Member Avatar for bbinais

i want the code for
if user try to access the login screen for more than 3 times with invalid password then account should lock
plzzzzzzzzzzzz......

  • 4 Contributors
  • 23 Replies
  • 452 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by bbinais

Recommended Answers

All 23 Replies

Member Avatar for Shanti C

just intialize a session with username and logincounter like $_SESSION and $_SESSION
for every try increment the logincounter session for the same username..
if its greater than 3 then dont' allow for login..

or post your code, we will check it out..

Member Avatar for bbinais 
<?php
session_start();
$host="192.168.200.100";
$username="emt_dev";
$password="ready2go#";
$db_name="emtd101";
$tbl_name="M_USER";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if(isset($_POST['sub']))
{
$myusername=$_POST['txtusername'];
$mypassword=$_POST['txtpassword'];
}

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
session_register("txtusername");
session_register("txtpassword");
header("location:Main_Dashboard.php");
}
else

header("location:Main_Login.php")

?>
Edited by Ezzaral because: Added code tags. Please use them to format any code that you post.
Member Avatar for bbinais

this is my code.....
and one more thing i need to know how the session time out works...
thanks 4 ur replay

<?php
session_start();
$host="192.168.200.100";
$username="emt_dev";
$password="ready2go#";
$db_name="emtd101";
$tbl_name="M_USER";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if(isset($_POST['sub']))
{
$myusername=$_POST['txtusername'];
$mypassword=$_POST['txtpassword'];
}

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
session_register("txtusername");
session_register("txtpassword");
header("location:Main_Dashboard.php");
}
else

header("location:Main_Login.php")

?>
Edited by Ezzaral because: Added code tags. Please use them to format any code that you post.
Member Avatar for Shanti C

try this:

if($count==1)
{
if(!isset($_SESSION['txtusername']))
{
   session_register("txtusername");
   session_register("txtpassword");
   session_register("login_counter");
    $_SESSION['login_counter']=0;
   $_SESSION['txtusername']="";// intialize name
   header("location:Main_Dashboard.php");
}
else
{
   $_SESSION['login_counter']=$_SESSION['login_counter']+1;
}
}

and to validate:

if(isset($_SESSION['login_counter']) && ($_SESSION['login_counter']==3))
{
   echo "Please wait for some time!";
}
Member Avatar for bbinais

i can log in successfully.....
but when i put wrong password it redirect to blank page...
i change the code to this..

if(!isset($_SESSION['txtusername']))   
{  
session_register("txtusername");   
session_register("txtpassword");  
session_register("login_counter");
$_SESSION['login_counter']=0;   
$_SESSION['txtusername']=""; 
header("location:Main_Dashboard.php");  
}  
else  
{ 
header("location:Main_Login.php"); 
$_SESSION['login_counter']=$_SESSION['login_counter']+1;  
}  
}

but still not working.....

Edited by Ezzaral because: Added code tags. Please use them to format any code that you post.
Member Avatar for diafol

@bbinais

Please use code tags [ CODE ]. I'm getting a headache trying to read your code.

Member Avatar for Shanti C

You have to increment session login_counter before redirect to the Main_Login.php page..
see this:

if(!isset($_SESSION['txtusername']))   
{  
session_register("txtusername");   
session_register("txtpassword");  
session_register("login_counter");
$_SESSION['login_counter']=0;   
$_SESSION['txtusername']=""; 
header("location:Main_Dashboard.php");  
}  
else  
{ 
$_SESSION['login_counter']=$_SESSION['login_counter']+1;
header("location:Main_Login.php"); 
  
}  
}

and put this code in Main_Login.php page:

if(isset($_SESSION['login_counter']) && ($_SESSION['login_counter']==3))
    {
       echo "Please wait for some time!";
     }
Edited by Shanti C because: n/a
Member Avatar for bbinais

i couldn't login pls help me......
is there any problm in this code....

