Enable Captcha after several login failure - How to implement this?

Question

I\'m working on an auth system with login failure.
If the user fails to login, the attempts number in database is incremented and if a defined limit is reached, PHP sets

Answer 1

I would simply record the user's session variable and then count how many times the form is submitted for an IP address.

Answer 2

Spam bots can get around session restrictions fairly easily, so it would have to be done in the database to be effective. Spam bots can also change their IP address each request, although this is harder to achieve.

You'd have to put a login attempts field in the users table that starts at 0, increment this when they get the password wrong, and reset it to 0 when they log in successfully. When someone tries to login as a user with login attempts > 5 you would then take them to another page with the captcha which they must enter correctly (even if the password was wrong).

Answer 3

From my point of View just take username when he attempt to login on your PHP page if he/she fails to attempt then store the username in Login_attempts tables and its IP address also. Increment the failed attempts column and check whether it is greater than threshold value of yours let say 5 and if it failed then add captcha to it and also check side by side IP is not changing with each attempts with certain time interval let say for 1 min IP address should remain same if it fails then fail the login attempts.

For best use NOSQL or memcache to retrieve fast data from database.