Limit Number of Login Attempts

C__Casey

Hi how would I limit the number of login attempts to a member area to 5.

I have a database field name "Credits" that tracks the number of login attempts. Ideally, I want it so that each time a user logs in the "Credits" field is incremented by 1.

In the inital login page to I need to have a hidden field to hold the value of the "Credits". If so can you give me sample of what it would look like.

Next on the page that the form calls I have the below code. The alogrithm is as such....

select credits from customer table where userid = the value of the userid of the person that just logged in. if credits > 5 then restrict user from access else increment the credits field in the customer table by 1. below is my code

<?php
$query = "SELECT Credits FROM Customer Where UserID = $userid";
$resultsc = mysql_query($query);
$credits=$resultsc + 1;

if($credits=="") {
echo '(No Credits found.)';
}
elseif($credits > 5){
	echo "Your number of credits have exceeded the amount allowed";
}
else {
mysql_close();
}
?>

Obviously this isn't working like I stated in my alogrithm...any help or feedback would be appreciated! Thanks

LarsLai

hi!
if i understand you right, this should work:

<?php 
$query = "SELECT Credits FROM Customer Where UserID = $userid"; 
$resultsc = mysql_query($query);
if (!$resultc) {
  echo '(No Credits found.)';
}
else {
  $row = mysql_fetch_row($resultc);
  $credits = $row[0] + 1;
  if ($credits > 5) {
    echo "Your number of credits have exceeded the amount allowed";
    //after that  updating the table with the new credits value...
    }
}
?>

if i missed the point, just ask again..

C__Casey

Thanks for the reply. The code did work for the registration page when a user first signs up but its not working for existing users when they login... its not adding the 1 additonal credit. What I'll do is attach my login page code... I think there may be problems with this page:

<html><body>
	<form method="POST" Action="searchtest.php">
	    <div align="center"><center>
      <table border="0" width="400">
        <tr> 
          <th align="left" colspan="2">
            <div align="center">New User Information</div>
          </th>
        </tr>
        <tr> 
          <td> 
            <div align="right">Username</div>
          </td>
          <td align="right"> 
            <div align="left"> 
              <input type="text" size="20"
	            name="UserID">
              *</div>
          </td>
        </tr>
        <tr> 
          <td> 
            <div align="right">Password</div>
          </td>
          <td align="right"> 
            <div align="left"> 
              <input type="password" size="20"
	            name="Password">
              *</div>
          </td>
        </tr>
        <tr> 
          <td colspan=2 align="center"> 
            <input name="Credits" type="hidden" id="Credits" value="1">
            <input type="Submit" name="btnSubmit" value="Continue">
          </td>
        </tr>
      </table>
	    <font size=-2>* Indicates a required field</font>
	    </center></div>
    </form></body></html>

The next part is searchtest.php script

$query = "SELECT Credits FROM Customer Where UserID = $userid"; 
$resultsc = mysql_query($query);
if (!$resultc) {
  echo '(No Credits found.)';
}
else {
  $row = mysql_fetch_row($resultc);
  $credits = $row[0] + 1;
  if ($credits > 5) {
    echo "Your number of credits have exceeded the amount allowed";
	$sql = "Update Customer set Credits=  Credits +1 where UserID= $userid"; 
    }
}

Thanks again for your advice and help

LarsLai

hi again!
i do not think there is a problem with your form. but you just do not need the hidden field with credits,
because on the next page you call that value from the database. so give this a try:

$query = "SELECT Credits FROM Customer Where UserID = $userid";  

$resultsc = mysql_query($query); 
if (!$resultc) { 
  echo '(No Credits found.)'; 
} 
else { 
  $row = mysql_fetch_row($resultc); 
  $credits = $row[0];
  //if $credits is already over 5, just give output
  if ($credits > 5) { 
    echo "Your number of credits have exceeded the amount allowed"; 
    } 
    // if $credits is < 5, add 1 to $credits and update the db
    else {
      $credits++; 
      $sql = "Update Customer set Credits= " . $credits . " where UserID= " . $userid;
      mysql_query($query); 
    }
}

