How to delay login attempts after too many tries (PHP)

前端未结

关注

 3  1039

长发绾君心 2021-02-01 10:56

I\'m working on a fairly large web site built in PHP that will potentially have a lot of users. I\'m looking into a way to protect the login screen from automated attempts. I ha

3条回答

深忆病人 (楼主)

2021-02-01 11:33

A very dummy untested example, but I think, you will find here the main idea ).

if ($unlockTime && (time() > $unlockTime))
{
    query("UPDATE users SET login_attempts = 0, unlocktime = 0 ... ");
}
else
{
   die ('Your account is temporary locked. Reason: too much wrong login attempts.');
}
if (!$logged_in)
{
    $loginAttempts++;
    $unlocktime = 0;
    if ($loginAttempts > MAX_LOGIN_ATTEMPTS) 
    {
        $unlockTime = time() + LOCK_TIMEOUT;
    }
    query("UPDATE users SET login_attempts = $loginAttempts, unlocktime = $unlocktime ... ");
}

Sorry for the mistakes - I wrote it in some seconds ad didn't test... The same you can do by IP, by nickname, by session_id etc...

0 讨论(0)

查看其它3个回答