Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

php three password attempts

Status
Not open for further replies.
jefargrafx

jefargrafx

Instructor
Joined
May 24, 2001
Messages
273
Location
US
I've been looking for an example of how to keep a user from login in after three failed password attempts.

I've found a few couple examples in javascript, but I'd rather do this with PHP?

anyone ever do this before or could you point me in the direction of a good tutorial......

thanks

jef
 
Sort by date Sort by votes
You can use the Apache directives to do this, and set the limit for logons.
 
Upvote 0 Downvote
It's relatively simple and not so simple:

You need a way to id the user attempting the login - usually IP is enough, but as most people are on dial-up, re-connecting to their ISP will likely, but not always give a new IP.

Solution: Use a cookie in combination with an IP check. Place the 'NoLog' cookie on the client machine (still not fool-proof as it can be deleted) and when the third login attempt fails write a cookie to the machine and track the IP in some way (DB or flat file). For users with high speed fixed links, this is not an issue as the IP usually doesn't change with each internet connection.

Note: you probably also want to write a script to release this lock (using a date-stamp in the cookie and the db) to re-allow that user another kick at the can the next day or after some set time has elapsed.

There really is no fool-proof method of restricting the number of times a user can attempt to access the site. Its simply the nature of the web. The best attempt at control is described above.

HT

Bastien

Any one have a techie job in Toronto, I need to work...being laid off sucks!
 
Upvote 0 Downvote
Not sure reply to your question is correct, but here may be some info that may be helpfull.

How do I set up Apache to require a username and password to access certain documents?
There are several ways to do this; some of the more popular ones are to use the mod_auth, mod_auth_db, or mod_auth_dbm modules.

For an explanation on how to implement these restrictions, see Apache Week's articles on Using User Authentication or DBM User Authentication, or see the authentication tutorial in the Apache documentation.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Locked
  • Question Question
PHP Debugging
Replies
1
Views
729
cdlvj
cdlvj
W
  • Locked
  • Question Question
how to send checked row data in php
Replies
0
Views
607
wiltang2004
W
SashaBuilder3
  • Locked
  • Question Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
998
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question Question
Unwanted spaces in php HTML mail
Replies
4
Views
692
PeDa
PeDa
Mandy_crw
  • Locked
  • Question Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
850
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top