i want the code for
if user try to access the login screen for more than 3 times with invalid password then account should lock
plzzzzzzzzzzzz......

just intialize a session with username and logincounter like $_SESSION and $_SESSION
for every try increment the logincounter session for the same username..
if its greater than 3 then dont' allow for login..

or post your code, we will check it out..

<?php
session_start();
$host="192.168.200.100";
$username="emt_dev";
$password="ready2go#";
$db_name="emtd101";
$tbl_name="M_USER";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if(isset($_POST['sub']))
{
$myusername=$_POST['txtusername'];
$mypassword=$_POST['txtpassword'];
}

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
session_register("txtusername");
session_register("txtpassword");
header("location:Main_Dashboard.php");
}
else

header("location:Main_Login.php")

?>

this is my code.....
and one more thing i need to know how the session time out works...
thanks 4 ur replay

<?php
session_start();
$host="192.168.200.100";
$username="emt_dev";
$password="ready2go#";
$db_name="emtd101";
$tbl_name="M_USER";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if(isset($_POST['sub']))
{
$myusername=$_POST['txtusername'];
$mypassword=$_POST['txtpassword'];
}

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
session_register("txtusername");
session_register("txtpassword");
header("location:Main_Dashboard.php");
}
else

header("location:Main_Login.php")

?>

try this:

if($count==1)
{
if(!isset($_SESSION['txtusername']))
{
   session_register("txtusername");
   session_register("txtpassword");
   session_register("login_counter");
    $_SESSION['login_counter']=0;
   $_SESSION['txtusername']="";// intialize name
   header("location:Main_Dashboard.php");
}
else
{
   $_SESSION['login_counter']=$_SESSION['login_counter']+1;
}
}

and to validate:

if(isset($_SESSION['login_counter']) && ($_SESSION['login_counter']==3))
{
   echo "Please wait for some time!";
}

i can log in successfully.....
but when i put wrong password it redirect to blank page...
i change the code to this..

if(!isset($_SESSION['txtusername']))   
{  
session_register("txtusername");   
session_register("txtpassword");  
session_register("login_counter");
$_SESSION['login_counter']=0;   
$_SESSION['txtusername']=""; 
header("location:Main_Dashboard.php");  
}  
else  
{ 
header("location:Main_Login.php"); 
$_SESSION['login_counter']=$_SESSION['login_counter']+1;  
}  
}

but still not working.....

Member Avatar

diafol

@bbinais

Please use code tags [ CODE ]. I'm getting a headache trying to read your code.

You have to increment session login_counter before redirect to the Main_Login.php page..
see this:

if(!isset($_SESSION['txtusername']))   
{  
session_register("txtusername");   
session_register("txtpassword");  
session_register("login_counter");
$_SESSION['login_counter']=0;   
$_SESSION['txtusername']=""; 
header("location:Main_Dashboard.php");  
}  
else  
{ 
$_SESSION['login_counter']=$_SESSION['login_counter']+1;
header("location:Main_Login.php"); 
  
}  
}

and put this code in Main_Login.php page:

if(isset($_SESSION['login_counter']) && ($_SESSION['login_counter']==3))
    {
       echo "Please wait for some time!";
     }

i couldn't login pls help me......
is there any problm in this code....

<?php
session_start();
$host="192.168.200.100";
$username="emt_dev";
$password="ready2go#";
$db_name="emtd101";
$tbl_name="M_USER";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if(isset($_POST['sub']))
{
$myusername=$_POST['txtusername'];
$mypassword=$_POST['txtpassword'];
}

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$encrypted_mypassword=md5($mypassword);

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{   
if(!isset($_SESSION['txtusername']))   
{  
session_register("txtusername");   
session_register("txtpassword");  
$_SESSION['login_counter']=0;   
$_SESSION['txtusername']="$myusername"; 
header("location:Main_Dashboard.php");  
}  
else  
{ 
$_SESSION['login_counter']=$_SESSION['login_counter']+1;
header("location:invalid.php"); 
}  
?>

$encrypted_mypassword=md5($mypassword);

do u use md5() when u insert password in the sql table?

maybe that is ur fault
if so try to use

$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD=MD5('$mypassword')";

hope that may help

<?php
      $host="192.168.200.100";
      $username="emt_dev";
      $password="ready2go#";
      $db_name="emtd101";
      $tbl_name="M_USER";
      mysql_connect("$host", "$username", "$password")or die("cannot connect");
      mysql_select_db("$db_name")or die("cannot select DB");
      // let's say the block time is 5 mins
      $failded_waiting_time = 300; // 5 mins
      if(!isset($_SESSION['login_counter'])) $_SESSION['login_counter']=0;
    
      if($_SESSION['login_counter']  = 3) {
            $period = time()-$_SESSION['failed_login']; 
            if($period < 500) {
                 // do wat you want here like saying u need to wait
                 // rediorect to login page
                 header("location:invalid.php");                 
            }
            // if period >   $failded_waiting_time  
            // reset time
            $_SESSION['failed_login'] = time();            
      }     
      if(isset($_POST['sub']))
      {
      $myusername=$_POST['txtusername'];
      $mypassword=$_POST['txtpassword'];
      }
      $myusername = stripslashes($myusername);
      $mypassword = stripslashes($mypassword);
      $myusername = mysql_real_escape_string($myusername);
      $mypassword = mysql_real_escape_string($mypassword);
      $sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
      $result=mysql_query($sql);
      $count=mysql_num_rows($result);
      if($count==1)
      {
      if(!isset($_SESSION['txtusername']))
      {
           session_register("txtusername");
           session_register("txtpassword");
         //  $_SESSION['login_counter']=0; not needed here
           $_SESSION['txtusername']="$myusername";
           header("location:Main_Dashboard.php");
      }
      else
      {
          $_SESSION['login_counter']=$_SESSION['login_counter']+1;
          // register the 3 failed acces time
          if($_SESSION['login_counter']  == 3) {
                $_SESSION['failed_login'] = time();
          }
          header("location:invalid.php");
      }
?>

hope this fast fix help
and sorry if i have errors coz it was so fast
good luck

i rewright it as below

<?php
  $uname = "";
  $pword = "";
  $errorMessage = "";
  $num_rows = 0;

  if ($_SERVER['REQUEST_METHOD'] == 'POST') 
  {
   $uname = $_POST['txtusername'];
   $pword = $_POST['txtpassword'];
  }
  $uname = htmlspecialchars($uname);
  $pword = htmlspecialchars($pword);

  $user_name = "emt_dev";
  $pass_word = "ready2go#";
  $database = "emtd101";
  $server = "192.168.200.100";

  $db_handle = mysql_connect($server, $user_name, $pass_word);
  $db_found = mysql_select_db($database, $db_handle);

  if ($db_found) 
  {
   $uname = quote_smart($uname, $db_handle);
   $pword = quote_smart($pword, $db_handle);
  }
  else 
  {
   $errorMessage = "Error logging on";
  }

  $SQL = "SELECT * FROM $tbl_name WHERE MUSE_NAME = $uname AND MUSE_PWD = $pword";

  $result = mysql_query($SQL);

  if ($result)
  {
   $num_rows = mysql_num_rows($result);
  }
  else 
  {
   $errorMessage = "Error logging on";
  }

  if ($num_rows > 0) 
  {
   $errorMessage= "logged on ";
  }
  else 
  {
   $errorMessage= "Invalid Logon";
  }
?>

i'm getting an error:

Fatal error: Call to undefined function quote_smart() in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\test.php on line 31

i rewright it as below

<?php
$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$uname = $_POST['txtusername'];
$pword = $_POST['txtpassword'];
}
$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);

$user_name = "emt_dev";
$pass_word = "ready2go#";
$database = "emtd101";
$server = "192.168.200.100";