<?php
session_start();
$host="192.168.200.100";
$username="emt_dev";
$password="ready2go#";
$db_name="emtd101";
$tbl_name="M_USER";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if(isset($_POST['sub']))
{
$myusername=$_POST['txtusername'];
$mypassword=$_POST['txtpassword'];
}

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$encrypted_mypassword=md5($mypassword);

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{   
if(!isset($_SESSION['txtusername']))   
{  
session_register("txtusername");   
session_register("txtpassword");  
$_SESSION['login_counter']=0;   
$_SESSION['txtusername']="$myusername"; 
header("location:Main_Dashboard.php");  
}  
else  
{ 
$_SESSION['login_counter']=$_SESSION['login_counter']+1;
header("location:invalid.php"); 
}  
?>
Member Avatar for bakir 
$encrypted_mypassword=md5($mypassword);

do u use md5() when u insert password in the sql table?

maybe that is ur fault
if so try to use

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD=MD5('$mypassword')";

hope that may help

Member Avatar for bakir 
<?php
      $host="192.168.200.100";
      $username="emt_dev";
      $password="ready2go#";
      $db_name="emtd101";
      $tbl_name="M_USER";
      mysql_connect("$host", "$username", "$password")or die("cannot connect");
      mysql_select_db("$db_name")or die("cannot select DB");
      // let's say the block time is 5 mins
      $failded_waiting_time = 300; // 5 mins
      if(!isset($_SESSION['login_counter'])) $_SESSION['login_counter']=0;
    
      if($_SESSION['login_counter']  = 3) {
            $period = time()-$_SESSION['failed_login']; 
            if($period < 500) {
                 // do wat you want here like saying u need to wait
                 // rediorect to login page
                 header("location:invalid.php");                 
            }
            // if period >   $failded_waiting_time  
            // reset time
            $_SESSION['failed_login'] = time();            
      }     
      if(isset($_POST['sub']))
      {
      $myusername=$_POST['txtusername'];
      $mypassword=$_POST['txtpassword'];
      }
      $myusername = stripslashes($myusername);
      $mypassword = stripslashes($mypassword);
      $myusername = mysql_real_escape_string($myusername);
      $mypassword = mysql_real_escape_string($mypassword);
      $sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
      $result=mysql_query($sql);
      $count=mysql_num_rows($result);
      if($count==1)
      {
      if(!isset($_SESSION['txtusername']))
      {
           session_register("txtusername");
           session_register("txtpassword");
         //  $_SESSION['login_counter']=0; not needed here
           $_SESSION['txtusername']="$myusername";
           header("location:Main_Dashboard.php");
      }
      else
      {
          $_SESSION['login_counter']=$_SESSION['login_counter']+1;
          // register the 3 failed acces time
          if($_SESSION['login_counter']  == 3) {
                $_SESSION['failed_login'] = time();
          }
          header("location:invalid.php");
      }
?>

hope this fast fix help
and sorry if i have errors coz it was so fast
good luck

Member Avatar for bbinais

i rewright it as below

<?php
  $uname = "";
  $pword = "";
  $errorMessage = "";
  $num_rows = 0;

  if ($_SERVER['REQUEST_METHOD'] == 'POST') 
  {
   $uname = $_POST['txtusername'];
   $pword = $_POST['txtpassword'];
  }
  $uname = htmlspecialchars($uname);
  $pword = htmlspecialchars($pword);

  $user_name = "emt_dev";
  $pass_word = "ready2go#";
  $database = "emtd101";
  $server = "192.168.200.100";

  $db_handle = mysql_connect($server, $user_name, $pass_word);
  $db_found = mysql_select_db($database, $db_handle);

  if ($db_found) 
  {
   $uname = quote_smart($uname, $db_handle);
   $pword = quote_smart($pword, $db_handle);
  }
  else 
  {
   $errorMessage = "Error logging on";
  }

  $SQL = "SELECT * FROM $tbl_name WHERE MUSE_NAME = $uname AND MUSE_PWD = $pword";

  $result = mysql_query($SQL);

  if ($result)
  {
   $num_rows = mysql_num_rows($result);
  }
  else 
  {
   $errorMessage = "Error logging on";
  }

  if ($num_rows > 0) 
  {
   $errorMessage= "logged on ";
  }
  else 
  {
   $errorMessage= "Invalid Logon";
  }
?>

i'm getting an error:

