Php login script with login attemp

Question

How can i limit the failed logins with this script? If the login fails, i insert it into the sql. (Is it the right way?)

But how can i check at the next login, that the user can now log in? I would take the login limit in 1 hour.

Aniway, is this code is good for that?

    <?php
$loginError = array();
if(isset($_POST['login_submit']))
{
    if(empty($_POST['email']) or !isset($_POST['email'])){$loginError[] = "Hiányzó email cím.";}
    if(empty($_POST['pass']) or !isset($_POST['pass'])){$loginError[] = "Hiányzó jelszó.";}
    if(strlen($_POST['email']) > 50 ){$loginError[] = "Hibás adat az email mezőben.";}
    if(strlen($_POST['pass']) > 40 ){$loginError[] = "Hibás adat a jelszó mezőben.";}
    if(count($loginError) == 0 )
    {   
        $email = mysqli_real_escape_string($kapcs,$_POST['email']); 
        $pass = sha1($_POST['pass']);
        $lekerdezes = mysqli_query($kapcs, "SELECT * FROM admin_user WHERE email = '$email'") or die(mysqli_error($kapcs));
        if(mysqli_num_rows($lekerdezes) > 0 )
        {
            $adat = mysqli_fetch_assoc($lekerdezes);
            if($adat['status'] == 1 )
            {
                if($adat['pass'] == $pass)
                {
                    $_SESSION['adatok'] = $adat;
                    $_SESSION['email'] = $adat['email'];
                    $_SESSION['userid'] = $adat['id'];
                    header("Location:home.php");
                }
                else
                {
                    $sql = "INSERT INTO loginattempts(log_address, log_datetime) VALUES ('".$_SERVER['REMOTE_ADDR']."', NOW())";
                    $insert_login_attempt = mysqli_query($kapcs, $sql) or die(mysqli_error($kapcs));

                    $loginError[] = "Hibás email cím vagy jelszó.";
                }
            }
            else
            {
                $sql = "INSERT INTO loginattempts(log_address, log_datetime) VALUES ('".$_SERVER['REMOTE_ADDR']."', NOW())";
                $insert_login_attempt = mysqli_query($kapcs, $sql) or die(mysqli_error($kapcs));

                $loginError[] = "Még nincs aktiválva a fiók.";
            }
        }
        else
        {
            $sql = "INSERT INTO loginattempts(log_address, log_datetime) VALUES ('".$_SERVER['REMOTE_ADDR']."', NOW())";
            $insert_login_attempt = mysqli_query($kapcs, $sql) or die(mysqli_error($kapcs));

            $loginError[] = "Hibás email cím vagy jelszó.";
        }
    }
}
?>

Answer 1

I would create a field in the database called status (blocked/ok) and assuming youve got a field timestamp for the last login...

Then Id connect to the database in case the login fails and save the status bloqued and the time stamp. the next attempt you would check the time.now vs last access...

I good suggestion would be create a function for the database connection so you can call it a couple of time without repeat the code, also dont forget use the try/except fot the db connection.