Enable Captcha after several login failure - How to implement this?

Question

I\'m working on an auth system with login failure.
If the user fails to login, the attempts number in database is incremented and if a defined limit is reached, PHP sets

Answer 1

Spam bots can get around session restrictions fairly easily, so it would have to be done in the database to be effective. Spam bots can also change their IP address each request, although this is harder to achieve.

You'd have to put a login attempts field in the users table that starts at 0, increment this when they get the password wrong, and reset it to 0 when they log in successfully. When someone tries to login as a user with login attempts > 5 you would then take them to another page with the captcha which they must enter correctly (even if the password was wrong).