Checking Username &amp; Pass

Checking Username & Pass

kianoosh

Hi guys , 🙂
Do you remember the program for suspending
user's access to the web site after 3 times ? 🙂
Some of you guys really helped me , thank you
for that ... but there is something wrong with
using SESSIONs . If you just close your browser
and open it again , you can do that again , that
means it doesn't work ...
Cookies might be better , Can't we use cookies ?
How can a regular user know that I made a cookie
on their computer ? 🙂
Thanks for helping .

jassh

hi there kianoosh..

well, first of all,
the problem with using session is
(i actually dont prefer to call it 'problem')
i guess it always start a new session everytime u log off
or close ur browser...

so u wanna make em locked down permanently eh..
(or at least until you unleash the,,)
i guess... IMHO, you can log their IP in the database..
and then, count how many attempt...
if say they manage to enter before 3 strike,
then reset the login attempt,
login_attempt = 0 and strike_out = 0 (which is false)
in the db...

say if the IP's login_attempt = 2,
and they think they can outsmart ya,
by closing the browser when the login_attempt = 2,
hoping that it will reset..
bzzz.. wrong answer...
coz when they use the same IP, the login_attempt wont reset,
unless they manage to login..

if they got a strike out...
blacklist the IP...
so everytime they use the same IP,
your system will check the IP,
and it will find out strike_out = 1
bob's ur uncle.. and baammm!!!....
NO LOGIN...!!!

how's that??
i'm sorry if i dont include any code..
i'm only good at imagining strategy.. 🙂
a little bit new to this PHP thingy... :p
hope somehow it help..

have a nice day bud...

-jassh

kianoosh

Originally posted by jassh
hi there kianoosh..

well, first of all,
the problem with using session is
(i actually dont prefer to call it 'problem')
i guess it always start a new session everytime u log off
or close ur browser...

so u wanna make em locked down permanently eh..
(or at least until you unleash the,,)
i guess... IMHO, you can log their IP in the database..
and then, count how many attempt...
if say they manage to enter before 3 strike,
then reset the login attempt,
login_attempt = 0 and strike_out = 0 (which is false)
in the db...

say if the IP's login_attempt = 2,
and they think they can outsmart ya,
by closing the browser when the login_attempt = 2,
hoping that it will reset..
bzzz.. wrong answer...
coz when they use the same IP, the login_attempt wont reset,
unless they manage to login..

if they got a strike out...
blacklist the IP...
so everytime they use the same IP,
your system will check the IP,
and it will find out strike_out = 1
bob's ur uncle.. and baammm!!!....
NO LOGIN...!!!

how's that??
i'm sorry if i dont include any code..
i'm only good at imagining strategy.. 🙂
a little bit new to this PHP thingy... :p
hope somehow it help..

have a nice day bud...

-jassh

Your're right , but it shouldn't be that hard ... 🙂
Do you know what I'm saying ? 🙂
Cookies might be much better because most
mail servers are using cookies to do this thing .
Can anybody write this program by using
cookies ? 🙂
I'm a little beginner in PHP , but I've worked on
ASP 3.0 alot . And this is the first time that I'm
trying to make a PHP based web site .
Thanks jassh ! :p

jassh

hi ho there dude..

well, IMHPO,
there is only 2 + 2 way you can accomplish ur objectives...
either by using cookie, or session, or (session + cookie) and/or
the method that i suggested..

fogetting about the method i suggested,
here's what i learn so far...

using cookie is cool and all,
but some people, or browser...
does not allow cookie, mostly for security reason..
so you are gonna be in trouble if the cookie funtion are disabled.
trust me, there are a lot of people out there,
who does not prefer cookie..
(not as many as those who use cookie..)
i read somewhere, they can actually use cookie
to hack into your computer..
not actually 'hack' but steal info on where you visit,
your username, maybe password, etc...
and owh... you are also gonna be in trouble if they go about
Tool > Internet Options > Delete Cookies..

and if you notice,
most site or mail site that use cookies,
they have options where you can decide not to use em
(that lil' check box)

using session is much on the safe side...
as it is handled by the server, but then,
it is as you said it before,
logg off or close browser...
alakazam.... pufff... session gone.. everything resets...
sessin + cookies is the best method,
but again. only cookie is allowed...

perhaps there are pros out there who wanna share sumthin???

lastly..
if you find a better solution,
please dont mind sharing will ya.. :p

anyway, all the best m8
c ya l83r

take care..

-jassh

Muntjewerf

eyz,

I'm still a n00b so don't be to hard on me😉 I've created a function to count the login attempts. I used cookies and after 3 login attempts their ip adress will be inserted into my db.
Would be great if you guys give me some feedback.

function logincount() {
 $ip = $_SERVER['REMOTE_ADDR'];
 $date = date("H:i:s d.y");
 if (isset($_COOKIE["logincount"])) {
  $value = $_COOKIE["logincount"];
  setcookie ("logincount", ++$value, time()+86400); 
   if ($value >= 3) {
    setcookie("logincount","",time()-86400);
    mysql_query ("INSERT INTO banned (ip,date) VALUES ('$ip','$date')") or die (mysql_error());
	mail ("$email","$subject","$message");
    $warning = "$warning1";
   }
   else {
    $warning = "$warning2";
   }
 }
 else {
  setcookie("logincount","1",time()+86400);
  $warning = "$warning3";
 }
 return $warning;
}

Thnx