Limit Login Attempts in 3 times using Codeigniter
3
I am currently developing a system. I already done in my login module but I want to put some login attempts. The user will only have 3 attempts to login, if it exceed to 3 limits either the email of that user will be deactivated or it will give a 5 minutes penalty.
I don't know how to begin with it but the things I know that; you need to get the ip address of the user, check the number of attempts with that email.
User table
name (varchar)
email (varchar)
password (varchar)
confirm password (varchar)
attempts (int)
ip_address (varchar)
status (varchar)
Controller
public function login()
{
if($this->form_validation->run('login_validate') == FALSE)
{
echo json_encode(validation_errors());
}
else
{
$email = clean_data($this->input->post('email'));
$password = clean_data($this->input->post('password'));
$where = array('email'=>$email);
$get_user = $this->Crud_model->fetch_tag_row('*','users',$where);
if($get_user)
{
$check_password = $get_user->password;
if($this->session->tempdata('penalty'))
{
echo json_encode("Your account is ". $_SESSION['penalty']. " on penalty");
}
else
{
if(password_verify($password,$check_password))
{
if($get_user->status == 'Active')
{
$user_session = [
'id' => $get_user->id,
'first_name' => $get_user->first_name,
'middle_name' => $get_user->middle_name,
'last_name' => $get_user->last_name,
'email' => $get_user->email,
];
$this->session->set_userdata('logged_in',$user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] .' '. $session['middle_name'] .' '. $session['last_name'];
echo json_encode("success");
}
else if ($get_user->status == 'Inactive')
{
echo json_encode("Your account is inactive. Contact our human resource department regarding this problem.");
}
}
else
{
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if($attempt == 3)
{
echo json_encode("Your account is locked");
$this->session->set_tempdata('penalty', true, 10);
$this->session->set_userdata('attempt', 0);
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
NOTE: Above is my login function. It's working properly(my validations for fields, if account existing, username and password correct etc.).Fetch->tag->row will only get the specific row
Question: Can anyone enlighten or guide me how to make an login attempt?
php codeigniter
asked Oct 14 '17 at 0:28
AngelAngel
293524
add a comment |
3
I am currently developing a system. I already done in my login module but I want to put some login attempts. The user will only have 3 attempts to login, if it exceed to 3 limits either the email of that user will be deactivated or it will give a 5 minutes penalty.
I don't know how to begin with it but the things I know that; you need to get the ip address of the user, check the number of attempts with that email.
User table
name (varchar)
email (varchar)
password (varchar)
confirm password (varchar)
attempts (int)
ip_address (varchar)
status (varchar)
Controller
public function login()
{
if($this->form_validation->run('login_validate') == FALSE)
{
echo json_encode(validation_errors());
}
else
{
$email = clean_data($this->input->post('email'));
$password = clean_data($this->input->post('password'));
$where = array('email'=>$email);
$get_user = $this->Crud_model->fetch_tag_row('*','users',$where);
if($get_user)
{
$check_password = $get_user->password;
if($this->session->tempdata('penalty'))
{
echo json_encode("Your account is ". $_SESSION['penalty']. " on penalty");
}
else
{
if(password_verify($password,$check_password))
{
if($get_user->status == 'Active')
{
$user_session = [
'id' => $get_user->id,
'first_name' => $get_user->first_name,
'middle_name' => $get_user->middle_name,
'last_name' => $get_user->last_name,
'email' => $get_user->email,
];
$this->session->set_userdata('logged_in',$user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] .' '. $session['middle_name'] .' '. $session['last_name'];
echo json_encode("success");
}
else if ($get_user->status == 'Inactive')
{
echo json_encode("Your account is inactive. Contact our human resource department regarding this problem.");
}
}
else
{
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if($attempt == 3)
{
echo json_encode("Your account is locked");
$this->session->set_tempdata('penalty', true, 10);
$this->session->set_userdata('attempt', 0);
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
NOTE: Above is my login function. It's working properly(my validations for fields, if account existing, username and password correct etc.).Fetch->tag->row will only get the specific row
Question: Can anyone enlighten or guide me how to make an login attempt?
php codeigniter
asked Oct 14 '17 at 0:28
AngelAngel
293524
add a comment |
3
3
3
3
I am currently developing a system. I already done in my login module but I want to put some login attempts. The user will only have 3 attempts to login, if it exceed to 3 limits either the email of that user will be deactivated or it will give a 5 minutes penalty.
