Well -
You could use cookies - but if they erase their cache, that won't help the
20 minute delay. I track Good and Bad Logins in the database - and for some
sites if they have too many bad logins - I set their account status to
Inactive, which has to be manually changed by an Admin. However - to track
it -
If Login Fails:
<!--- Track Failed Login, insert it into DB --->
<cfquery datasource="#APPLICATION.DSN#" username="#APPLICATION.username#"
password="#APPLICATION.password#">
INSERT INTO LoginTrackBad (Login, PassAttempt, UserIP)
VALUES (
'#FORM.username#',
'#FORM.password#',
'#cgi.remote_addr#')
</cfquery>
Once you track that data - you can run checks against it based on whatever
you want. I have the database Auto timestamps it - so you could query That
username and Login attempts within 20 minutes of #Now()#. If it's too many -
bypass your login script all together.
Does that help?
- Nick
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Get involved in the latest ColdFusion discussions, product
development sharing, and articles on the Adobe Labs wiki.
http://labs/adobe.com/wiki/index.php/ColdFusion_8
Archive:
http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:3131
Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
