Block user

Good afternoon all, I am looking for a way to disable a user account after he or she has attempted ten unsuccessful login attempts. Thanks for your time.

You can check the below link for Defender Functionality which will allow to disable/block user access.

Please late me know if you face any issue.

You store the number of login attempts in session:


     Yii::app()->session['loginAttempts'] = Yii::app()->session['loginAttempts'] + 1;

Then, you limit the login attemps like this:

if(Yii::app()->session['loginAttempts'] == 5)

     die('Maximum login attempts reached');

Alternatively, you can limit the user attempts by IP. Then, you use $_SERVER[‘REMOTE_ADDR’] to get the user IP.