New to coding and need some help

#1

I am trying to add a lock out for log after x times of login.

/* Check Username and Password existence in defined array */
if (isset($logins[$Username]) && $logins[$Username] == $Password){
    /* Success: Set session variables and redirect to Protected page  */
    $_SESSION['UserData']['Username']=$logins[$Username];
    header("location:index.php");
    
    if ($logins != [$Username]
} else {
    /*Unsuccessful attempt: Set error message */
    $msg="<span style='color:red'>Invalid Login Details</span>";
}

}

Any help would be truly appreciated.

#2

My personal opinion that feature is a pain in the neck for users and unless you are a bank or a financial all you are going to do is alienate people. Besides, I learn the hard way that unless you are a security expert that 99 percent of the hackers can easily bypass that feature.

#3

More info would be needed.

Lock out for…? How long? Time? Forever?

What are you using as the ‘tracker’ for these users/attempts? an IP address? (can be spoofed)
Sessions? (date be deleted/exploited)

You need to think this through in all scenarios.

Sponsor our Newsletter | Privacy Policy | Terms of Service