Very good point! Eventually they could keep trying until they found a username that is found. Very very nice find.
Yeah, this will eventually be open to the public and I will comment, but I just haven’t gotten around to it yet since it’s only been myself working on it. I will definitely make sure I do thorough comments in the future. As you can tell throughout this thread, I’ve been changing my code as per suggestions so for right now, I feel like I need to hold off on commenting until I have the solid foundation that won’t change all that much.
The ultimate goal is to give the hacker less time chopping away at my users table. Between 2s / 5 attempts max per IP, that will significantly slow down hackers since otherwise their attempt isn’t even considered when logging in.
I do like the idea of “per username” and am making note of it. You’ve been of great help. Thank you.
Edit-“Sorry, an error just occured” when I posted @cpradio