How To Create A Login Attempt Validation Using PHP


login attempt validation in php

Getting Started

To beautify the presentation of this tutorial, I’ve used Bootstrap which is included in the downloadable of this tutorial, but if you want, you can download Bootstrap using this link.

Creating a Login Form

Next, we create a login form by creating a new file, name it as index.php and paste the codes below.

<?php
    session_start();
    //check if can login again
    if(isset($_SESSION['attempt_again'])){
        $now = time();
        if($now >= $_SESSION['attempt_again']){
            unset($_SESSION['attempt']);
            unset($_SESSION['attempt_again']);
        }
    }
 
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>How to Create a Login Attempt Validation using PHP</title>
    <link rel="stylesheet" type="text/css" href="https://www.campcodes.com/tutorials/php-tutorials/how-to-create-a-login-attempt-validation-using-php/bootstrap/css/bootstrap.min.css">
</head>
<body>
<div class="container">
    <h1 class="page-header text-center">Login Attempt Validation using PHP</h1>
    <div class="row">
        <div class="col-sm-4 col-sm-offset-4 panel panel-default" style="padding:20px;">
            <form method="POST" action="login.php">
                <p class="text-center" style="font-size:25px;"><b>Login</b></p>
                <hr>
                <div class="form-group">
                    <label for="username">Username:</label>
                    <input type="text" name="username" id="username" class="form-control" placeholder="nurhodelta">
                </div>
                <div class="form-group">
                    <label for="password">Password:</label>
                    <input type="password" name="password" id="password" class="form-control" placeholder="malynisheart">
                </div>
                <button type="submit" name="login" class="btn btn-primary"><span class="glyphicon glyphicon-log-in"></span> Login</button>
            </form>
            <?php
                if(isset($_SESSION['error'])){
                    ?>
                    <div class="alert alert-danger text-center" style="margin-top:20px;">
                        <?php echo $_SESSION['error']; ?>
                    </div>
                    <?php
 
                    unset($_SESSION['error']);
                }
 
                if(isset($_SESSION['success'])){
                    ?>
                    <div class="alert alert-success text-center" style="margin-top:20px;">
                        <?php echo $_SESSION['success']; ?>
                    </div>
                    <?php
 
                    unset($_SESSION['success']);
                }
            ?>
        </div>
    </div>
</div>
</body>
</html>

Creating our Login Script

Lastly, we create our script that checks the user credential and temporarily disables a user after three unsuccessful login attempt.

Please create a new file, name it as login.php and paste the codes below.

<?php
    session_start();
 
    if(isset($_POST['login'])){
        //connection
        $conn = new mysqli('localhost', 'root', '', 'dbase');
 
        //set login attempt if not set
        if(!isset($_SESSION['attempt'])){
            $_SESSION['attempt'] = 0;
        }
 
        //check if there are 3 attempts already
        if($_SESSION['attempt'] == 3){
            $_SESSION['error'] = 'Attempt limit reach';
        }
        else{
            //get the user with the email
            $sql = "SELECT * FROM users WHERE username="".$_POST["username']."'";
            $query = $conn->query($sql);
            if($query->num_rows > 0){
                $row = $query->fetch_assoc();
                //verify password
                if(password_verify($_POST['password'], $row['password'])){
                    //action after a successful login
                    //for now just message a successful login
                    $_SESSION['success'] = 'Login successful';
                    //unset our attempt
                    unset($_SESSION['attempt']);
                }
                else{
                    $_SESSION['error'] = 'Password incorrect';
                    //this is where we put our 3 attempt limit
                    $_SESSION['attempt'] += 1;
                    //set the time to allow login if third attempt is reach
                    if($_SESSION['attempt'] == 3){
                        $_SESSION['attempt_again'] = time() + (5*60);
                        //note 5*60 = 5mins, 60*60 = 1hr, to set to 2hrs change it to 2*60*60
                    }
                }
            }
            else{
                $_SESSION['error'] = 'No account with that username';
            }
 
        }
 
    }
    else{
        $_SESSION['error'] = 'Fill up login form first';
    }
 
    header('location: index.php');
 
?>

That ends this tutorial. Happy Coding!

Download Here



Sharing is caring!

Facebook Comments

Leave a Reply