Jump to content
UncleStef Mentoring Update: New SEO course!

Login Attempts

PHoutenbos

By PHoutenbos
in PHP

 Share

Recommended Posts

administrator Proficient

administrator

Posted
Posted

You would have to elaborate on that. Are you saying you want to block users after 3 attempts? If so, for how long?

 

Whatever the time frame, you could store login attempts in a database and timestamp them. Once a certain number of attempts are made, you could just flag the account for x-hours blocking logins. 

Link to comment
Share on other sites
PHoutenbos Newbie

PHoutenbos

Posted
  • Author
Posted (edited)

That's right.

I have now used the code below which unfortunately does not work .

He places the data in the database , such as IP , time and username . Only the user is not blocked for 30 min

 

Data in my database table:

loginFail_id	username	IP	                         dateAndTime
20	                Test	                censored 	2014-09-25 21:17:47

my login.php file:

<?php

include("centraalhart.php");

if (isset($_POST['username']))
{
	// get data
	$FP->Template->setData('input_user', $_POST['username']);
	$FP->Template->setData('input_pass', $_POST['password']);
	
	// validate data
	if ($_POST['username'] == '' || $_POST['password'] == '')
	{
		// show error
		if ($_POST['username'] == '') { $FP->Template->setData('error_user', 'required'); }
		if ($_POST['password'] == '') { $FP->Template->setData('error_pass', 'required'); }
		$FP->Template->setAlert('Alle velden zijn verplicht', 'error');
		echo '<script type="text/javascript">jQuery.colorbox.resize();</script>';
		$FP->Template->load(APP_PATH . "core/views/v_login.php");
	}
	else if ($FP->Auth->validateLogin($FP->Template->getData('input_user'), $FP->Template->getData('input_pass')) == FALSE)
	{
		// invalid login
		$FP->Template->setAlert('Ongeldige gebruikersnaam of wachtwoord!', 'error');
		echo '<script type="text/javascript">jQuery.colorbox.resize();</script>';
		$FP->Template->load(APP_PATH . "core/views/v_login.php");
	}
	else
	{
		// successful log in	
		$_SESSION['username'] = $FP->Template->getData('input_user');
		$_SESSION['loggedin'] = TRUE;
		$FP->Template->load(APP_PATH . "core/views/v_loggingin.php");
	}
}
else
{
	$FP->Template->load(APP_PATH . "core/views/v_login.php");
}
  
    
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if (isset($_POST['username']) && trim($_POST['username']) != '' &&
            isset($_POST['password']) && trim($_POST['password']) != '')
        {
            try
            {
                //initialisatie
                $maxAttempts = 3; //pogingen binnen aantal minuten (zie volgende)
                $attemptsTime = 5; //tijd waarin pogingen gedaan mogen worden (in minuten, wil je dat in seconden e.d. met je de query aanpassen)
                
                //vul hier je eigen databasegegevens in, verbinding maken met database
                
                //ophalen gebruikersinformatie, testen of wachtwoord en gebruikersnaam overeenkomen
                $checkUsers =
                    "SELECT
                        memberID
                    FROM
                        users
                    WHERE
                        username = :username
                    AND
                        password = :password";
                $userStmt = $db->prepare($checkUsers);
                $userStmt->execute(array(
                                    ':username' => $_POST['username'],
                                    ':password' => hash('sha256', $_POST['username'] . $_POST['password'])
                                    ));
                $user = $userStmt->fetchAll();
                
                //ophalen inlogpogingen, alleen laatste vijf minuten
                $checkTries =
                    "SELECT
                        username
                    FROM
                        loginfail
                    WHERE
                        DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
                    AND
                        username = :username    
                    GROUP BY
                        username, IP
                    HAVING
                        (COUNT(username) = :maxAttempts)";
                $triesStmt = $db->prepare($checkTries);
                $triesStmt->execute(array(
                                    ':username' => $_POST['username'],
                                    ':attemptsTime' => $attemptsTime,
                                    ':maxAttempts' => $maxAttempts
                                    ));
                $tries = $triesStmt->fetchAll();
                
                if (count($user) == 1 && count($tries) == 0)
                {
                    $_SESSION['user'] = array('memberID' => $user[0]['memberID'], 'IP' => $_SERVER['REMOTE_ADDR']);
                    //pagina waar naartoe nadat er succesvol is ingelogd
                    header('Location: core/views/v_loggingin.php');
                    die;
                }
                else
                {
                    $insertTry =
                        "INSERT INTO
                            loginfail
                                (username,
                                IP,
                                dateAndTime)
                        VALUES
                            (:username,
                            :IP,
                            NOW())";
                    $insertStmt = $db->prepare($insertTry);
                    $insertStmt->execute(array(
                                            ':username' => $_POST['username'],
                                            ':IP' => $_SERVER['REMOTE_ADDR']
                                            ));
                    if(count($tries) > 0)
                    {
                        $message = 'You have too many times tried the wronge username/password. Please wait a few minutes to login';
                    }
                    else
                    {
                        $message = 'invalid username/password. Please try again';
                    }
                }
            }
            catch (PDOException $e)
            {
                $message = $e->getMessage();
            }
            $db = NULL;
        }
        else
        {
            $message = 'please fill in all required information';
        }
    }
Edited by PHoutenbos
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...