if more than 3 wrong submit, show captcha

StackOverflow https://stackoverflow.com/questions/21795193

  •  12-10-2022
  •  | 
  •  

Question

In my sites's login page, users must enter username, password and captcha code correctly if they want to enter user's area. But no one, firstly I, do not like the captcha. And the other hand, you know, web security and spam fact.

So in the first, second and the third time I do not want to show captcha but over 3 wrong submits I want to show it. But I don't have any idea about how to implement this! I tried 

$_SESSION['wrong_submit'] = 1; 
$_SESSION['wrong_submit']++;

Of course not. Please could you help me, how can I do this?

Was it helpful?

Solution

Create a column in your users table named login_attempts. The column increments on each failed login attempt, and resets on successful login.

The basic structure could be as follows:

+-----------+------+------+
|  user_id  |  ip  | date |
+-----------+------+------+

To check the number of login attempts, you can use query like below:

SELECT count(ip) AS failed_attempts
FROM login_attempts
WHERE ip = $ip
  AND date < (NOW - INTERVAL 24 HOUR)

Now, in your PHP code, you can check if the value is greater than or equal to 3, and display the captcha if so:

if ($data['failed_attempts'] >= 3) {
    // display captcha...
}

OTHER TIPS

The whole point of captcha is to prevent robots accessing your site (password cracking etc.).

Sessions use cookies. So to thwart your system all the robot has to do is not send the cookie thereby your server thinking it is the first login attempt and therefore not requiring a captcha. This will enable the robot to try as many times as it likes.

So the answer is yes via sessions but you undermine the whole idea of captcha.

You may try this way....

<?php 
    $_SESSION['wrong_pword_count']=0;

    if($stored_password != $provided_password){
        if($_SESSION['wrong_pword_count']<3){
            $_SESSION['wrong_pword_count'] = $_SESSION['wrong_pword_count']+1;
        }
    } else {
        $_SESSION['wrong_pword_count']=0;

    }

    if($_SESSION['wrong_pword_count']>=3){
        echo "Show captcha here";
    }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top