I have a form like that for logging in:
<form action="form.php" method="post">
<input type="text" name="name" placeholder="Type your name">
<input type="password" name="password" placeholder="Type your password" >
<input type="submit" name="submit" value="Login">
</form>
I want to add Google Recaptcha only if the user is trying to login more than 3 times for example:
<form action="form.php" method="post">
<input type="text" name="name" placeholder="Type your name">
<input type="password" name="password" placeholder="Type your password" >
<?php
if(){ // Check if submitted more than 3 times.
<div class="g-recaptcha" data-sitekey="=== Your site key ==="></div>
}
?>
<input type="submit" name="submit" value="Login">
</form>
I'm thinking of using Cookies, After validating and login fails add a cookie with value = 1 and if this cookie exists, Increase by 1.
if( isset($_COOKIE['tries']) ){
createcookie('tries', $_COOKIE['ties'] +1 );
}else{
createcookie('tries', '1');
}
But what if the cookies are disabled?!
Also I'm thinking of using the IP Address , Create a table with IP Addresses of users trying to login and the login fails:
__________________________________
| | | |
| ip | count | date |
|________|__________|_____________|
Where count is the login fails times and date is today date, So if it's today date and the count > 3, Show the Recaptcha.
But what if the user is using a VPN?
Is there is a reliable way for doing that?
How does stackoverflow do that?