|
|
Posted by Tyno Gendo on 04/09/07 11:53
antony wrote:
> in a form,
> how is possible to stop someone that insert no good data in the login;
> example, I wish to block, if after 5 attempt, the login is failed;
> stopped for 1 minute and after unblock, but if one hour the attempts are
> 30, stopped defintivly the user;
>
>
> (vers. php 4.3.10)
it would be tempting to use a cookie with timeout but as the user may
disable cookies, i would simply have a count field in the database again
st the username's and on each unsuccessful attempt increase the counter.
when they log in successfully, reset the counter. a flag could be in
there as to whether the account is active, if the count reaches a set
amount, flip the flag eg. user_active 'Y' or 'N'
any user_active 'N' accounts cannot log in.
add a datetime field also so you can do your checks for timeout expire
of the blocks etc.
of course, this is all good for username's that exist.
if you're wanting to block any wrong logins, then use the REMOTE_ADDRESS
of the user. but this might block lots of people as they may use a
proxy so you might say block everyone on AOL indefinately if you're not
at least doing the 'username' blocking method.
Navigation:
[Reply to this message]
|