Jump to content

Securing a login script

-twenty

By -twenty
in PHP Coding Help

 Share

Recommended Posts

-twenty Newbie

-twenty

Posted
Posted

I tried searching but came up empty handed, hoping you guys can give me some assistance.

 

I have a login script that I would like to lock down a little from flooding. What is the easiest way to do this? Something that will restrict the IP if the script encounters x amount of failed attempts in x amount of minutes.

 

Thanks! :)

Link to comment
Share on other sites
schilly Regular Member

schilly

Posted
Posted

Have a table with login_attempt, ip_address, timestamp. If the login fails log the IP, timestamp and add one to the login attempt. When they post the login form, check the IP to see if it's in the table. If it is and over your attempt threshold throw an error saying "too many login attempts. banned for however long" or lock the account down or something. Then set a cron to clean out the table for any entries older than a certain time period.

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.