C__Casey

Still not working... actually after everytime I login... even if the user has.. for example 1 credit in the database field I still get a message saying "no credits found"....i'd be more than happy to let you take a look at the database and see if you can figure it out cuz i'm stuck....i appreciate all your help

it's like for some reason the db isn't recognizing the select query

LarsLai

well, do you have a connection to your database?
if you do it like this:

$server = "yourserver";
$user   = "yourusername";
$pass   = "yourpasswd";
$dbase  = "yourdb";

$conn = @mysql_connect($server, $user, $pass);
if($conn) {
   mysql_select_db($dbase, $conn);
} else {
   die("no connection");
}

then you have to call your query like this:

$result = mysql_query($sql, $conn);

C__Casey

This is what I have

$DBhost = "localhost";
$DBuser = "xxxx";
$DBpass = "xxxx";
$DBName = "xxxx";
$table = "Customer";

mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");

@mysql_select_db("$DBName") or die("Unable to select
database $DBName");


$query = "SELECT Credits FROM Customer WHERE UserID= $UserID";  

$resultsc = mysql_query($query); 
if (!$resultc) { 
  echo '(No Credits found.)'; 
} 
else { 
  $row = mysql_fetch_row($resultc); 
  $credits = $row[0];
  //if $credits is already over 5, just give output
  if ($credits > 5) { 
    echo "Your number of credits have exceeded the amount allowed"; 
    } 
    // if $credits is < 5, add 1 to $credits and update the db
    else {
      $credits++; 
      $sql = "Update Customer set Credits= " . $credits . " where UserID= " . $UserID;
      mysql_query($query); 
    }
}

LarsLai

i am not sure where your error is, but try this out:

...
$conn = @mysql_connect($server, $user, $pass); 
if($conn) { 
   mysql_select_db($dbase, $conn); 
} else { 
   die("no connection"); 
}

$query = "SELECT Credits FROM Customer WHERE UserID=" . $UserID;   

$resultsc = mysql_query($query, $conn)
  or die("error in query: " . $query . ", error: " . mysql_error());
...

C__Casey

error message below:

error in query: SELECT Credits FROM Customer WHERE UserID=test5, error: Unknown column 'test5' in 'where clause'

LarsLai

i thought your userid was an integer... if its a string you have to write:

$query = "SELECT Credits FROM Customer WHERE UserID='" . $UserID . "'";

C__Casey

you have been a huge help...thank you very much...i took this project and just by looking at the db it's all messed up...i changed the data type to an int but the db is reading it like a char....also i changed the code to the way you said and now I get the "(No Credits found.)" message...I'm wondering if I need to change the

$sql = "Update Customer set Credits= " . $credits . " where UserID= " . $UserID;

to the same sort of string query as you suggested earlier...

hey are you available for side programming jobs?

Thanks again for all your help and if you have any other ideas for a fix let me know.

LarsLai

you have to do this "string query" every time you have a string as value.
but i would recommend to use an INT every time you have to create an id (at least as primary key).

and yes, sure, i am available for side programming jobs. but it depends on what i have to do
(preferably PHP, MySQL, HTML, CSS, Java but ask for more...) and how much time has to be invested...
just write and we will check this out.

okuto1973

i am available for side programming jobs too (PHP, MySQL, HTML, CSS, Javascript) but i live in italy and i work only for money.....
For which company should i work?
I have many web project around in the web and i can show you for my curriculum vitae..and also to show what i can do!

Regards

C__Casey

all jobs would be php mySQL jobs... would pay by project...us dollars

LarsLai

well, if you are interested in my engagement, best send me a pm
about the details and i will have a look at it.

okuto1973

This is my email, contact me and i send you some web project i have done on web.........
okuto1973@hotmail.com