Fatal error: Call to undefined function quote_smart() in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\test.php on line 31
Edited by mike_2000_17 because: Fixed formatting
Member Avatar for bbinais

i rewright it as below

<?php
$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$uname = $_POST['txtusername'];
$pword = $_POST['txtpassword'];
}
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);

$user_name = "emt_dev";
$pass_word = "ready2go#";
$database = "emtd101";
$server = "192.168.200.100";

$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found)
{
$uname = quote_smart($uname, $db_handle);
$pword = quote_smart($pword, $db_handle);
}
else
{
$errorMessage = "Error logging on";
}

$SQL = "SELECT * FROM $tbl_name WHERE MUSE_NAME = $uname AND MUSE_PWD = $pword";

$result = mysql_query($SQL);

if ($result)
{
$num_rows = mysql_num_rows($result);
}
else
{
$errorMessage = "Error logging on";
}

if ($num_rows > 0)
{
$errorMessage= "logged on ";
}
else
{
$errorMessage= "Invalid Logon";
}
?>

i'm getting an error: Fatal error: Call to undefined function quote_smart() in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\test.php on line 31

Member Avatar for bbinais

Re: if user try to access the login screen for more than 3 times with invalid password th
PHP Syntax (Toggle Plain Text)

1.
<?php
2.
$host="192.168.200.100";
3.
$username="emt_dev";
4.
$password="ready2go#";
5.
$db_name="emtd101";
6.
$tbl_name="M_USER";
7.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
8.
mysql_select_db("$db_name")or die("cannot select DB");
9.
// let's say the block time is 5 mins
10.
$failded_waiting_time = 300; // 5 mins
11.
if(!isset($_SESSION)) $_SESSION=0;
12.

13.
if($_SESSION = 3) {
14.
$period = time()-$_SESSION;
15.
if($period < 500) {
16.
// do wat you want here like saying u need to wait
17.
// rediorect to login page
18.
header("location:invalid.php");
19.
}
20.
// if period > $failded_waiting_time
21.
// reset time
22.
$_SESSION = time();
23.
}
24.
if(isset($_POST))
25.
{
26.
$myusername=$_POST;
27.
$mypassword=$_POST;
28.
}
29.
$myusername = stripslashes($myusername);
30.
$mypassword = stripslashes($mypassword);
31.
$myusername = mysql_real_escape_string($myusername);
32.
$mypassword = mysql_real_escape_string($mypassword);
33.
$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
34.
$result=mysql_query($sql);
35.
$count=mysql_num_rows($result);
36.
if($count==1)
37.
{
38.
if(!isset($_SESSION))
39.
{
40.
session_register("txtusername");
41.
session_register("txtpassword");
42.
// $_SESSION=0; not needed here
43.
$_SESSION="$myusername";
44.
header("location:Main_Dashboard.php");
45.
}
46.
else
47.
{
48.
$_SESSION=$_SESSION+1;
49.
// register the 3 failed acces time
50.
if($_SESSION == 3) {
51.
$_SESSION = time();
52.
}
53.
header("location:invalid.php");
54.
}
55.
?>

<?php $host="192.168.200.100"; $username="emt_dev"; $password="ready2go#"; $db_name="emtd101"; $tbl_name="M_USER"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // let's say the block time is 5 mins $failded_waiting_time = 300; // 5 mins if(!isset($_SESSION)) $_SESSION=0; if($_SESSION = 3) { $period = time()-$_SESSION; if($period < 500) { // do wat you want here like saying u need to wait // rediorect to login page header("location:invalid.php"); } // if period > $failded_waiting_time // reset time $_SESSION = time(); } if(isset($_POST)) { $myusername=$_POST; $mypassword=$_POST; } $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1) { if(!isset($_SESSION)) { session_register("txtusername"); session_register("txtpassword"); // $_SESSION=0; not needed here $_SESSION="$myusername"; header("location:Main_Dashboard.php"); } else { $_SESSION=$_SESSION+1; // register the 3 failed acces time if($_SESSION == 3) { $_SESSION = time(); } header("location:invalid.php"); } ?>

hope this fast fix help
and sorry if i have errors coz it was so fast
good luck
------------------------------------------------------------------------------------
hi bakir,
now i get this error

