Choose your database:
AnySQL
MySQL
MS SQL Server
PostgreSQL
SQLite
Firebird
Oracle
SQL Anywhere
DB2
MaxDB

Subscribe to our news:
Partners

MS SQL PHP Generator online Help

Prev Return to chapter overview Next

OnAfterFailedLoginAttempt

This event occurs after a failed login attempt. It allows you to trace failed login attempts. The event is usually used in conjunction with OnAfterLogin event. For example, you can limit the number of failed login attempts per user and to lock user account after a number of failed login attempts.

 

Signature:

function OnAfterFailedLoginAttempt ($userName, $connection, $&errorMessage)

 

Parameters:

$userName

The name of the user.

$connection

An instance of the EngConnection class.

$errorMessage

A message to be displayed when valid credentials are provided, but $canLogin == false.

 

Example:

The following code locks user accounts after three failed login attempts.

 

// Check if user exists

$sql = "SELECT count(*) FROM phpgen_users WHERE user_name='$userName'"; 

$userExists = $connection->ExecScalarSQL($sql);

if ($userExists == 0) {

  exit;

}

 

// Retrieve a number of previous failed login attempts

$sql = "SELECT failed_login_attempts FROM phpgen_users WHERE user_name='$userName'"; 

$failedLoginAttempts = $connection->ExecScalarSQL($sql);

 

// Add a current failed login attempt  

$failedLoginAttempts++;

 

// Display message based on a number of failed login attempts   

if ($failedLoginAttempts == 2) {

  $errorMessage = 'You have one attempt left before your account will be locked.';

} elseif ($failedLoginAttempts == 3) {

  $errorMessage = 'Too many failed login attempts. Your account has been locked.';

} elseif ($failedLoginAttempts > 3) {

  $errorMessage = 

    "Dear $userName, your account is locked due to too many failed login attempts. " .

    'Please contact our support team.';

}

 

// Update a number of failed login attempts in users table

if ($failedLoginAttempts <= 3) { 

  $sql = 

    "UPDATE phpgen_users " .

    "SET failed_login_attempts = $failedLoginAttempts " .

    "WHERE user_name='$userName'";

  $connection->ExecSQL($sql);

}

 

 



Prev Return to chapter overview Next