PHoutenbos Posted September 22, 2014 Report Posted September 22, 2014 Hello, i have a question i followed the CMS video but i like to intergrate a 3 times login attempts but how? is there any tutorial for that? Quote
administrator Posted September 23, 2014 Report Posted September 23, 2014 You would have to elaborate on that. Are you saying you want to block users after 3 attempts? If so, for how long? Whatever the time frame, you could store login attempts in a database and timestamp them. Once a certain number of attempts are made, you could just flag the account for x-hours blocking logins. Quote
PHoutenbos Posted September 25, 2014 Author Report Posted September 25, 2014 (edited) That's right.I have now used the code below which unfortunately does not work .He places the data in the database , such as IP , time and username . Only the user is not blocked for 30 min Data in my database table: loginFail_id username IP dateAndTime 20 Test censored 2014-09-25 21:17:47 my login.php file: <?php include("centraalhart.php"); if (isset($_POST['username'])) { // get data $FP->Template->setData('input_user', $_POST['username']); $FP->Template->setData('input_pass', $_POST['password']); // validate data if ($_POST['username'] == '' || $_POST['password'] == '') { // show error if ($_POST['username'] == '') { $FP->Template->setData('error_user', 'required'); } if ($_POST['password'] == '') { $FP->Template->setData('error_pass', 'required'); } $FP->Template->setAlert('Alle velden zijn verplicht', 'error'); echo '<script type="text/javascript">jQuery.colorbox.resize();</script>'; $FP->Template->load(APP_PATH . "core/views/v_login.php"); } else if ($FP->Auth->validateLogin($FP->Template->getData('input_user'), $FP->Template->getData('input_pass')) == FALSE) { // invalid login $FP->Template->setAlert('Ongeldige gebruikersnaam of wachtwoord!', 'error'); echo '<script type="text/javascript">jQuery.colorbox.resize();</script>'; $FP->Template->load(APP_PATH . "core/views/v_login.php"); } else { // successful log in $_SESSION['username'] = $FP->Template->getData('input_user'); $_SESSION['loggedin'] = TRUE; $FP->Template->load(APP_PATH . "core/views/v_loggingin.php"); } } else { $FP->Template->load(APP_PATH . "core/views/v_login.php"); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['username']) && trim($_POST['username']) != '' && isset($_POST['password']) && trim($_POST['password']) != '') { try { //initialisatie $maxAttempts = 3; //pogingen binnen aantal minuten (zie volgende) $attemptsTime = 5; //tijd waarin pogingen gedaan mogen worden (in minuten, wil je dat in seconden e.d. met je de query aanpassen) //vul hier je eigen databasegegevens in, verbinding maken met database //ophalen gebruikersinformatie, testen of wachtwoord en gebruikersnaam overeenkomen $checkUsers = "SELECT memberID FROM users WHERE username = :username AND password = :password"; $userStmt = $db->prepare($checkUsers); $userStmt->execute(array( ':username' => $_POST['username'], ':password' => hash('sha256', $_POST['username'] . $_POST['password']) )); $user = $userStmt->fetchAll(); //ophalen inlogpogingen, alleen laatste vijf minuten $checkTries = "SELECT username FROM loginfail WHERE DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE AND username = :username GROUP BY username, IP HAVING (COUNT(username) = :maxAttempts)"; $triesStmt = $db->prepare($checkTries); $triesStmt->execute(array( ':username' => $_POST['username'], ':attemptsTime' => $attemptsTime, ':maxAttempts' => $maxAttempts )); $tries = $triesStmt->fetchAll(); if (count($user) == 1 && count($tries) == 0) { $_SESSION['user'] = array('memberID' => $user[0]['memberID'], 'IP' => $_SERVER['REMOTE_ADDR']); //pagina waar naartoe nadat er succesvol is ingelogd header('Location: core/views/v_loggingin.php'); die; } else { $insertTry = "INSERT INTO loginfail (username, IP, dateAndTime) VALUES (:username, :IP, NOW())"; $insertStmt = $db->prepare($insertTry); $insertStmt->execute(array( ':username' => $_POST['username'], ':IP' => $_SERVER['REMOTE_ADDR'] )); if(count($tries) > 0) { $message = 'You have too many times tried the wronge username/password. Please wait a few minutes to login'; } else { $message = 'invalid username/password. Please try again'; } } } catch (PDOException $e) { $message = $e->getMessage(); } $db = NULL; } else { $message = 'please fill in all required information'; } } Edited September 25, 2014 by PHoutenbos Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.