> I want to protect my site login. I first want to lock users > out after so many failed login attempts. Lock them out for > a specified amount of time.
The way I usually approach this is to use a logging table. Each time a login is attempted it gets put into a table with the username, a timestamp, their IP, and the failure reason. Before each login is tried, I pull a count of the login attempts from the table within the last X minutes. If the count is over some threshold (usually 3 or 5) then I fail the login immediately the return an error. Once X minutes passes, the query would no longer return a count over the threshold and the account can be used again. Simple way to do auto-lockout without having to rely on scheduled processes at all. Alternatively, you can have the lockout routine set a bit on the account to permanently lock it out as well if desired. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329707 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4