Block user

ajith · March 31, 2015, 7:15am

Good afternoon all, I am looking for a way to disable a user account after he or she has attempted ten unsuccessful login attempts. Thanks for your time.

ganeshbora · March 31, 2015, 12:43pm

You can check the below link for Defender Functionality which will allow to disable/block user access.

github.com

taseenb/Pi/blob/master/protected/components/Defender.php

<?php


class Defender extends CComponent
{

    /**
     * User Host IP Address.
     * @var string 
     */
    public $ip;

    /**
     * Allowed failed logins during the 'failedLoginsTestDuration' period.
     * @var int Failed login attempts.
     */
    public $failedLoginsAllowed = 8; // 20 failed logins in 5 minutes
    
    /**
     * Max number of failed logins allowed before showing a Captcha test.

This file has been truncated. show original

Please late me know if you face any issue.

oligalma · March 31, 2015, 3:51pm

You store the number of login attempts in session:




if($incorrectPassword)

     Yii::app()->session['loginAttempts'] = Yii::app()->session['loginAttempts'] + 1;

Then, you limit the login attemps like this:


if(Yii::app()->session['loginAttempts'] == 5)

     die('Maximum login attempts reached');

Alternatively, you can limit the user attempts by IP. Then, you use $_SERVER[‘REMOTE_ADDR’] to get the user IP.