I try to store the logged in attempts in the database, but it's not working. The loginAttempt columns is not updating. Also, I want to count the login attempts and block the user after 3 attempts.
How to fix this?
Here's the script:
session_start();
$loginDate = date("Y-m-d H:i:s");
$Error ="";
$successMessage ="";
if (isset($_POST['submit'])){
if ( !( $_POST['cnumber'] == "" && $_POST['password'] == "")){
$cnumber=$_POST['cnumber'];
$password= sha1($_POST['password']);
$cnumber = filter_var($cnumber, FILTER_SANITIZE_NUMBER_INT);
if (filter_var($cnumber, FILTER_VALIDATE_INT)){
$con=mysqli_connect("localhost","test","password","login");
$result = mysqli_query($con, "SELECT * FROM Users WHERE contractNumber='$cnumber' AND password='$password'");
$data = mysqli_num_rows($result);
if($data==1){
$_SESSION['login_user']=$cnumber;
mysqli_query($con, "INSERT INTO `homecre1_testemailCheck`.`Logs`(`contractNumber`, `lastLogin`) VALUES ('$cnumber', '$loginDate')");
header('Location: profile.php');
} else {
mysqli_query($con, "UPDATE Logs SET loginAttempt = loginAttempt+1 WHERE contractNumber = '$cnumber'");
}
mysqli_close($con);
} else {
$Error ="Invalid Contract Number.";
}
} else {
$Error ="Contract Number or Password is Empty.";
}
Here's my database structure:
Users - table
id -PK
contractNumber
email
password
Logs - table
userId
contractNumber
lastLogin
loginAttempt
Your update query is missing
SETand columncontarct_numbermight be wrong: Your query should be like: