How to create a login attemp validation after 3 or more unsuccessful login a user is temporarily block
CREATE TABLE `tbluser` (
`id` int(11) NOT NULL,
`name` varchar(150) NOT NULL,
`username` varchar(150) NOT NULL,
`password` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
INSERT INTO `tbluser` (`id`, `name`, `username`, `password`) VALUES
(1, 'Cairocoders Ednalan', 'cairocoders', '$2y$10$dVB/4QU4vkrXB1.TAemkUuBELMHP73xFLVhP.SvPYV9l1dvmrDO4O'),
(2, 'tutorial101', 'clded25', '123456'),
(3, 'Clydey Ednalan', 'clyde0130', '123456');
ALTER TABLE `tbluser`
ADD PRIMARY KEY (`id`);
ALTER TABLE `tbluser`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4;
index.php
//index.php
<?php
session_start();
//check if can login again
if(isset($_SESSION['attempt_again'])){
$now = time();
if($now >= $_SESSION['attempt_again']){
unset($_SESSION['attempt']);
unset($_SESSION['attempt_again']);
}
}
//echo password_hash("123456", PASSWORD_DEFAULT);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>PHP Mysqli Login Attempt Validation</title>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
</head>
<body>
<div id="login">
<h3 class="text-center text-white pt-5">PHP Mysqli Login Attempt Validation</h3>
<div class="container">
<div id="login-row" class="row justify-content-center align-items-center">
<div id="login-column" class="col-md-6">
<div id="login-box" class="col-md-12">
<form id="login-form" class="form" method="POST" action="login.php">
<h3 class="text-center text-info">Login</h3>
<div class="form-group">
<label for="username" class="text-info">Username:</label><br>
<input type="text" name="username" id="username" class="form-control">
</div>
<div class="form-group">
<label for="password" class="text-info">Password:</label><br>
<input type="password" name="password" id="password" class="form-control">
</div>
<div class="form-group">
<label for="remember-me" class="text-info"><span>Remember me</span> <span><input id="remember-me" name="remember-me" type="checkbox"></span></label><br>
<button type="submit" name="login" class="btn btn-info btn-md"> Login</button>
</div>
<div id="register-link" class="text-right">
<a href="#" class="text-info">Register here</a>
</div>
</form>
<?php
if(isset($_SESSION['error'])){
?>
<div class="alert alert-danger text-center" style="margin-top:40px;">
<?php echo $_SESSION['error']; ?>
</div>
<?php
unset($_SESSION['error']);
}
if(isset($_SESSION['success'])){
?>
<div class="alert alert-success text-center" style="margin-top:40px;">
<?php echo $_SESSION['success']; ?>
</div>
<?php
unset($_SESSION['success']);
}
?>
</div>
</div>
</div>
</div>
<style>
body {
margin: 0;
padding: 0;
background-color: #17a2b8;
}
#login .container #login-row #login-column #login-box {
margin-top: 60px;
max-width: 600px;
height: 400px;
border: 1px solid #9C9C9C;
background-color: #EAEAEA;
}
#login .container #login-row #login-column #login-box #login-form {
padding: 20px;
}
#login .container #login-row #login-column #login-box #login-form #register-link {
margin-top: -85px;
}
</style>
</body>
</html>
login.php
//login.php
<?php
session_start();
if(isset($_POST['login'])){
$conn = new mysqli('localhost', 'root', '', 'testingdb');
//set login attempt if not set
if(!isset($_SESSION['attempt'])){
$_SESSION['attempt'] = 0;
}
//check if there are 3 attempts already
if($_SESSION['attempt'] == 3){
$_SESSION['error'] = 'Attempt limit reach';
}else{
$sql = "SELECT * FROM tbluser WHERE username = '".$_POST['username']."'";
$query = $conn->query($sql);
if($query->num_rows > 0){
$row = $query->fetch_assoc();
//verify password
if(password_verify($_POST['password'], $row['password'])){
//action after a successful login
//for now just message a successful login
$_SESSION['success'] = 'Login successful';
//unset our attempt
unset($_SESSION['attempt']);
}else{
$_SESSION['error'] = 'Password incorrect';
//this is where we put our 3 attempt limit
$_SESSION['attempt'] += 1;
//set the time to allow login if third attempt is reach
if($_SESSION['attempt'] == 3){
$_SESSION['attempt_again'] = time() + (5*60);
//note 5*60 = 5mins, 60*60 = 1hr, to set to 2hrs change it to 2*60*60
}
}
}else{
$_SESSION['error'] = 'No account with that username';
}
}
}
else{
$_SESSION['error'] = 'Fill up login form first';
}
header('location: index.php');
?>
