PHP

How Do I Limit The Number Of Login Attempts In PHP?

Implement Limit login with Mysql Database using Core PHP

Hi, In this article i am going to show how to implement limit login system using PHP.

Create the Database

Open your PHPMyAdmin and create a new databse naming dbase. Then navigate to database SQL Tab and paste the SQL script below

Create a table

CREATE TABLE `loginlogs` (
`id` int(11) NOT NULL,
`IpAddress` varbinary(16) NOT NULL,
`TryTime` bigint(20) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE `tbl_user` (
`id` int(11) NOT NULL,
`username` varchar(50) NOT NULL,
`email` varchar(50) NOT NULL,
`salt` varchar(50) NOT NULL,
`password` varchar(200) NOT NULL,
`created_at` timestamp NOT NULL DEFAULT current_timestamp()
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Here I am using salt for more secure your password. you can avoid it or simple using MD5 . Here I am only try to explain how to implement login attempts restriction.

Login Page

<?php
session_start();
if (isset($_SESSION[’email’])){
 ?>
 <script>window.location.href=”/admin”</script>
 <?
}else{
 ?>
<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>
<!– Latest compiled and minified CSS –>
<link rel=”stylesheet” href=”https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css”>
<!– jQuery library –>
<script src=”https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js”></script>
<!– Latest compiled JavaScript –>
<script src=”https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js”></script>
<!—— Include the above in your HEAD tag ———->
<script type=”text/javascript” src=”script/validation.min.js”></script>
<script type=”text/javascript” src=”script/login.js”></script>
<style>
 /* BASIC */
body {
 font-family: “Poppins”, sans-serif;
 height: 100vh;
}
a {
 color: #92badd;
 display:inline-block;
 text-decoration: none;
 font-weight: 400;
}
h2 {
 text-align: center;
 font-size: 16px;
 font-weight: 600;
 text-transform: uppercase;
 display:inline-block;
 margin: 40px 8px 10px 8px;
 color: #cccccc;
}
/* STRUCTURE */
.wrapper {
 display: flex;
 align-items: center;
 flex-direction: column;
 justify-content: center;
 width: 100%;
 min-height: 100%;
 padding: 20px;
}
#formContent {
 -webkit-border-radius: 10px 10px 10px 10px;
 border-radius: 10px 10px 10px 10px;
 background: #fff;
 padding: 30px;
 width: 90%;
 max-width: 450px;
 position: relative;
 padding: 0px;
 -webkit-box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3);
 box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3);
 text-align: center;
}
#formFooter {
 background-color: #f6f6f6;
 border-top: 1px solid #dce8f1;
 padding: 25px;
 text-align: center;
 -webkit-border-radius: 0 0 10px 10px;
 border-radius: 0 0 10px 10px;
}
/* TABS */
h2.inactive {
 color: #cccccc;
}
h2.active {
 color: #0d0d0d;
 border-bottom: 2px solid #5fbae9;
}
/* FORM TYPOGRAPHY*/
input[type=button], input[type=submit], input[type=reset]  {
 background-color: #56baed;
 border: none;
 color: white;
 padding: 15px 80px;
 text-align: center;
 text-decoration: none;
 display: inline-block;
 text-transform: uppercase;
 font-size: 13px;
 -webkit-box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4);
 box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4);
 -webkit-border-radius: 5px 5px 5px 5px;
 border-radius: 5px 5px 5px 5px;
 margin: 5px 20px 40px 20px;
 -webkit-transition: all 0.3s ease-in-out;
 -moz-transition: all 0.3s ease-in-out;
 -ms-transition: all 0.3s ease-in-out;
 -o-transition: all 0.3s ease-in-out;
 transition: all 0.3s ease-in-out;
}
input[type=button]:hover, input[type=submit]:hover, input[type=reset]:hover  {
 background-color: #39ace7;
}
input[type=button]:active, input[type=submit]:active, input[type=reset]:active  {
 -moz-transform: scale(0.95);
 -webkit-transform: scale(0.95);
 -o-transform: scale(0.95);
 -ms-transform: scale(0.95);
 transform: scale(0.95);
}
input[type=text],[type=password] {
 background-color: #f6f6f6;
 border: none;
 color: #0d0d0d;
 padding: 15px 32px;
 text-align: center;
 text-decoration: none;
 display: inline-block;
 font-size: 16px;
 margin: 5px;
 width: 85%;