Parse error: syntax error, unexpected $end in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\check_user.php on line 55

Member Avatar for bbinais

hi bakir,
now i get this error

Parse error: syntax error, unexpected $end in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\check_user.php on line 55

Member Avatar for bakir

hi bbinais
can use code tags to post so i can read it clearly .. waiting for ya

Member Avatar for bbinais 
<?php
      $host="192.168.200.100";
      $username="emt_dev";
      $password="ready2go#";
      $db_name="emtd101";
      $tbl_name="M_USER";
      mysql_connect("$host", "$username", "$password")or die("cannot connect");
      mysql_select_db("$db_name")or die("cannot select DB");
      // let's say the block time is 5 mins
      $failded_waiting_time = 300; // 5 mins
      if(!isset($_SESSION['login_counter'])) $_SESSION['login_counter']=0;
    
      if($_SESSION['login_counter']  = 3) {
            $period = time()-$_SESSION['failed_login']; 
            if($period < 500) {
                 // do wat you want here like saying u need to wait
                 // rediorect to login page
                 header("location:Main_Login.php");                 
            }
            // if period >   $failded_waiting_time  
            // reset time
            $_SESSION['failed_login'] = time();            
      }     
      if(isset($_POST['sub']))
      {
      $myusername=$_POST['txtusername'];
      $mypassword=$_POST['txtpassword'];
      }
      $myusername = stripslashes($myusername);
      $mypassword = stripslashes($mypassword);
      $myusername = mysql_real_escape_string($myusername);
      $mypassword = mysql_real_escape_string($mypassword);
      $sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
      $result=mysql_query($sql);
      $count=mysql_num_rows($result);
      if($count==1)
      {
      if(!isset($_SESSION['txtusername']))
      {
           session_register("txtusername");
           session_register("txtpassword");
         //  $_SESSION['login_counter']=0; not needed here
           $_SESSION['txtusername']="$myusername";
           header("location:Main_Dashboard.php");
      }
      else
      {
          $_SESSION['login_counter']=$_SESSION['login_counter']+1;
          // register the 3 failed acces time
          if($_SESSION['login_counter']  == 3) {
                $_SESSION['failed_login'] = time();
          }
          header("location:
		  Main_Login.php");
      }
?>

i use this code....
but i get the error

"Parse error: syntax error, unexpected $end in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\check_user.php on line 55"

Member Avatar for bakir

this error mean there is missing } on the end so
u forget to add } at the end to close the if($count ==1 ) statement

good luck and dont forget to mark this thread as solved if it true

Edited by bakir because: n/a
Member Avatar for bbinais

what will be the logout page code

Member Avatar for Shanti C

what will be the logout page code

logout page contains destroy all your sessions (created on login page) and redirect to index/thankyou page...

Member Avatar for bakir

maybe like this

<?php

session_start(); 
if(!iseet($_SESSION['username'])) {
   // not logged in cant logged out
   header('Location: login.php');

}

unset($_SESSION['username']); // remove all $_SESSION data unset if u have more 

session_destroy();

header('Location:mainPage.php');
?>

simple code and u can coustmize it to fit ur needs

Member Avatar for bbinais

thank you very much bakir.....

Member Avatar for bakir

thank you very much bakir.....

np ;) ur welcome always but dont forget to mardk this thread as solved so unsolved can come up
good luck

Member Avatar for bbinais

i want to disable the login page for 5 minutes if the user inputs wrong password 3 times.
please help me

this is my check_user.php

<?php
    session_start();
    include("config.php");
    if (isset($_POST['sub'])) {
        $myusername = $_POST['txtusername'];
        $mypassword = $_POST['txtpassword'];
        $name       = stripslashes($myusername);
        $password   = stripslashes($mypassword);
        $myusername = mysql_real_escape_string($name);
        $mypassword = mysql_real_escape_string($password);
        $sql        = "SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
        $result     = mysql_query($sql);
        $count      = mysql_num_rows($result);
        if ($count == 1) {
            $_SESSION['login'] = "1";
            header("location:Main_Dashboard.php");
        } 
		else 
		{
		    $_SESSION['error'] = "Incorrect username or password";
            header("location:Main_Login.php");
        }
    }
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.