Form Login Help

C__Casey

I have the following code. Its purpose is to limit a user to 5 login attempts. If a user has less than 5 login attempts I want them to be redirected to the member area, if more than 5 attempts they get redirected to another webpage called "fail.htm" Here is my code I don't know where to put the redirect of the webpages so that it works with the login form. Any help and guidance would be appreciated.

<?php require_once('Connections/myconnection.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "https://e-a-s.com/search/usermenu.php3?EASSearchUser=$loginUsername";
  $MM_redirectLoginFailed = "http://yahoo.com";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_myconnection, $myconnection);

  $LoginRS__query=sprintf("SELECT UserID, Password FROM Customer WHERE UserID='%s' AND Password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

  $LoginRS = mysql_query($LoginRS__query, $myconnection) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

<?PHP

$query = "SELECT credits FROM Customer WHERE UserID='$loginUsername'";
$result = mysql_query ($query, $myconnection);
$row = mysql_fetch_array($result);

if ($row)
{
	$credits = $row["credits"];

	if ($credits > 5) 
	{
	//i would think the other header here but doesn't work
		}
	else 
	{
	$query ="UPDATE Customer SET credits=credits+1 WHERE UserID='$loginUsername'";
	$result2= mysql_query($query, $myconnection);

	if (!$result2)
	{	
		echo "Error when trying to update DB";
		echo "SQL was : $cmd<BR>";
		echo mysql_error();
		exit;
	}
	else
	{
//i would think the header would go here but it doesn't work
	}
	}
} 

?>

//my html form below this code

jazz_snob

How does this snippet work???

if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    

    }

I may be totally bonkers but why not track $_SESSION['attempts'] and redirect if its > 5.