 border: 2px solid #f6f6f6;
 -webkit-transition: all 0.5s ease-in-out;
 -moz-transition: all 0.5s ease-in-out;
 -ms-transition: all 0.5s ease-in-out;
 -o-transition: all 0.5s ease-in-out;
 transition: all 0.5s ease-in-out;
 -webkit-border-radius: 5px 5px 5px 5px;
 border-radius: 5px 5px 5px 5px;
}
input[type=text],[type=password]:focus {
 background-color: #fff;
 border-bottom: 2px solid #5fbae9;
}
input[type=text],[type=password]:placeholder {
 color: #cccccc;
}
/* ANIMATIONS */
/* Simple CSS3 Fade-in-down Animation */
.fadeInDown {
 -webkit-animation-name: fadeInDown;
 animation-name: fadeInDown;
 -webkit-animation-duration: 1s;
 animation-duration: 1s;
 -webkit-animation-fill-mode: both;
 animation-fill-mode: both;
}
@-webkit-keyframes fadeInDown {
 0% {
   opacity: 0;
   -webkit-transform: translate3d(0, -100%, 0);
   transform: translate3d(0, -100%, 0);
 }
 100% {
   opacity: 1;
   -webkit-transform: none;
   transform: none;
 }
}
@keyframes fadeInDown {
 0% {
   opacity: 0;
   -webkit-transform: translate3d(0, -100%, 0);
   transform: translate3d(0, -100%, 0);
 }
 100% {
   opacity: 1;
   -webkit-transform: none;
   transform: none;
 }
}
/* Simple CSS3 Fade-in Animation */
@-webkit-keyframes fadeIn { from { opacity:0; } to { opacity:1; } }
@-moz-keyframes fadeIn { from { opacity:0; } to { opacity:1; } }
@keyframes fadeIn { from { opacity:0; } to { opacity:1; } }
.fadeIn {
 opacity:0;
 -webkit-animation:fadeIn ease-in 1;
 -moz-animation:fadeIn ease-in 1;
 animation:fadeIn ease-in 1;
 -webkit-animation-fill-mode:forwards;
 -moz-animation-fill-mode:forwards;
 animation-fill-mode:forwards;
 -webkit-animation-duration:1s;
 -moz-animation-duration:1s;
 animation-duration:1s;
}
.fadeIn.first {
 -webkit-animation-delay: 0.4s;
 -moz-animation-delay: 0.4s;
 animation-delay: 0.4s;
}
.fadeIn.second {
 -webkit-animation-delay: 0.6s;
 -moz-animation-delay: 0.6s;
 animation-delay: 0.6s;
}
.fadeIn.third {
 -webkit-animation-delay: 0.8s;
 -moz-animation-delay: 0.8s;
 animation-delay: 0.8s;
}
.fadeIn.fourth {
 -webkit-animation-delay: 1s;
 -moz-animation-delay: 1s;
 animation-delay: 1s;
}
/* Simple CSS3 Fade-in Animation */
.underlineHover:after {
 display: block;
 left: 0;
 bottom: -10px;
 width: 0;
 height: 2px;
 background-color: #56baed;
 content: “”;
 transition: width 0.2s;
}
.underlineHover:hover {
 color: #0d0d0d;
}
.underlineHover:hover:after{
 width: 100%;
}
/* OTHERS */
*:focus {
   outline: none;
}
#icon {
 width:60%;
}
</style>
<div class=”wrapper fadeInDown”>
 <div id=”formContent”>
   <!– Tabs Titles –>
   <!– Icon –>
   <div class=”fadeIn first”>
     <img src=”/admin/logo.png” id=”icon” alt=”User Icon” />
   </div>
 <div id=”error”></div>
   <!– Login Form –>
   <form class=”form-login” method=”post” id=”login-form”>
     <input type=”text” id=”user_email” class=”fadeIn second” name=”user_email” placeholder=”Email”>
   <span id=”check-e”></span>
     <input type=”password” id=”password” class=”fadeIn third” name=”password” placeholder=”Password”>
       <button type=”submit” class=”btn btn-success” name=”login_button” id=”login_button”>
       <span class=”glyphicon glyphicon-log-in”></span>   Sign In
       </button>
       <div id=”result”><?php echo $msg?></div>
   </form>
   <!– Remind Passowrd –>
   <div id=”formFooter”>
     <a class=”underlineHover” href=”#”>Forgot Password?</a>
   </div>
 </div>
</div>
 <?
}
?>

First we have to start session

session_start();

Then we will check session variable exit or not

if not set session it will redirect to Login Page

Download script for validation

<script type=”text/javascript” src=”script/validation.min.js”></script>

<script type=”text/javascript” src=”script/login.js”></script>

Login.js

$(‘document’).ready(function() {

    /* handling form validation */

    $(“#login-form”).validate({

        rules: {

            password: {

                required: true,

            },

            user_email: {

                required: true,

                email: true

            },

        },

        messages: {

            password:{

              required: “please enter your password”

