Blocking access to the login page after three unsuccessful login attempts
Sometimes you need to add an extra protection to password-protected website. This article explains how access to the login page can be restricted after three unsuccessful login attempts. This schema uses visitors IP address to store log attempts in the database and block access to login feature for 30 minutes after third unsuccessful attempt.
There are a number of reasons to restrict access. One reason is security. Quite often users try to guess login and password combination to get unauthorized access to the system. Another reason is extra load on server.
So let's start. At first you need to create a new table in your database to store information about login attempts from a certain computer. SQL script creating such table in MySQL Server will be the following. For other databases it will slightly differ.
It is assumed that you have already had an authorization page. Otherwise you can create it using PHP, SSI, and similar languages. There are no major difficulties in writing this program (script).
Authorization page should work with two tables: one table where information about registered users is stored and the other one where unsuccessful login attempts are listed.
If attempts limit has not been reached, then the system will check, if the data entered are correct. If the data are verified, information about previous attempts is deleted, and for the next authorization user again will have three login attempts.
|Copyright © 2005-2007 www.WebCheatSheet.com All Rights Reserved.|