victor zain Posted October 26, 2018 Share Posted October 26, 2018 how can I include member login which records invalid login attempts and locks the user out after several attempts like 3 attempts . somebody me please I will appreciate. thank you in advance Link to comment Share on other sites More sharing options...
justsomeguy Posted October 26, 2018 Share Posted October 26, 2018 What do you have so far? Link to comment Share on other sites More sharing options...
victor zain Posted October 26, 2018 Author Share Posted October 26, 2018 I have a table in database called users to store user details This is the code I have ?php session_start(); if (isset($_POST['submit'])) { include 'dbh.inc.php'; $uid = mysqli_real_escape_string($conn, $_POST['uid']); $pwd = mysqli_real_escape_string($conn, $_POST['pwd']); //Error handlers //check if inputs are empty if (empty($uid) || empty($pwd)) { header("Location: ../index.php?login=empty"); exit(); }else{ $sql = "SELECT * FROM users WHERE user_uid='$uid' OR email ='$uid'"; $result = mysqli_query($conn, $sql); $resultcheck = mysqli_num_rows($result); if ($resultcheck < 1) { header("Location: ../Home.php?login=error"); exit(); }else{ if ($row = mysqli_fetch_assoc($result)) { //De-Hashing the password $hashedpwdCheck = password_verify($pwd, $row['user_pwd']); if ($pwd == false) { header("Location: ../Home.php?login=error"); exit(); }elseif ($pwd == true) { //log in the user into the system $_SESSION['u_id'] = $row['user_id']; $_SESSION['u_First_Name'] = $row['First_Name']; $_SESSION['u_Last_Name'] = $row['Last_Name']; $_SESSION['u_email'] = $row['email']; $_SESSION['u_uid'] = $row['user_uid']; header("Location: ../myAccount/index.php?login=success"); exit(); } } } } }else{ header("Location: ../Home.php?login=error"); exit(); } ?> Link to comment Share on other sites More sharing options...
justsomeguy Posted October 26, 2018 Share Posted October 26, 2018 Does that work? It doesn't look like you're checking the password correctly, you're checking if $pwd is boolean true or false. It's neither. Other than that, if you want to lock an account if someone unsuccessfully tries a certain number of times, then you'll need to keep a counter for attempts for each user and increment if they get it wrong, set it to 0 if they get it right, and if it's at the limit then don't let them log in. You'll want to keep a timestamp also of the last failed attempt so you can reset it after a certain time. Link to comment Share on other sites More sharing options...
victor zain Posted October 28, 2018 Author Share Posted October 28, 2018 Anyone to help me out please I will appreciate a lot. thank you Link to comment Share on other sites More sharing options...
victor zain Posted October 28, 2018 Author Share Posted October 28, 2018 @justsomeguy kindly give me an example of how it should be please. Am new to php. Thank you in advance. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 29, 2018 Share Posted October 29, 2018 I'm not going to modify your database and your code for you, if you want to learn we're help to teach people. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now