Jump to content
victor zain

login function

Recommended Posts

how can I include member login which records invalid login attempts and locks the user out after several attempts like 3 attempts . somebody me please I will appreciate. thank you in advance

Share this post


Link to post
Share on other sites

I have a table in database called users to store user details

This is the code I have 

?php

session_start();

if (isset($_POST['submit'])) {
    
    include 'dbh.inc.php';

    $uid = mysqli_real_escape_string($conn, $_POST['uid']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //Error handlers
    //check if inputs are empty

    if (empty($uid) || empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }else{
        $sql = "SELECT * FROM users WHERE user_uid='$uid' OR email ='$uid'";
        $result = mysqli_query($conn, $sql);
        $resultcheck = mysqli_num_rows($result);

        if ($resultcheck < 1) {
            header("Location: ../Home.php?login=error");
            exit();

        }else{
            if ($row = mysqli_fetch_assoc($result)) {
                //De-Hashing the password
                $hashedpwdCheck = password_verify($pwd, $row['user_pwd']);
                if ($pwd == false) {
                    header("Location: ../Home.php?login=error");
                    exit();
                }elseif ($pwd == true) {
                    //log in the user into the system
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_First_Name'] = $row['First_Name'];
                    $_SESSION['u_Last_Name'] = $row['Last_Name'];
                    $_SESSION['u_email'] = $row['email'];
                    $_SESSION['u_uid'] = $row['user_uid'];

                    header("Location: ../myAccount/index.php?login=success");
                    exit();
                }
            }
        }

    }

}else{
    header("Location: ../Home.php?login=error");
    exit();
}

?>

 

users.PNG

Share this post


Link to post
Share on other sites

Does that work?  It doesn't look like you're checking the password correctly, you're checking if $pwd is boolean true or false.  It's neither.

Other than that, if you want to lock an account if someone unsuccessfully tries a certain number of times, then you'll need to keep a counter for attempts for each user and increment if they get it wrong, set it to 0 if they get it right, and if it's at the limit then don't let them log in.  You'll want to keep a timestamp also of the last failed attempt so you can reset it after a certain time.

Share this post


Link to post
Share on other sites

I'm not going to modify your database and your code for you, if you want to learn we're help to teach people.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×