             },

            user_email: “please enter your email address”,

        },

        submitHandler: submitForm

    });

    /* Handling login functionality */

    function submitForm() {

        var data = $(“#login-form”).serialize();

        $.ajax({

            type : ‘POST’,

            url  : ‘login.php’,

            data : data,

            beforeSend: function(){

                $(“#error”).fadeOut();

                $(“#login_button”).html(‘<span class=”glyphicon glyphicon-transfer”></span> &nbsp; sending …’);

            },

            success : function(response){

                if(response==”ok”){

                    $(“#login_button”).html(‘<img src=”ajax-loader.gif” /> &nbsp; Signing In …’);

                    setTimeout(‘ window.location.href = “/admin”; ‘,4000);

                } else {

                    $(“#error”).fadeIn(1000, function(){

                        $(“#error”).html(‘<div class=”alert alert-danger”> <span class=”glyphicon glyphicon-info-sign”></span> &nbsp; ‘+response+’ !</div>’);

                        $(“#login_button”).html(‘<span class=”glyphicon glyphicon-log-in”></span> &nbsp; Sign In’);

                    });

                }

            }

        });

        return false;

    }

});

Create a page in a root directory login.php

<?php
session_start();
require(‘../admin/Connection/DBClass.php’);
$db = new DBClass();
//  $msg=”;
if(isset($_POST[‘login_button’])) {
   $time=time()-60;
   $ip_address=getIpAddr();
   // Getting total count of hits on the basis of IP
   $ipcount= $db->query(“select count(*) as total_count from loginlogs where TryTime > $time and IpAddress=’$ip_address'”);
   $check_login_row=mysqli_fetch_assoc($ipcount);
   $total_count=$check_login_row[‘total_count’];
   if($total_count==3){
       //  $msg=”To many failed login attempts. Please login after 30 sec”;
       echo “To many failed login attempts. Please login after 60 sec <br/>”;
       }else{
   $user_email = trim($_POST[‘user_email’]);
   $resultset = $db->query(“SELECT * FROM `tbl_user` WHERE `email`=’$user_email'”);
   if($resultset->num_rows >0){
   $data = $resultset->fetch_assoc();
   $salt = $data[‘salt’];
   $password = $_POST[“password”];
   $dbpassword = $data[“password”];
   if(sha1($salt.$password)== $dbpassword){
       echo “ok”;
       $_SESSION[‘userid’] = $data[‘id’];
       $_SESSION[’email’] = $data[’email’];
       // print_r($_SESSION);
       $db->query(“delete from loginlogs where IpAddress=’$ip_address'”);
   }else{
       $total_count++;
       $rem_attm=3-$total_count;
       if($rem_attm==0){
           // $msg=”To many failed login attempts. Please login after 300 sec”;
           echo “To many failed login attempts. Please login after 60 sec”;
       }else{
           // $msg=”Please enter valid login details.<br/>$rem_attm attempts remaining”;
           echo “Please enter valid login details.<br/>$rem_attm attempts remaining”;
       }
       $try_time=time();
       $db->query(“INSERT INTO `loginlogs`(`IpAddress`, `TryTime`) VALUES (‘$ip_address’,’$try_time’)”);
       // echo ‘Wrong Password’;
   }
   }
}
}
// Getting IP Address
function getIpAddr(){
   if (!empty($_SERVER[‘HTTP_CLIENT_IP’])){
   $ipAddr=$_SERVER[‘HTTP_CLIENT_IP’];
   }elseif (!empty($_SERVER[‘HTTP_X_FORWARDED_FOR’])){
   $ipAddr=$_SERVER[‘HTTP_X_FORWARDED_FOR’];
   }else{
   $ipAddr=$_SERVER[‘REMOTE_ADDR’];
   }
   return $ipAddr;
   }
?>

Database Connectivity

require(‘../admin/Connection/DBClass.php’);

DBClass.php

<?php

require_once( ‘DBSettings.php’ );

class DBClass extends DatabaseSettings{

    var $classQuery;

    var $link;

    var $errno = ”;

    var $error = ”;

    function __construct(){

        $settings = DatabaseSettings::getSettings();

        $host = $settings[‘dbhost’];

        $name = $settings[‘dbname’];

        $user = $settings[‘dbusername’];

        $pass = $settings[‘dbpassword’];

        $this->link = new mysqli( $host , $user , $pass , $name );

    }

    function query( $query ) {

        $this->classQuery = $query;

        return $this->link->query( $query );

    }

    function lastInsertedID(){

        if($this->link->insert_id)

            return $this->link->insert_id;

        else

            $this->link->errno;

    }

}

?>

 

 

 

Leave a Comment
No Comments found

All Categories