Show PHP Captcha on Failed Login Attempts

In this tutorial we are going to show captcha code if an user tried more than 3 failed login attempts. In previous tutorial we have seen user login and php captcha. So, we are going to combine these two tutorial to add captcha control for invalid login.

In this example, we have an MySQL table to add failed login entries. We are calculating number of failed attempts based on the client IP Address. If this count exceeds 3, then the captcha code will be displayed to the user.

Download

show_captcha_on_invalid_login

HTML Code for Login with Captcha

This code contains login form with captcha code. The captcha code will be displayed when the user tried more than 3 invalid attempts.

<form name="frmUser" method="post" action="">
	<div class="message"><?php if($message!="") { echo $message; } ?></div>
		<table border="0" cellpadding="10" cellspacing="1" width="500" align="center">
		<tr class="tableheader">
		<td align="center" colspan="2">Enter Login Details</td>
		</tr>
		<tr class="tablerow">
		<td align="right">Username</td>
		<td><input type="text" name="user_name"></td>
		</tr>
		<tr class="tablerow">
		<td align="right">Password</td>
		<td><input type="password" name="password"></td>
		</tr>
		<?php if (isset($failed_login_attempt) && $failed_login_attempt >= 3) { ?>
		<tr class="tablerow">
		<td align="right"></td>
		<td><input name="captcha_code" type="text"><br><br><img src="captcha_code.php" /></td>
		</tr>
		<?php } ?>
		<tr class="tableheader">
		<td align="center" colspan="2"><input type="submit" name="submit" value="Submit"></td>
		</tr>
	</table>
</form>

PHP Code for Calculating Failed Login Count

This code is used to calculate the number of invalid login attempts based on the IP address.

$mysqli = new mysqli('localhost','root','','blog_examples');	
$ip = $_SERVER['REMOTE_ADDR'];
$result = $mysqli->query("SELECT count(ip_address) AS failed_login_attempt FROM failed_login WHERE ip_address = '$ip'  AND date BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");
$row  = $result->fetch_assoc();
$failed_login_attempt = $row['failed_login_attempt'];
$result->free();

Insert Invalid Login Entries

This code validates user credentials and if the credentials are invalid then an entry with ip_address and date will be added to the database.

session_start();
$message="";
$captcha = true;
if(count($_POST)>0 && isset($_POST["captcha_code"]) && $_POST["captcha_code"]!=$_SESSION["captcha_code"]) {
$captcha = false;
$message = "Enter Correct Captcha Code";
}

if(count($_POST)>0 && $captcha == true) {
	$result = $mysqli->query("SELECT * FROM users WHERE user_name='" . $_POST["user_name"] . "' and password = '". $_POST["password"]."'");
	$row  = $result->fetch_assoc();
	$result->free();
	if(is_array($row)) {
		$_SESSION["user_id"] = $row["id"];
		$_SESSION["user_name"] = $row["user_name"];
		$mysqli->query("DELETE FROM failed_login WHERE ip_address = '$ip'");
	} else {
		$message = "Invalid Username or Password!";
		if ($failed_login_attempt < 3) {
			$mysqli->query("INSERT INTO failed_login (ip_address,date) VALUES ('$ip', NOW())");
		} else {
			$message = "You have tried more than 3 invalid attempts. Enter captcha code.";
		}
	}
}

Download

This PHP code tutorial was published on February 2, 2015.

↑ Back to Top