[OWASP_PHPSEC] Login Controller

Shivam Dixit shivamd001 at gmail.com
Tue Sep 10 11:18:08 UTC 2013

Hello Rahul,

Controllers seems to be good, however on brute force issue as we discussed
earlier, we can also implement temporary account locking. As we discussed
if 1 is returned (level 1) from brute force function *show captcha* , if *level
2 brute force attempt is made then lock account*. I think, for disabling
accounts we will require one more column in USERS table to check if account
is enabled or disabled and we will be required to add one more condition to
check if user is enabled or disabled when we authenticate user.

On Tue, Sep 10, 2013 at 4:33 PM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:

> Hello All,
> Here is the structure of the login controller that I made. Please comment
> and notify me if any mistakes are there.
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130910/94283f87/attachment.html>

More information about the OWASP_PHP_Security_Project mailing list