-2
if(isset($_POST['submit'])){
    $username = escape_string($_POST['username']);
    $password = escape_string($_POST['password']);

    $query = query("SELECT 'username', 'upassword' FROM userregistration WHERE username = '{$username}' AND upassword = '{$password }' ");
    confirm($query);

    if(mysqli_num_rows($query) == 0) {

        set_message("Your Password or Username are wrong");
        redirect("login1.php");
    } else {

        $_SESSION['username'] = $username;
        redirect("index.php");
    }
}

This is my Log In Condition in my Log In form. This is working. but im confused how to add some conditions that redirects the user to other form after attempting to login 3 times.

Janjan
  • 7
  • 3
  • Please take some time before posting your question. 1. Format your code 2. Describe your issue 3. Post a title related to your issue – user3783243 Sep 12 '18 at 04:09
  • After formatting it is not clear what your issue is but you appear to be using some framework or have written your own? Your password storage is insecure. – user3783243 Sep 12 '18 at 04:10
  • Please put a [Minimal, Complete, and Verifiable](https://stackoverflow.com/help/mcve) example in the question itself. – Rajesh Pandya Sep 12 '18 at 04:11
  • 1
    You forgot the whole part about actually asking a question. All you've done is put a block of code. A block of code is not a question. What is happening with your code? What is the desired behavior? What worked? What didn't? Why? What error messages have you received? Did you check the error logs? – Mike Sep 12 '18 at 04:17
  • Also `'username', 'upassword'` will be selecting strings, not columns, and I don't know why you need to select the password. – user3783243 Sep 12 '18 at 04:22
  • Im sorry. my code is working. but i need to add some conditions. If the user is attempting to log in but have incorrect pass or username. the user have 3 attempts only and redirect to another form. im just confuse how to add it. im sorry :( beginner only – Janjan Sep 12 '18 at 04:26
  • 1
    You also should not be storing your passwords in plain text. Instead, you need to [hash them](http://php.net/password_hash). – Mike Sep 12 '18 at 04:27
  • You should edit the question to add that. https://stackoverflow.com/posts/52287348/edit Either store the login attempts in the DB or in a session variable. – user3783243 Sep 12 '18 at 04:27
  • I recommend reading the top answer here: https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication specifically points VI and VII. – Mike Sep 12 '18 at 04:36
  • Please take one field in database and store your attempt after post. Then compare your attempt in your conditional block. – Vivek Sangani Sep 12 '18 at 04:37
  • _"but i need to add some conditions."_ - Then you should do some research and make some attempts of solving the issue yourself. If you then get stuck on something specific, come back and show us what you tried and where you're stuck. – Magnus Eriksson Sep 12 '18 at 04:38

1 Answers1

0
you need to create new session veriable for check attempt when veriable equal to 3 attempt it will redirect you

<?php

if(isset($_POST['submit'])){
    $username = escape_string($_POST['username']);
    $password = escape_string($_POST['password']);

    $query = query("SELECT 'username', 'upassword' FROM userregistration WHERE username = '{$username}' AND upassword = '{$password }' ");
    confirm($query);

    if(mysqli_num_rows($query) == 0) {

        set_message("Your Password or Username are wrong");
        // simple create session here..
            if(isset($_SESSION['forget'])){
                  $_SESSION['forget']++;
                  if($_SESSION['forget'] == 3){
                    //redirect( forget page);
                  }

                }else{

                     $_SESSION['forget'] = 0;
                }


        redirect("login1.php");
    } else {

        $_SESSION['username'] = $username;
        redirect("index.php");
    }
}
?>
kami s
  • 11
  • 4