0

hi all,

i am new to php. i am developing a login where i compare encrepted password and set session to the user and login to the system.

but I need mote to do with this.
I need to know how to lock IP if a user try more than 2 3 timies to login to the system..
I am using php and don't know what are the areas that i have to stdy to do this..

can any body give me a hint ...

example code is highly appreciated

thanks in advance,
menukaddevinda

2
Contributors
3
Replies
4
Views
6 Years
Discussion Span
Last Post by sDJh
0

Hi,

perfect hint: http://www.php.net/manual/en/reserved.variables.server.php. It's the manual for all information concerning your visitor. Look at "REMOTE_ADDR" for the IP-address.

To lock an account you simply count how often the user tried to log in in with a wrong ID. Simply place a file into a temporary folder named with the IP-address and save the time and date of the login (or even better unix-time: time()). If the time gap is lower than say 15 minutes you simply put a flag "locked" to your database or whatever system you're using for your accounts.

0

Blocking I.P is fairly useless if you use a proxy, for example I use one, and have a button which says 'Cycle I.P', upon clicking it I have a new I.P address, and therefore could carry on attempting to login.

i am bringing another probelem when i an exploring this, do u have any option to handle this???

thx in advance.

0

the best alternative is, to lock an account independently from the IP address. That's how it's done in the real world. That might be stupid for the end-user as she/he can't login after an attack, but provides the highest security.

There are two possibilities:
1) Resetting the password and sending a link to unlock the account via email.
2) Blocking any login-attempt for a defined period of time (15 mins or so).

What's best for you depends on your taste.

Regards, Simon

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.