validate user attempts when logging in


I'm trying to validate an entry login to verify a user's attempts to login. If this completes 3 unsuccessful attempts, then the account is deactivated (In my database, in the user table, the user's status changes to inactive)

This is my code:

// ================================================ EMPIEZA EL CONTADOR PARA EL LOGIN =====================================
$_SESSION['contadorLogin'] == 0;

if (isset($_POST["submit"])) {

    $usuario = stripslashes($usuario);
    $usuario = $conn->real_escape_string($usuario);
    $contrasena = stripslashes($contrasena);
    $contrasena = $conn->real_escape_string($contrasena);

    $sql="SELECT * FROM usuario WHERE usuario='$usuario' AND (contrasena='$contrasena' AND estado='Activo') ";

    $result = $conn->query($sql);
    if ($result->num_rows == 1) {

          while($row = $result->fetch_assoc()) {


          $sql2="SELECT * FROM empleado WHERE id_empleado='$id_emp'";
          if ($result2->num_rows == 1) {
            while($row = $result2->fetch_assoc()) {



            $mensaje = "¡Bienvenido al Sistema!";
            echo "<script type='text/javascript'>alert('$mensaje');</script>";
            header( "refresh:0.2;url=../venta_venta.php" );

        $mensaje = "Error! Es probable que la contraseña o usuario ingresado son incorrectos o bien su usaurio esta inactivo";
        echo "<script type='text/javascript'>alert('$mensaje');</script>";
        header( "refresh:0.2;url=../login_agro.php" );

        // =============================================================== AUMENTAMOS EL CONTADOR DEL LOGIN ==================
            $_SESSION['contadorLogin'] = $_SESSION['contadorLogin'] + 1; 

 // =================================================== SE DESACTIVA LA CUENTA DEL USUARIO =============================
            if ($_SESSION['contadorLogin']>3) {
                $actualizar="UPDATE usuario SET estado='Inactivo' WHERE usuario='$usuario'";
                $result = $conn->query($actualizar);
                $mensaje2 = "Lo sentimos, su usaurio ha sido desactivado";
                echo "<script type='text/javascript'>alert('$mensaje2');</script>";
                header( "refresh:0.2;url=../login_agro.php" );





And although it works (changes the user's status). The following message appears after login:

Notice: Undefined index: contadorLogin in C:\...

How do I solve the problem? Try to put a isset (); but then the one that throws error is the line where +1 is accumulated.

asked by Raphael 26.06.2016 в 18:30

1 answer


The problem is when assigning the value to the session variable, on line 5, you are not checking if the variable already exists or not:


if (!isset($_SESSION['contadorLogin']) {
    $_SESSION['contadorLogin'] = 0;
answered by 26.06.2016 / 19:03