Login Throttling Help

Unfortunatly, it still causes my issue: see the gif (https://gyazo.com/6d7d4bf2bc4526386aab861c27b6fb9d
The last_attempt updates but not the counter.

Also i just changed it to >== but shouldn’t it just be >=? and removed $lockout.

Also:

Login Begins - yes
Check if User is Locked Out: - yes (that is the $remaining if statement) 
  If the user has no entry in the login_attempts table, create one.- yes (model code does that...see below)
  Retrieve the data from the login_attempts table for this user. - yes
  If the user has a counter equal to 0 or is nonexistant (Shouldnt happen): Return 0 - yes..oh should i remove?
  Determine number of seconds for lockout - yes
  Determine timer status: - yes
  If Timer Has Expired - yes
     Set Counter to 0 - yes
     Return 0 - yes which then allows the login
  Else:
     Return minutes remaining on timer yes and prevent login :slight_smile: u got it 
    public function recordFailedLogin($username)
    {
        $attemptExists = $this->getLoginAttempts($username);
        if(!$attemptExists) {
            $this->addLoginAttempt($username);
        } else {
            $this->updateLoginAttemptCounter($username);

        }
    }

Well yes…

Your code right now is saying “He has a counter of 1. He’s locked out for 8 minutes. Has it been 8 minutes? No? Go away.”

IE: It’s doing its job. It doesnt count login attempts while you’re locked out.

Try changing your array to be 2 => 8 instead of 1=>8.

1 Like

Yes that is what is supposed to happen and oops ye just changed that but it still freezes at 1 yet the timer continues to update. But thankyou. You have helped me make so much progress :slight_smile:

Oh wait. ok so i just did a database edit in php and manually changed counter to ‘2’ and then it starts counting. How do i resolve that? Thanks

Did you change the $throttle array as well? Just so i’m diagnosing the correct setup.

1 Like
    $throttle = [
        2 => 8, //8 minute delay after 2 bad attempts
        3 => 10,
        9 => 'captcha', //captcha or ban account or send suspicous email etc.
    ];

and then with counter value it stays 1 until i manually go to phpmyadmin and change it to 2 where it then continues as it should.

Also are you saying i should remove this? if(!isset($attemptExists)) { return 0; }

Thanks

Also if this helps: Here is the model (database code)


    public function updateLoginAttemptCounter($username)
    {
        $date = date("Y-m-d H:i:s");
        $bind = [
            #':ip' => $ip,
            ':username' => $username,
            ':attempt' => $date
        ];
        return $this->db->run('UPDATE compat_users_attempts SET counter = counter + 1, last_attempt = :attempt WHERE username = :username', $bind);
    }

    public function recordFailedLogin($username)
    {
        $attemptExists = $this->getLoginAttempts($username);
        if(!$attemptExists) {
            $this->addLoginAttempt($username);
        } else {
            $this->updateLoginAttemptCounter($username);
        }
    }

    public function getLoginAttempts($username) // Get user login attempts
    {
        $bind = [
            ':username' => $username,
            #':ip' => $ip,
        ];
        return $this->db->selectOne('compat_users_attempts','username = :username', $bind);
    }

    public function resetLoginAttempts($username)
    {
        $bind = [
            ':username' => $username,
            #':ip' => $ip
        ];
        return $this->db->run('UPDATE compat_users_attempts SET counter = 0 WHERE username = :username', $bind);
    }

    public function addLoginAttempt($username)
    {
        $date = date("Y-m-d H:i:s");
        $insert = [
            'username' => $username,
            'counter' => 1,
            'last_attempt' => $date
        ];
        return $this->db->insert('compat_users_attempts', $insert);
    }

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.