I would like to know how you make a secure login system.
Because it is difficult to get information from the user that will try to login:
Ex:
echo getenv("username").'<br>';
echo getenv("REMOTE_ADDR").'<br>';
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
echo $hostname.'<br>';
echo $_SERVER['HTTP_USER_AGENT'];
How would I do a system that blocks so many login attempts.
I do not talk about the code issue, because usually when I do, I save the IPs in the database, and I count failed login attempts in the last 30 minutes, if greater than 5, I redirect the page ...
This is easy, problem, if the person is on a network. Then it will block everyone's access with the same IP.
I could differentiate using the PC name and the user, but this function does not work on my linux server ...
As for the user agent, it is also unreliable, as the person can easily change.
Since this Host name (gethostbyaddr), I found it interesting, it could be an additional one for a Login system.
Session, if the guy close the browser, or delete the session, it already was.
Cookie the same thing ...
Captcha, may be an additional, but does not guarantee anything ...
1 - Are there other functions that take more user data? 2 - What is the best way to create a secure login system, preventing the person from trying to log in several times causing an error. 3 - What do major sites use to block malicious users who try to log in repeatedly?