Ok so i have this login form with session and cookies, how can i redirect the user to another page if the user fails to login after three attempts, and hitting the submit button at anytime is an attempt,does using SESSION come into play here?, your help is greatly appreciated.

6 Years
Discussion Span
Last Post by sudeepjd

Session will work only if the user is using the same login window. If the user closes and reopens the window, the session variable will be reset.

Cookies would also be able to check the number of logins. However this would work only if the user is on the same computer. If the user tries 3 logins, and then moves to another computer, he can try the 3 logins again.

A better way to do this would be to store the login attempts in your database. This way it is not browser or system dependent. Once the user has attempted to login increment the value in the db and reset the value once he has been authenticated. Based on the number of attempts, you can redirect him using the header() function.

If you have any problems with the code, post it and I'll try and help you out.


Yea it doesn't matter, i can be on the same computer and do it as long as i can redirect to the registration page after three failed attempts from anywher, so basically it can be browser dependent, i just want to know how i can do it.


The best way to do it as I have mentioned in my previous post is to store the number of login attempts in the database and reset it after a successful login.

I am assuming you already have a login script ready and you just need to update it to add in the feature.

When the user logs in you will have to check for a valid username/password combination. If the combination is invalid, then retrieve the attempt from the database $sql="SELECT attempt FROM users WHERE username='$username'"; increment it $attempt=$attempt+1; and store it back. $sql="INSERT INTO users (attempts) VALUES ('$attempts') WHERE username='$username'"; If the number of attempts >3 then redirect

if ($attempts>3){

If the user/password attempt is valid, the log the user into the system and reset the attempt count to 0 by Inserting 0 into the attempt field for the specific user.

Hope this helps. If you are still not able to get it give me your code and I'll see what you can change to get it to work.

All the best.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.