I\'m working on an auth system with login failure.
If the user fails to login, the attempts number in database is incremented and if a defined limit is reached, PHP sets
From my point of View just take username when he attempt to login on your PHP page if he/she fails to attempt then store the username in Login_attempts tables and its IP address also. Increment the failed attempts column and check whether it is greater than threshold value of yours let say 5 and if it failed then add captcha to it and also check side by side IP is not changing with each attempts with certain time interval let say for 1 min IP address should remain same if it fails then fail the login attempts.
For best use NOSQL or memcache
to retrieve fast data from database.