Getting Started
To beautify the presentation of this tutorial, I’ve used Bootstrap which is included in the downloadable of this tutorial, but if you want, you can download Bootstrap using this link.
Creating a Login Form
Next, we create a login form by creating a new file, name it as index.php and paste the codes below.
<?php session_start(); //check if can login again if(isset($_SESSION['attempt_again'])){ $now = time(); if($now >= $_SESSION['attempt_again']){ unset($_SESSION['attempt']); unset($_SESSION['attempt_again']); } } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>How to Create a Login Attempt Validation using PHP</title> <link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css"> </head> <body> <div class="container"> <h1 class="page-header text-center">Login Attempt Validation using PHP</h1> <div class="row"> <div class="col-sm-4 col-sm-offset-4 panel panel-default" style="padding:20px;"> <form method="POST" action="login.php"> <p class="text-center" style="font-size:25px;"><b>Login</b></p> <hr> <div class="form-group"> <label for="username">Username:</label> <input type="text" name="username" id="username" class="form-control" placeholder="nurhodelta"> </div> <div class="form-group"> <label for="password">Password:</label> <input type="password" name="password" id="password" class="form-control" placeholder="malynisheart"> </div> <button type="submit" name="login" class="btn btn-primary"><span class="glyphicon glyphicon-log-in"></span> Login</button> </form> <?php if(isset($_SESSION['error'])){ ?> <div class="alert alert-danger text-center" style="margin-top:20px;"> <?php echo $_SESSION['error']; ?> </div> <?php unset($_SESSION['error']); } if(isset($_SESSION['success'])){ ?> <div class="alert alert-success text-center" style="margin-top:20px;"> <?php echo $_SESSION['success']; ?> </div> <?php unset($_SESSION['success']); } ?> </div> </div> </div> </body> </html>
Creating our Login Script
Lastly, we create our script that checks the user credential and temporarily disables a user after three unsuccessful login attempt.
Please create a new file, name it as login.php and paste the codes below.
<?php session_start(); if(isset($_POST['login'])){ //connection $conn = new mysqli('localhost', 'root', '', 'dbase'); //set login attempt if not set if(!isset($_SESSION['attempt'])){ $_SESSION['attempt'] = 0; } //check if there are 3 attempts already if($_SESSION['attempt'] == 3){ $_SESSION['error'] = 'Attempt limit reach'; } else{ //get the user with the email $sql = "SELECT * FROM users WHERE username = '".$_POST['username']."'"; $query = $conn->query($sql); if($query->num_rows > 0){ $row = $query->fetch_assoc(); //verify password if(password_verify($_POST['password'], $row['password'])){ //action after a successful login //for now just message a successful login $_SESSION['success'] = 'Login successful'; //unset our attempt unset($_SESSION['attempt']); } else{ $_SESSION['error'] = 'Password incorrect'; //this is where we put our 3 attempt limit $_SESSION['attempt'] += 1; //set the time to allow login if third attempt is reach if($_SESSION['attempt'] == 3){ $_SESSION['attempt_again'] = time() + (5*60); //note 5*60 = 5mins, 60*60 = 1hr, to set to 2hrs change it to 2*60*60 } } } else{ $_SESSION['error'] = 'No account with that username'; } } } else{ $_SESSION['error'] = 'Fill up login form first'; } header('location: index.php'); ?>
That ends this tutorial. Happy Coding!
Download Here