login function

[victor zain]

how can I include member login which records invalid login attempts and locks the user out after several attempts like 3 attempts . somebody me please I will appreciate. thank you in advance

[justsomeguy]

What do you have so far?

[victor zain]

I have a table in database called users to store user details

This is the code I have 

?php

session_start();

if (isset($_POST['submit'])) {
    
    include 'dbh.inc.php';

    $uid = mysqli_real_escape_string($conn, $_POST['uid']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //Error handlers
    //check if inputs are empty

    if (empty($uid) || empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }else{
        $sql = "SELECT * FROM users WHERE user_uid='$uid' OR email ='$uid'";
        $result = mysqli_query($conn, $sql);
        $resultcheck = mysqli_num_rows($result);

        if ($resultcheck < 1) {
            header("Location: ../Home.php?login=error");
            exit();

        }else{
            if ($row = mysqli_fetch_assoc($result)) {
                //De-Hashing the password
                $hashedpwdCheck = password_verify($pwd, $row['user_pwd']);
                if ($pwd == false) {
                    header("Location: ../Home.php?login=error");
                    exit();
                }elseif ($pwd == true) {
                    //log in the user into the system
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_First_Name'] = $row['First_Name'];
                    $_SESSION['u_Last_Name'] = $row['Last_Name'];
                    $_SESSION['u_email'] = $row['email'];
                    $_SESSION['u_uid'] = $row['user_uid'];

                    header("Location: ../myAccount/index.php?login=success");
                    exit();
                }
            }
        }

    }

}else{
    header("Location: ../Home.php?login=error");
    exit();
}

?>

 

[justsomeguy]

Does that work?  It doesn't look like you're checking the password correctly, you're checking if $pwd is boolean true or false.  It's neither.

Other than that, if you want to lock an account if someone unsuccessfully tries a certain number of times, then you'll need to keep a counter for attempts for each user and increment if they get it wrong, set it to 0 if they get it right, and if it's at the limit then don't let them log in.  You'll want to keep a timestamp also of the last failed attempt so you can reset it after a certain time.

[victor zain]

Anyone to help me out please I will appreciate a lot. thank you

[victor zain]

@justsomeguy kindly give me an example of how it should be please. Am new to php. Thank you in advance.

[justsomeguy]

I'm not going to modify your database and your code for you, if you want to learn we're help to teach people.