In this tutorial, we are going to discuss about how we can limit the user access in login page using PHP and MySQL Database.
In many practical application we need to grand access to the user, if they enter correct username and password. In case, if they forget their credentials(username and password) we need to give them chance to login to their account up to number of times generally three times is given. Beyond that we need to build such a system which does not accept user input. So, this is far more reliable method because many times login attempt may causes the application crash and also an unauthorized person can try many times to get access to the user system. So that it is mandatory to limit the login form/window of an application.
STEPS:
1. If you guyz are working with the PHP for the very first time, then you should know that PHP is server side scripting language, so it executes only in the server. if you create PHP file in your computer and try to run in any browser, there is no output. So working with PHP is far more Different than working in the plain HTML. That’s why you need to install server application in your computer like wamp server, xampp server etc for window.
Download wamp server from here: CLICK HERE
Now you should have text editing software in your PC, every window based PC have Notepad but i am using Dreamweaver CC. After downloading and installing these two software(Dreamweaver and wamp server) you need to define site and testing server in Dreamweaver cc so that every time when you try to execute PHP file, you do not need to save your PHP file by browsing the location of the server. if you don’t know how to do this. Read this article: CLICK HERE
2. After installing wamp server application, Start your wampserver, then open your localhost, for this open up your any browsing software and type localhost or 127.0.0.1 in the address bar. Then new page will appear then scroll down and find phpmyadmin and click on that. Then you will be able to see the login page. Login in by entering username and password (Default username is root and password is empty).
And then click on new and create one database having any name you want and the click OK, then create table having two field in and click on go. After that, you need to insert the field name like: username and assword. and then select the length (like 50, 30, 100 etc) as well as data type (recommend varchar) as your requirement and then click on save. OR You can watch the video for this designing part, you may understand better in video.
Some screenshot of creating database are:
NOTE: We have to insert username, password in our database. So, for this, Click on insert tab and insert username, password as:
3. After completing this task, write the following piece of code and save it in .php extension.
<!doctype html>
<?php
$servername="localhost";
$username="root";
$password="";
$dbname="loginattempt";
$atmp=0;
$conn = mysqli_connect($servername, $username, $password,$dbname);
if(isset($_POST['login'])){
$user=$_POST['user'];
$pass=$_POST['pass'];
$atmp=$_POST['hidden'];
if($atmp<4){
$query = "select * from loginattempt where username='".$user."' and password='".$pass."'";
$result = mysqli_query($conn, $query);
if($result){
if(mysqli_num_rows($result)){
while(mysqli_fetch_array($result, MYSQL_BOTH)){
echo'<script type="text/javascript">alert("you are login successfully")</script>';
?>
<script type="text/javascript">
window.location.href="newpage.php";
</script>
<?php
}
}
else{
$atmp++;
echo'<script type="text/javascript">alert("error and try again and the number of attemp is '.$atmp.'")</script>';
}
}
}
if($atmp==4){
echo'<script type="text/javascript">alert("login limit exceed")</script>';
}
}
?>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<form method="post" action="">
<table align="center">
<?php
echo"<input type='hidden' name ='hidden' value='".$atmp."'>";
?>
<tr>
<td>Username</td>
<td><input type="text" name="user" <?php if($atmp==4){?> disabled="disabled" <?php } ?>placeholder="enter username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="pass" placeholder="enter password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" <?php if($atmp==4){?> disabled="disabled" <?php } ?> name="login" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
4. Open this .php file in any browser you want. 
That’s it guyz. if you have any confusion you can comment your confusion in the following comment section or
watch the following videos:
please is there a way to unlock the page after few minutes so the user can try logging in again? thanks.
i guest with your code you open new exploit via XSS if im not wrong?
you are absolutely wrong because it’s only the facebook like button and not much more than that when you click that button you like our facebook page that’s it!