I don't know how to begin with it but the things I know that; you need to get the ip address of the user, check the number of attempts with that email.
User table
name (varchar)
email (varchar)
password (varchar)
confirm password (varchar)
attempts (int)
ip_address (varchar)
status (varchar)
Controller
public function login()
{
if($this->form_validation->run('login_validate') == FALSE)
{
echo json_encode(validation_errors());
}
else
{
$email = clean_data($this->input->post('email'));
$password = clean_data($this->input->post('password'));
$where = array('email'=>$email);
$get_user = $this->Crud_model->fetch_tag_row('*','users',$where);
if($get_user)
{
$check_password = $get_user->password;
if($this->session->tempdata('penalty'))
{
echo json_encode("Your account is ". $_SESSION['penalty']. " on penalty");
}
else
{
if(password_verify($password,$check_password))
{
if($get_user->status == 'Active')
{
$user_session = [
'id' => $get_user->id,
'first_name' => $get_user->first_name,
'middle_name' => $get_user->middle_name,
'last_name' => $get_user->last_name,
'email' => $get_user->email,
];
$this->session->set_userdata('logged_in',$user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] .' '. $session['middle_name'] .' '. $session['last_name'];
echo json_encode("success");
}
else if ($get_user->status == 'Inactive')
{
echo json_encode("Your account is inactive. Contact our human resource department regarding this problem.");
}
}
else
{
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if($attempt == 3)
{
echo json_encode("Your account is locked");
$this->session->set_tempdata('penalty', true, 10);
$this->session->set_userdata('attempt', 0);
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
NOTE: Above is my login function. It's working properly(my validations for fields, if account existing, username and password correct etc.).Fetch->tag->row will only get the specific row
Question: Can anyone enlighten or guide me how to make an login attempt?
php codeigniter
asked Oct 14 '17 at 0:28
AngelAngel
293524
I am currently developing a system. I already done in my login module but I want to put some login attempts. The user will only have 3 attempts to login, if it exceed to 3 limits either the email of that user will be deactivated or it will give a 5 minutes penalty.
I don't know how to begin with it but the things I know that; you need to get the ip address of the user, check the number of attempts with that email.
User table
name (varchar)
email (varchar)
password (varchar)
confirm password (varchar)
attempts (int)
ip_address (varchar)
status (varchar)
Controller
public function login()
{
if($this->form_validation->run('login_validate') == FALSE)
{
echo json_encode(validation_errors());
}
else
{
$email = clean_data($this->input->post('email'));
$password = clean_data($this->input->post('password'));
$where = array('email'=>$email);
$get_user = $this->Crud_model->fetch_tag_row('*','users',$where);
if($get_user)
{
$check_password = $get_user->password;
if($this->session->tempdata('penalty'))
{
echo json_encode("Your account is ". $_SESSION['penalty']. " on penalty");
}
else
{
if(password_verify($password,$check_password))
{
if($get_user->status == 'Active')
{
$user_session = [
'id' => $get_user->id,
'first_name' => $get_user->first_name,
'middle_name' => $get_user->middle_name,
'last_name' => $get_user->last_name,
'email' => $get_user->email,
];
$this->session->set_userdata('logged_in',$user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] .' '. $session['middle_name'] .' '. $session['last_name'];
echo json_encode("success");
}
else if ($get_user->status == 'Inactive')
{
echo json_encode("Your account is inactive. Contact our human resource department regarding this problem.");
}
}
else
{
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if($attempt == 3)
{
echo json_encode("Your account is locked");
$this->session->set_tempdata('penalty', true, 10);
$this->session->set_userdata('attempt', 0);
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
NOTE: Above is my login function. It's working properly(my validations for fields, if account existing, username and password correct etc.).Fetch->tag->row will only get the specific row
Question: Can anyone enlighten or guide me how to make an login attempt?
php codeigniter
php codeigniter
asked Oct 14 '17 at 0:28
AngelAngel
293524
asked Oct 14 '17 at 0:28
AngelAngel
293524
edited Oct 15 '17 at 15:46
Angel
asked Oct 14 '17 at 0:28
AngelAngel
293524
asked Oct 14 '17 at 0:28
AngelAngel
293524
asked Oct 14 '17 at 0:28
AngelAngel
293524
293524
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
7
I dont think you need to use the IP, what if you use a session variable?
for example, when opening the login page the sess var will be set to 0, and on each error you increase it by one.
also, before to validate the user and pass you check the sess var if it is less or equal to 3, if it is then you give the message that they need to wait, if not you process the login.
Now, if what you want is to implement a 5 min penalty before trying again, you can use tempdata in session var, if the temp data is set to true it is still in penalty time, if not, you can process the login.
you can refer to Here
public function login() {
if ($this->form_validation->run('login_validate') == FALSE) {
echo json_encode(validation_errors());
} else {
$email = $this->input->post('email');
$password = $this->input->post('password');
$where = array('email' => $email);
$get_user = $this->Crud_model->fetch_tag_row('*', 'users', $where);
if ($get_user) {
$check_password = $get_user->password;
if($this->session->tempdata('penalty')){
//Shows code that user is on a penalty
}else{
if (password_verify($password, $check_password)) {
if ($get_user->status == 'Active') {
$user_session = ['id' => $get_user->id, 'first_name' => $get_user->first_name, 'middle_name' => $get_user->middle_name, 'last_name' => $get_user->last_name, 'email' => $get_user->email,];
$this->session->set_userdata('logged_in', $user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] . ' ' . $session['middle_name'] . ' ' . $session['last_name'];
echo json_encode("success");
} elseif ($get_user->status == 'Inactive') {
echo json_encode("Your account is inactive.");
}
} else {
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if ($attempt == 3) {
echo json_encode("Your account is locked");
$this->db->set('attempts', 'attempts+120', FALSE);
$this->db->where($where);
$this->db->update('users'); // gives UPDATE mytable SET field = field+1 WHERE id = 2
$attempt = 0;
//code for setting tempdata when reached maximun tries
$this->session->set_tempdata('penalty', true, 300); //set the name of the sess var to 'penalty, the value will be true and will expire within 5 minutes (expressed in sec.)
} else {
echo json_encode("Invalid Credentials");
}
}
}
} else {
echo json_encode("No account found");
}
}
}
hope it works
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
HI sir, thank you for giving me an advise. I already done the first part. Checking the login attempt, right now how can I implement the 5 mins penalty? Any guide again? I updated my controller
– Angel
Oct 14 '17 at 9:06
1
Wow man, thank you very much! It's working now!
– Angel
Oct 15 '17 at 15:39
Last question, what if I want to display the time penalty in my message? I tried to follow the guide but it only display like this "Your account is 1 on penalty". How can I display the 5mins?(I changed it to 10secs to make it faster to debug)
– Angel
Oct 15 '17 at 15:50
You could instead of setting the penalty to true, set it to current time, then when validating if session var penalty is true, validate if != null, if it is different than null then get its value (time you capture when 3 failed login occurred) and then compare it with current time. that should give you the difference between times and you'll be able to get the remaining time for the penalty. Hope it helps
– Exequiel Aguirre
Oct 15 '17 at 18:50
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f46739616%2flimit-login-attempts-in-3-times-using-codeigniter%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
7
I dont think you need to use the IP, what if you use a session variable?
for example, when opening the login page the sess var will be set to 0, and on each error you increase it by one.
also, before to validate the user and pass you check the sess var if it is less or equal to 3, if it is then you give the message that they need to wait, if not you process the login.
Now, if what you want is to implement a 5 min penalty before trying again, you can use tempdata in session var, if the temp data is set to true it is still in penalty time, if not, you can process the login.
