3次登录失败后如何阻止登录 [英] How to blocked login a few minutes after 3 unsuccessful login

问题描述

可能重复:
在PHP中限制用户登录尝试

Possible Duplicate:
Limiting user login attempts in PHP

3次尝试登录失败后，我试图在登录中添加一些安全性以阻止用户访问. 例如，如果某个特定用户尝试使用错误的用户名或密码登录3次，我应该显示对话框或消息，提示用户需要在10分钟后重试(例如)

I'm trying to put some security in login to block user access after 3 failed attempts to login. For example, if a specific user attempts to login with wrong username or password 3 times, I should show the dialog or message that the user needs to try again after 10 minutes (as an example)

10分钟后，用户可以使用正确的用户名和密码再次登录.

Than after 10 minutes, the user can login again with correct username and password.

我该怎么做?

推荐答案

最简单的方法是使用SESSION存储失败登录的次数，每次用户登录使用错误的用户名或密码时，都会增加计数.像这样:

The simplest way is using SESSION to store number of fail login, for each times user login use wrong username or password, increase your count. it like that:

if(isset($_SESSION['num_login_fail']))
{
  if($_SESSION['num_login_fail'] == 3)
   {
     if(time() - $_SESSION['last_login_time'] < 10*60*60 ) 
      {
         // alert to user wait for 10 minutes afer
          return; 
      }
      else
      {
        //after 10 minutes
         $_SESSION['num_login_fail'] = 0;
      }
   }      
}

$sucess = doLogin() // your check login function
if($success)
{
   $_SESSION['num_login_fail'] = 0;
   //your code here
}
else
{
 $_SESSION['num_login_fail'] ++;
 $_SESSION['last_login_time'] = time();
}

但是，用户可以通过关闭浏览器然后再次打开来绕过它，所有用户的会话都将为空.为了更加完善，您可以在数据库中存储num_login_fail和last_login_time.

But, user can bypass it by turn off browser, then open again, all user's session wil be null. For more perfect , you can store num_login_fail and last_login_time in your database.

这篇关于3次登录失败后如何阻止登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！