echo "You are already logged in. "; echo "<script>console.log('i'm here in logged in ');</script>"; echo "<meta http-equiv=\"refresh\" content=\"5;url=index.php\"/>"; //header('Refresh: 10; URL=http://yoursite.com/page.php'); } if (isset($_POST["submit"])) { // Attempt login $username = $_POST["username"]; $password = $_POST["password"]; $safe_username = mysql_prep($username); // if more then 10 failed attempts in the last 15 minutes, this will happen check_throttle_all(); if (get_failed_login_attempts_by_username($safe_username) > 3) { $time_left = username_throttle_time_left($safe_username, 10 * 60); if ($time_left > 0) { $wait_time = format_time_since_in_words($time_left); set_error_output("You have used too many login attempts. Please wait {$wait_time} and try again. "); } } $found_user = attempt_user_login($username, $password); // Test if there was a query error if ($found_user) { // Success // Mark user as logged in. $_SESSION["user_id"] = $found_user["id"]; $_SESSION["username"] = $found_user["username"]; update_last_login_date($found_user["id"]); redirect_to("index.php"); } else { // Failure $safe_username = mysql_prep($username);
function check_throttle_all() { $throttle = array(10 => 1, 20 => 2, 30 => 15); foreach ($throttle as $attempts => $delay) { if (get_total_failed_login_attempts() > $attempts) { $time_left = throttle_time_left($delay); if ($time_left > 0) { $wait_time = format_time_since_in_words($time_left); set_error_output("'Our servers are being overloaded. Please wait {$wait_time} and try again. "); } } } }