I want to avoid users to have many failed logins and also to prevent attacks. If the number of failed logins are 5 or more then there will be a captcha or disable access for 15 mins.
Beloow you find my code on what happens when the user is successfully logged in or not. There is some code missing, I use sessions on correct login.
The number of failed logins can be found at false_logins column.
$result
checks if $login
and $password
are found using a query.
Thank you for this.
$result=mysql_query($qry);
$member = mysql_fetch_assoc($result);
//Check whether the query was successful or not and if user is verified. Verified users have empty value
if($result) {
if ( (mysql_num_rows($result) == 1) && (!$member['verified']) ){
//Login Successful
mysql_query("UPDATE members SET ip = '$ip', false_login = '0' WHERE login = '$login'");
header("location: member-index.php");
exit();
}else {
//Login failed
mysql_query("UPDATE members SET false_login = false_login+1 WHERE login = '$login'");
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}