$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found)
{
$uname = quote_smart($uname, $db_handle);
$pword = quote_smart($pword, $db_handle);
}
else
{
$errorMessage = "Error logging on";
}

$SQL = "SELECT * FROM $tbl_name WHERE MUSE_NAME = $uname AND MUSE_PWD = $pword";

$result = mysql_query($SQL);

if ($result)
{
$num_rows = mysql_num_rows($result);
}
else
{
$errorMessage = "Error logging on";
}

if ($num_rows > 0)
{
$errorMessage= "logged on ";
}
else
{
$errorMessage= "Invalid Logon";
}
?>

i'm getting an error: Fatal error: Call to undefined function quote_smart() in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\test.php on line 31

Re: if user try to access the login screen for more than 3 times with invalid password th
PHP Syntax (Toggle Plain Text)

1.
<?php
2.
$host="192.168.200.100";
3.
$username="emt_dev";
4.
$password="ready2go#";
5.
$db_name="emtd101";
6.
$tbl_name="M_USER";
7.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
8.
mysql_select_db("$db_name")or die("cannot select DB");
9.
// let's say the block time is 5 mins
10.
$failded_waiting_time = 300; // 5 mins
11.
if(!isset($_SESSION)) $_SESSION=0;
12.

13.
if($_SESSION = 3) {
14.
$period = time()-$_SESSION;
15.
if($period < 500) {
16.
// do wat you want here like saying u need to wait
17.
// rediorect to login page
18.
header("location:invalid.php");
19.
}
20.
// if period > $failded_waiting_time
21.
// reset time
22.
$_SESSION = time();
23.
}
24.
if(isset($_POST))
25.
{
26.
$myusername=$_POST;
27.
$mypassword=$_POST;
28.
}
29.
$myusername = stripslashes($myusername);
30.
$mypassword = stripslashes($mypassword);
31.
$myusername = mysql_real_escape_string($myusername);
32.
$mypassword = mysql_real_escape_string($mypassword);
33.
$sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
34.
$result=mysql_query($sql);
35.
$count=mysql_num_rows($result);
36.
if($count==1)
37.
{
38.
if(!isset($_SESSION))
39.
{
40.
session_register("txtusername");
41.
session_register("txtpassword");
42.
// $_SESSION=0; not needed here
43.
$_SESSION="$myusername";
44.
header("location:Main_Dashboard.php");
45.
}
46.
else
47.
{
48.
$_SESSION=$_SESSION+1;
49.
// register the 3 failed acces time
50.
if($_SESSION == 3) {
51.
$_SESSION = time();
52.
}
53.
header("location:invalid.php");
54.
}
55.
?>

<?php $host="192.168.200.100"; $username="emt_dev"; $password="ready2go#"; $db_name="emtd101"; $tbl_name="M_USER"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // let's say the block time is 5 mins $failded_waiting_time = 300; // 5 mins if(!isset($_SESSION)) $_SESSION=0; if($_SESSION = 3) { $period = time()-$_SESSION; if($period < 500) { // do wat you want here like saying u need to wait // rediorect to login page header("location:invalid.php"); } // if period > $failded_waiting_time // reset time $_SESSION = time(); } if(isset($_POST)) { $myusername=$_POST; $mypassword=$_POST; } $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1) { if(!isset($_SESSION)) { session_register("txtusername"); session_register("txtpassword"); // $_SESSION=0; not needed here $_SESSION="$myusername"; header("location:Main_Dashboard.php"); } else { $_SESSION=$_SESSION+1; // register the 3 failed acces time if($_SESSION == 3) { $_SESSION = time(); } header("location:invalid.php"); } ?>

hope this fast fix help
and sorry if i have errors coz it was so fast
good luck
------------------------------------------------------------------------------------
hi bakir,
now i get this error

