All right, here's what I am trying to achieve but have no idea how to do it:
My site requires users to login and every page is password protected. As part of preventing hacking (to a small extent, though) I am trying to TEMPORARILY disable the user's account after they have made 5 consecutive invalid login attempts. After 10 consecutive attempts, their account is PERMANENTLY disabled and the only way to reactivate the account is by emailing me (or the admin).
I have been able to get the temporary disabling part done, but have no clue how the account can be permanently locked. Could someone help me figure this out?