) in a database…
}[/php]

Then an if clause:
[php]if($attempt >= 3) {
// too many attempts! do something…
}[/php]

Hope this points you in the right direction.
Red :wink:

Sponsor our Newsletter | Privacy Policy | Terms of Service