0

I am making a security login where users can create accounts and log in. If the user enters the wrong information, they get redirected to another page where the input borders are red with a warning in red text informing the user that the information given is wrong and to retry. I plan not to allow the user to retry typing information if they have been redirected to the same page 3 times. This way, people would not spam passwords to get into an account.

Please let me know if there is an easier way to do all this.

Pepsi peep
  • 21
  • 5
  • Research using the SESSION, then maybe set a block time in the user record – RiggsFolly Dec 13 '22 at 10:08
  • 3
    Hmm. The solution you found to your problem ( imo ) is not the best one. Why redirect to a different page if they enter the incorect credentials ? That's not a good UX . Instead, make the form validations on the same page. And make your validations in the backend. Check if a user tries to login and fails 3 times in X amount of time....do whatever ( timeout for 15 mins or something like that ) . Do not do this logic with redirection and frontend. – Mihai T Dec 13 '22 at 10:09
  • IMHO easier is to decide on a baseline of what you want to implement and in which order as the topic is broad and highly technical, so prone to (implementation) errors: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html – hakre Dec 13 '22 at 11:11

1 Answers1

0

You can set a value to in session to track how many times a user has tried to sign in. In your login.php or which ever file you are handling the login add this code after the login fails

$_SESSION['login_attempts'] = (!isset($_SESSION['login_attempts']) ? 1 : $_SESSION['login_attempts'] + 1;

Then you can check if this value is equal to 3 to disable login page or whatever else.

if($_SESSION['login_attempts'] === 3){
   // redirect to home 
}

Be sure that your session is started, session_start();

Gazmend Sahiti
  • 443
  • 3
  • 13