Login only three chances

firedrop

Hi ..

I have wrote my script for the login based on the requirements that i have been asked and it works. The problem that I got is one of the requirements is to give only 3 times chance to the user to enter the username and password afterthat it directs it to different page and this is what I have been try to do. I think I should use for loop but I couldn't figure out. Below is my code does anyone knows how to modify it and let it work to give chance only three times.

<?php

$Username = $_POST['Username'];
$Password = $_POST['Password'];

if(isset($_POST['Submit']))
{
	require ('connection.php');
	$tablename = "employee";

	$sql = mysql_query("SELECT * FROM $tablename WHERE Username = '$Username'", $connection);

	$result = mysql_fetch_row($sql);

	$EmployeeID = $result[0];
	$Surname = $result[1];
	$GivenName = $result[2];
	$EmployeeUsername = $result[3];
	$EmployeePassword = $result[4];
	$EmployeeBonusValue = $result[5];
	$EmployeeType = $result[6];
	$Active = $result[7];



		if ($EmployeeUsername == $Username && $EmployeePassword == $Password && $Active == 'Yes')
		{
			header ("Location: Welcome.htm");
		}
		elseif ($Active == 'No')
		{
 				print "<center> <b> Sorry, your are not allowed to login </b> </center>";
		}
		else
		{
				print "<center> <b> The Username or the Password is incorrect </b> <center>";
		}

}

thorpe

You'll need to set a variable in a cookie, then increment this variable on each attempt. When it gets to 3, do the redirect.

justsomeone

storing it in a cookie would be easy to bypass.

You could store the count on the server side - in a session variable or in a database table.

dream_scape

Session would be useless to prevent brute force attacks, and would be easy for real people to bypass as well. Database would be best.