Reputation: 122
Locking user's account
I am trying to figure out how to lock a user's account after X many failed attempts of trying to login. I know I need a counter for how many failed attempts. Here is my pseudocode so far for this task:
int i=0;
when login fails{
i++; }
if(i == 3) {
lock account for 3 minutes; }
Here are my two questions:
-How do I lock the user's account?
-How do I lock the user out for 3 minutes and not allow them to just refresh the page and get 3 more attempts?
Upvotes: 0
Views: 848
Answers (2)
Reputation: 41605
I would recommend you to store the time in which you block the user in the users table of you Database for the current user.
Then, on load of any page page on your site, you should check this field in the database and compare it with the current time. If the difference is bigger than 3 minutes, then you could remove the "blocked user" flag from the database and set the user as not blocked.
Upvotes: 2
Reputation: 7784
You could use sessions for that:
session_start();
if (!isset($_SESSION['LOGIN_ATTEMPTS'], $_SESSION['LAST_LOGIN_ATTEMPT'])){
$_SESSION['LOGIN_ATTEMPTS'] = 0 ;
$_SESSION['LAST_LOGIN_ATTEMPT'] = null ;
}
if (isset($_POST['login'])){
$_SESSION['LOGIN_ATTEMPTS'] += 1 ;
$_SESSION['LAST_LOGIN_ATTEMPT'] = time("now") ;
}
Upvotes: 0
Related Questions
- How to prevent multiple logins in PHP website
- php users passwords protection
- How to prevent user from bypassing php authentication
- lock function in php only for one user
- how to disable user account php/mysql
- Prevent user access PHP page directly
- PHP : How to lock an active directory user account?
- How to disable a user's account in PHP / MySQL
- How to prevent someone from acessing an html page, unless they have a login?
- How can I make sure that a user cannot login twice with the same account in PHP?