PHP Generator for MySQL online Help
Prev | Return to chapter overview | Next |
OnAfterFailedLoginAttempt
This event occurs after a failed login attempt. It allows you to trace failed login attempts. The event is usually used in conjunction with OnAfterLogin event. For example, you can limit the number of failed login attempts per user and to lock user account after a number of failed login attempts.
Signature:
function OnAfterFailedLoginAttempt ($userName, $connection, $&errorMessage)
Parameters:
$userName |
The name of the user. |
$connection |
An instance of the EngConnection class. |
$errorMessage |
A message to be displayed when valid credentials are provided, but $canLogin == false. |
Example:
The following code locks user accounts after three failed login attempts.
// Check if user exists
$sql = "SELECT count(*) FROM phpgen_users WHERE user_name='$userName'";
$userExists = $connection->ExecScalarSQL($sql);
if ($userExists == 0) {
exit;
}
// Retrieve a number of previous failed login attempts
$sql = "SELECT failed_login_attempts FROM phpgen_users WHERE user_name='$userName'";
$failedLoginAttempts = $connection->ExecScalarSQL($sql);
// Add a current failed login attempt
$failedLoginAttempts++;
// Display message based on a number of failed login attempts
if ($failedLoginAttempts == 2) {
$errorMessage = 'You have one attempt left before your account will be locked.';
} elseif ($failedLoginAttempts == 3) {
$errorMessage = 'Too many failed login attempts. Your account has been locked.';
} elseif ($failedLoginAttempts > 3) {
$errorMessage =
"Dear $userName, your account is locked due to too many failed login attempts. " .
'Please contact our support team.';
}
// Update a number of failed login attempts in users table
if ($failedLoginAttempts <= 3) {
$sql =
"UPDATE phpgen_users " .
"SET failed_login_attempts = $failedLoginAttempts " .
"WHERE user_name='$userName'";
$connection->ExecSQL($sql);
}
Prev | Return to chapter overview | Next |