Parse error: syntax error, unexpected $end in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\check_user.php on line 55

hi bakir,
now i get this error

Parse error: syntax error, unexpected $end in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\check_user.php on line 55

hi bbinais
can use code tags to post so i can read it clearly .. waiting for ya

<?php
      $host="192.168.200.100";
      $username="emt_dev";
      $password="ready2go#";
      $db_name="emtd101";
      $tbl_name="M_USER";
      mysql_connect("$host", "$username", "$password")or die("cannot connect");
      mysql_select_db("$db_name")or die("cannot select DB");
      // let's say the block time is 5 mins
      $failded_waiting_time = 300; // 5 mins
      if(!isset($_SESSION['login_counter'])) $_SESSION['login_counter']=0;
    
      if($_SESSION['login_counter']  = 3) {
            $period = time()-$_SESSION['failed_login']; 
            if($period < 500) {
                 // do wat you want here like saying u need to wait
                 // rediorect to login page
                 header("location:Main_Login.php");                 
            }
            // if period >   $failded_waiting_time  
            // reset time
            $_SESSION['failed_login'] = time();            
      }     
      if(isset($_POST['sub']))
      {
      $myusername=$_POST['txtusername'];
      $mypassword=$_POST['txtpassword'];
      }
      $myusername = stripslashes($myusername);
      $mypassword = stripslashes($mypassword);
      $myusername = mysql_real_escape_string($myusername);
      $mypassword = mysql_real_escape_string($mypassword);
      $sql="SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
      $result=mysql_query($sql);
      $count=mysql_num_rows($result);
      if($count==1)
      {
      if(!isset($_SESSION['txtusername']))
      {
           session_register("txtusername");
           session_register("txtpassword");
         //  $_SESSION['login_counter']=0; not needed here
           $_SESSION['txtusername']="$myusername";
           header("location:Main_Dashboard.php");
      }
      else
      {
          $_SESSION['login_counter']=$_SESSION['login_counter']+1;
          // register the 3 failed acces time
          if($_SESSION['login_counter']  == 3) {
                $_SESSION['failed_login'] = time();
          }
          header("location:
		  Main_Login.php");
      }
?>

i use this code....
but i get the error

"Parse error: syntax error, unexpected $end in C:\Program Files\EasyPHP-5.3.3\www\brando\html\screens\check_user.php on line 55"

this error mean there is missing } on the end so
u forget to add } at the end to close the if($count ==1 ) statement

good luck and dont forget to mark this thread as solved if it true

what will be the logout page code

what will be the logout page code

logout page contains destroy all your sessions (created on login page) and redirect to index/thankyou page...

maybe like this

<?php

session_start(); 
if(!iseet($_SESSION['username'])) {
   // not logged in cant logged out
   header('Location: login.php');

}

unset($_SESSION['username']); // remove all $_SESSION data unset if u have more 

session_destroy();

header('Location:mainPage.php');
?>

simple code and u can coustmize it to fit ur needs

thank you very much bakir.....

thank you very much bakir.....

np ;) ur welcome always but dont forget to mardk this thread as solved so unsolved can come up
good luck

i want to disable the login page for 5 minutes if the user inputs wrong password 3 times.
please help me

this is my check_user.php

<?php
    session_start();
    include("config.php");
    if (isset($_POST['sub'])) {
        $myusername = $_POST['txtusername'];
        $mypassword = $_POST['txtpassword'];
        $name       = stripslashes($myusername);
        $password   = stripslashes($mypassword);
        $myusername = mysql_real_escape_string($name);
        $mypassword = mysql_real_escape_string($password);
        $sql        = "SELECT * FROM $tbl_name WHERE MUSE_NAME='$myusername' and MUSE_PWD='$mypassword'";
        $result     = mysql_query($sql);
        $count      = mysql_num_rows($result);
        if ($count == 1) {
            $_SESSION['login'] = "1";
            header("location:Main_Dashboard.php");
        } 
		else 
		{
		    $_SESSION['error'] = "Incorrect username or password";
            header("location:Main_Login.php");
        }
    }
?>