Hey,
I’ve been working on a secure login. Using sessions. It goes like this
Check if the user name and password match in the database and the wrong attempts are less than 3 (this is a column that holds how many wrong attempts made trying to log in)
If yes
Log them in using the sessions
Also add a row into the login table with login information
Forward them to the main page
If not,
Update the user wrong attempts + 1 from what it is in the table with the same user name. (this is only if a user with the same name someone tried to login with exists)
My question is how would i make it so that even if the user name doesn’t exist, I still don’t let the user / hacker login.
Should i have a different table with ip addresses. And then add their ip address to a lock for 24 hours on logging in?
Or should I just send a cookie to their computer not allowing them to log in for 24 hours?
Any advice would be great, Thanks.