you can refer to Here
public function login() {
if ($this->form_validation->run('login_validate') == FALSE) {
echo json_encode(validation_errors());
} else {
$email = $this->input->post('email');
$password = $this->input->post('password');
$where = array('email' => $email);
$get_user = $this->Crud_model->fetch_tag_row('*', 'users', $where);
if ($get_user) {
$check_password = $get_user->password;
if($this->session->tempdata('penalty')){
//Shows code that user is on a penalty
}else{
if (password_verify($password, $check_password)) {
if ($get_user->status == 'Active') {
$user_session = ['id' => $get_user->id, 'first_name' => $get_user->first_name, 'middle_name' => $get_user->middle_name, 'last_name' => $get_user->last_name, 'email' => $get_user->email,];
$this->session->set_userdata('logged_in', $user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] . ' ' . $session['middle_name'] . ' ' . $session['last_name'];
echo json_encode("success");
} elseif ($get_user->status == 'Inactive') {
echo json_encode("Your account is inactive.");
}
} else {
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if ($attempt == 3) {
echo json_encode("Your account is locked");
$this->db->set('attempts', 'attempts+120', FALSE);
$this->db->where($where);
$this->db->update('users'); // gives UPDATE mytable SET field = field+1 WHERE id = 2
$attempt = 0;
//code for setting tempdata when reached maximun tries
$this->session->set_tempdata('penalty', true, 300); //set the name of the sess var to 'penalty, the value will be true and will expire within 5 minutes (expressed in sec.)
} else {
echo json_encode("Invalid Credentials");
}
}
}
} else {
echo json_encode("No account found");
}
}
}
hope it works
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
HI sir, thank you for giving me an advise. I already done the first part. Checking the login attempt, right now how can I implement the 5 mins penalty? Any guide again? I updated my controller
– Angel
Oct 14 '17 at 9:06
1
Wow man, thank you very much! It's working now!
– Angel
Oct 15 '17 at 15:39
Last question, what if I want to display the time penalty in my message? I tried to follow the guide but it only display like this "Your account is 1 on penalty". How can I display the 5mins?(I changed it to 10secs to make it faster to debug)
– Angel
Oct 15 '17 at 15:50
You could instead of setting the penalty to true, set it to current time, then when validating if session var penalty is true, validate if != null, if it is different than null then get its value (time you capture when 3 failed login occurred) and then compare it with current time. that should give you the difference between times and you'll be able to get the remaining time for the penalty. Hope it helps
– Exequiel Aguirre
Oct 15 '17 at 18:50
add a comment |
7
I dont think you need to use the IP, what if you use a session variable?
for example, when opening the login page the sess var will be set to 0, and on each error you increase it by one.
also, before to validate the user and pass you check the sess var if it is less or equal to 3, if it is then you give the message that they need to wait, if not you process the login.
Now, if what you want is to implement a 5 min penalty before trying again, you can use tempdata in session var, if the temp data is set to true it is still in penalty time, if not, you can process the login.
you can refer to Here
public function login() {
if ($this->form_validation->run('login_validate') == FALSE) {
echo json_encode(validation_errors());
} else {
$email = $this->input->post('email');
$password = $this->input->post('password');
$where = array('email' => $email);
$get_user = $this->Crud_model->fetch_tag_row('*', 'users', $where);
if ($get_user) {
$check_password = $get_user->password;
if($this->session->tempdata('penalty')){
//Shows code that user is on a penalty
}else{
if (password_verify($password, $check_password)) {
if ($get_user->status == 'Active') {
$user_session = ['id' => $get_user->id, 'first_name' => $get_user->first_name, 'middle_name' => $get_user->middle_name, 'last_name' => $get_user->last_name, 'email' => $get_user->email,];
$this->session->set_userdata('logged_in', $user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] . ' ' . $session['middle_name'] . ' ' . $session['last_name'];
echo json_encode("success");
} elseif ($get_user->status == 'Inactive') {
echo json_encode("Your account is inactive.");
}
} else {
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if ($attempt == 3) {
echo json_encode("Your account is locked");
$this->db->set('attempts', 'attempts+120', FALSE);
$this->db->where($where);
$this->db->update('users'); // gives UPDATE mytable SET field = field+1 WHERE id = 2
$attempt = 0;
//code for setting tempdata when reached maximun tries
$this->session->set_tempdata('penalty', true, 300); //set the name of the sess var to 'penalty, the value will be true and will expire within 5 minutes (expressed in sec.)
} else {
echo json_encode("Invalid Credentials");
}
}
}
} else {
echo json_encode("No account found");
}
}
}
hope it works
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
HI sir, thank you for giving me an advise. I already done the first part. Checking the login attempt, right now how can I implement the 5 mins penalty? Any guide again? I updated my controller
– Angel
Oct 14 '17 at 9:06
1
Wow man, thank you very much! It's working now!
