[OWASP_PHPSEC] Login Controller
rahul300chaudhary400 at gmail.com
Tue Sep 10 11:24:01 UTC 2013
Oh yes....the captcha part is just for show...a whole engine will be there
to handle what we have discussed earlier. I am a little busy with
controller, otherwise after controllers I will do that thing only.
On Tue, Sep 10, 2013 at 7:18 AM, Shivam Dixit <shivamd001 at gmail.com> wrote:
> Hello Rahul,
> Controllers seems to be good, however on brute force issue as we discussed
> earlier, we can also implement temporary account locking. As we discussed
> if 1 is returned (level 1) from brute force function *show captcha* , if *level
> 2 brute force attempt is made then lock account*. I think, for disabling
> accounts we will require one more column in USERS table to check if account
> is enabled or disabled and we will be required to add one more condition to
> check if user is enabled or disabled when we authenticate user.
> On Tue, Sep 10, 2013 at 4:33 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>> Hello All,
>> Here is the structure of the login controller that I made. Please comment
>> and notify me if any mistakes are there.
>> Rahul Chaudhary
>> Ph - 412-519-9634
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project