Checking Username &amp; Pass

Checking Username & Pass

kianoosh

I'm trying to write a program which can disable a person to login
page after 3 times entering wrong password 🙂) .
I could do it very easily with ASP 3.0 by using cookies , but I really
don't know how to do it with PHP. Can anybody help me
to write it ? 🙂)
It should be very easy ... 🙂

jassh

ermm..

how about this...

set a $counter in the form...
set the innitial to $counter = 0
the http_get_vars the $counter.. when the login processes
then $counter+ when access denied..
if $counter > 3 then disable login...

that ony a suggestion.. hope it helps..
but i think there are other pro out there taht haev better solution..

gewd luck m8...

-jassh

cahva

When can this person who has tried 3 times to try again?

kianoosh

Originally posted by jassh
ermm..

how about this...

set a $counter in the form...
set the innitial to $counter = 0
the http_get_vars the $counter.. when the login processes
then $counter+ when access denied..
if $counter > 3 then disable login...

that ony a suggestion.. hope it helps..
but i think there are other pro out there taht haev better solution..

gewd luck m8...

-jassh

======================================

I just don't get it !!!
How can this program understand that was that person who
tried to login before ? 🙂)
Can you write it more understandable please ? 🙂)
I think I have to make a session , or I can make something
like a cookie on user's computer and then read the value
from that ...
All mail servers and user logins have this program , ...
don't they ?
Thanks .

Norman

Originally posted by kianoosh
======================================

I just don't get it !!!
How can this program understand that was that person who
tried to login before ? 🙂)
Can you write it more understandable please ? 🙂)
I think I have to make a session , or I can make something
like a cookie on user's computer and then read the value
from that ...
All mail servers and user logins have this program , ...
don't they ?
Thanks .

Well, you should be able to do the Cookie thing with PHP as well.. or you can use sessions.. I use sessions ALOT for stuff like this..

Let me know if you want more info.. 🙂 Or you can checkout the PHP Manual, under sessions or cookies.. you can use either.. but session are a little more easy to handle.

xblue

I don't think cookies (or sessions) make much sense. you'd probably annoy your "good" visitors, while "bad" visitors can easily get around it.

tracking the IP is about the same. there simply is no bulletproof way to identify a user.

the only more or less secure method I can think of is completely disable the account after x login failures in a row. this of course would require some way to re-activate the account, maybe similar to what you do in "forgot password" situations.

statrat

not exactly high security, but here ya go:

  <?php
session_start();
if(!isset($_SESSION['logintries'])){
	$_SESSION['logintries']=0;
}
if(!isset($_SESSION['loggedin'])){
	$_SESSION['loggedin']=false;
}


function showform() {

echo "<center>
<form name='login' method='post' action='$PHP_SELF'>
<input type='text' name='user' size='10'>
<br>
<input type='text' name='pass' size='10'>
<br>
<input type='submit' name='submit' value='Login'>
</form>
</center>";
}

if ($_SESSION['loggedin']==false){

if (!$submit) {
	showform();

		exit;

}
elseif($submit) {
$_SESSION['logintries']++;
	if($_SESSION['logintries']>3){
		$_SESSION['logintries']=0;

		echo "This page is for members only. You are being redirected to the home page.";
		echo "<META HTTP-EQUIV=Refresh CONTENT=\"6; URL=http://www.domain.com/\">";
		exit;
	}
	elseif (empty($user)) {
		echo "<center><p>Please enter a username.</p></center>";

		showform();
		exit;

	}
	elseif (empty($pass)) {
		echo "<center><p>Please enter a password.</p></p></center>";

		showform();

		exit;

	}
	elseif( (!$user='usernamehere') && (!$pass='passwordhere') ) {
		echo "<center><p>Invalid username or password.</p></center>";

		showform();

		exit;

	}
	else {
			$_SESSION['loggedin']=true;
			$_SESSION['logintries']=0;
	}
}
else {
	$_SESSION['loggedin']=true;
	$_SESSION['logintries']=0;
}
}

?>