– Angel
Oct 15 '17 at 15:39
Last question, what if I want to display the time penalty in my message? I tried to follow the guide but it only display like this "Your account is 1 on penalty". How can I display the 5mins?(I changed it to 10secs to make it faster to debug)
– Angel
Oct 15 '17 at 15:50
You could instead of setting the penalty to true, set it to current time, then when validating if session var penalty is true, validate if != null, if it is different than null then get its value (time you capture when 3 failed login occurred) and then compare it with current time. that should give you the difference between times and you'll be able to get the remaining time for the penalty. Hope it helps
– Exequiel Aguirre
Oct 15 '17 at 18:50
add a comment |
7
7
7
I dont think you need to use the IP, what if you use a session variable?
for example, when opening the login page the sess var will be set to 0, and on each error you increase it by one.
also, before to validate the user and pass you check the sess var if it is less or equal to 3, if it is then you give the message that they need to wait, if not you process the login.
Now, if what you want is to implement a 5 min penalty before trying again, you can use tempdata in session var, if the temp data is set to true it is still in penalty time, if not, you can process the login.
you can refer to Here
public function login() {
if ($this->form_validation->run('login_validate') == FALSE) {
echo json_encode(validation_errors());
} else {
$email = $this->input->post('email');
$password = $this->input->post('password');
$where = array('email' => $email);
$get_user = $this->Crud_model->fetch_tag_row('*', 'users', $where);
if ($get_user) {
$check_password = $get_user->password;
if($this->session->tempdata('penalty')){
//Shows code that user is on a penalty
}else{
if (password_verify($password, $check_password)) {
if ($get_user->status == 'Active') {
$user_session = ['id' => $get_user->id, 'first_name' => $get_user->first_name, 'middle_name' => $get_user->middle_name, 'last_name' => $get_user->last_name, 'email' => $get_user->email,];
$this->session->set_userdata('logged_in', $user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] . ' ' . $session['middle_name'] . ' ' . $session['last_name'];
echo json_encode("success");
} elseif ($get_user->status == 'Inactive') {
echo json_encode("Your account is inactive.");
}
} else {
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if ($attempt == 3) {
echo json_encode("Your account is locked");
$this->db->set('attempts', 'attempts+120', FALSE);
$this->db->where($where);
$this->db->update('users'); // gives UPDATE mytable SET field = field+1 WHERE id = 2
$attempt = 0;
//code for setting tempdata when reached maximun tries
$this->session->set_tempdata('penalty', true, 300); //set the name of the sess var to 'penalty, the value will be true and will expire within 5 minutes (expressed in sec.)
} else {
echo json_encode("Invalid Credentials");
}
}
}
} else {
echo json_encode("No account found");
}
}
}
hope it works
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
I dont think you need to use the IP, what if you use a session variable?
for example, when opening the login page the sess var will be set to 0, and on each error you increase it by one.
also, before to validate the user and pass you check the sess var if it is less or equal to 3, if it is then you give the message that they need to wait, if not you process the login.
Now, if what you want is to implement a 5 min penalty before trying again, you can use tempdata in session var, if the temp data is set to true it is still in penalty time, if not, you can process the login.
you can refer to Here
public function login() {
if ($this->form_validation->run('login_validate') == FALSE) {
echo json_encode(validation_errors());
} else {
$email = $this->input->post('email');
$password = $this->input->post('password');
$where = array('email' => $email);
$get_user = $this->Crud_model->fetch_tag_row('*', 'users', $where);
if ($get_user) {
$check_password = $get_user->password;
if($this->session->tempdata('penalty')){
//Shows code that user is on a penalty
}else{
if (password_verify($password, $check_password)) {
if ($get_user->status == 'Active') {
$user_session = ['id' => $get_user->id, 'first_name' => $get_user->first_name, 'middle_name' => $get_user->middle_name, 'last_name' => $get_user->last_name, 'email' => $get_user->email,];
$this->session->set_userdata('logged_in', $user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] . ' ' . $session['middle_name'] . ' ' . $session['last_name'];
echo json_encode("success");
} elseif ($get_user->status == 'Inactive') {
echo json_encode("Your account is inactive.");
}
} else {
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if ($attempt == 3) {
echo json_encode("Your account is locked");
$this->db->set('attempts', 'attempts+120', FALSE);
$this->db->where($where);
$this->db->update('users'); // gives UPDATE mytable SET field = field+1 WHERE id = 2
$attempt = 0;
//code for setting tempdata when reached maximun tries
$this->session->set_tempdata('penalty', true, 300); //set the name of the sess var to 'penalty, the value will be true and will expire within 5 minutes (expressed in sec.)
