how to block user after 3 login attempts ?
Here is my code :
session_start();
/************Connexion************/
if(isset($_POST['cnx'])){
require_once('../config.php');
$db = new DBSTOCK();
$cnx = $db->connect();
$user=$_POST['user'];
$pass=$_POST['pass'];
// To protect from MySQL injection for Security purpose
$user = strip_tags($user);
$pass = strip_tags($pass);
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($cnx,$user);
$pass = mysqli_real_escape_string($cnx,$pass);
$q=mysqli_query($cnx,"select * from admin where user='".$user."'");
$row = mysqli_fetch_array($q); //or die(mysqli_error($con));
$pw = $row['pass'];//hashed password in database
$username = $row['user'];
if($user==$username && password_verify($pass, $pw)) {
$_SESSION["user"]=$user;
header("Location: ../view/accueil.php");
}
else{
header("Location: ../index.php?failed=0");
}}
/************Deconnexion************/
if(isset($_GET['decnx'])){
session_destroy();
session_unset();
header("Location: ../index.php");
}
any script suggestion i can add to my code so a user can be blocked for 10 minutes after 3 consecutive failed login attempts ?