} else {
echo json_encode("Invalid Credentials");
}
}
}
} else {
echo json_encode("No account found");
}
}
}
hope it works
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
edited Oct 14 '17 at 17:05
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
answered Oct 14 '17 at 3:29
Exequiel AguirreExequiel Aguirre
57327
57327
HI sir, thank you for giving me an advise. I already done the first part. Checking the login attempt, right now how can I implement the 5 mins penalty? Any guide again? I updated my controller
– Angel
Oct 14 '17 at 9:06
1
Wow man, thank you very much! It's working now!
– Angel
Oct 15 '17 at 15:39
Last question, what if I want to display the time penalty in my message? I tried to follow the guide but it only display like this "Your account is 1 on penalty". How can I display the 5mins?(I changed it to 10secs to make it faster to debug)
– Angel
Oct 15 '17 at 15:50
You could instead of setting the penalty to true, set it to current time, then when validating if session var penalty is true, validate if != null, if it is different than null then get its value (time you capture when 3 failed login occurred) and then compare it with current time. that should give you the difference between times and you'll be able to get the remaining time for the penalty. Hope it helps
– Exequiel Aguirre
Oct 15 '17 at 18:50
add a comment |
HI sir, thank you for giving me an advise. I already done the first part. Checking the login attempt, right now how can I implement the 5 mins penalty? Any guide again? I updated my controller
– Angel
Oct 14 '17 at 9:06
1
Wow man, thank you very much! It's working now!
– Angel
Oct 15 '17 at 15:39
Last question, what if I want to display the time penalty in my message? I tried to follow the guide but it only display like this "Your account is 1 on penalty". How can I display the 5mins?(I changed it to 10secs to make it faster to debug)
– Angel
Oct 15 '17 at 15:50
You could instead of setting the penalty to true, set it to current time, then when validating if session var penalty is true, validate if != null, if it is different than null then get its value (time you capture when 3 failed login occurred) and then compare it with current time. that should give you the difference between times and you'll be able to get the remaining time for the penalty. Hope it helps
– Exequiel Aguirre
Oct 15 '17 at 18:50
HI sir, thank you for giving me an advise. I already done the first part. Checking the login attempt, right now how can I implement the 5 mins penalty? Any guide again? I updated my controller
– Angel
Oct 14 '17 at 9:06
HI sir, thank you for giving me an advise. I already done the first part. Checking the login attempt, right now how can I implement the 5 mins penalty? Any guide again? I updated my controller
– Angel
Oct 14 '17 at 9:06
1
1
Wow man, thank you very much! It's working now!
– Angel
Oct 15 '17 at 15:39
Wow man, thank you very much! It's working now!
– Angel
Oct 15 '17 at 15:39
Last question, what if I want to display the time penalty in my message? I tried to follow the guide but it only display like this "Your account is 1 on penalty". How can I display the 5mins?(I changed it to 10secs to make it faster to debug)
– Angel
Oct 15 '17 at 15:50
Last question, what if I want to display the time penalty in my message? I tried to follow the guide but it only display like this "Your account is 1 on penalty". How can I display the 5mins?(I changed it to 10secs to make it faster to debug)
– Angel
Oct 15 '17 at 15:50
You could instead of setting the penalty to true, set it to current time, then when validating if session var penalty is true, validate if != null, if it is different than null then get its value (time you capture when 3 failed login occurred) and then compare it with current time. that should give you the difference between times and you'll be able to get the remaining time for the penalty. Hope it helps
– Exequiel Aguirre
Oct 15 '17 at 18:50
You could instead of setting the penalty to true, set it to current time, then when validating if session var penalty is true, validate if != null, if it is different than null then get its value (time you capture when 3 failed login occurred) and then compare it with current time. that should give you the difference between times and you'll be able to get the remaining time for the penalty. Hope it helps
– Exequiel Aguirre
Oct 15 '17 at 18:50
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f46739616%2flimit-login-attempts-in-3-times-using-codeigniter%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
