How do I limit user login failures with memcache?

I want to limit the user to login within one hour only password wrong 12 times, if in the last hour accumulated password error more than 12 times directly can not log in, how to achieve with memcache, without MySQL, because the login log table to the MySQL is getting bigger and larger, The way MySQL was implemented before was too slow

Reply content:

I want to limit the user to login within one hour only password wrong 12 times, if in the last hour accumulated password error more than 12 times directly can not log in, how to achieve with memcache, without MySQL, because the login log table to the MySQL is getting bigger and larger, The way MySQL was implemented before was too slow

If you do not need to record the user login history details, just want to limit the number of landing is very simple

1. Create a special key for each user (for example, user_login_count_${user ID}

2. Every time you log in to get the user name, go to Memcache to fetch the value of this key, if it is found to have more than 12, then this times the wrong explanation can only try 12 times

3. If this key does not exist, then set new by set and record the value as 1,expire time to 3,600 seconds

4. If the login fails, then the value corresponding to this key is increment, and the timeout time is reset to 3,600 seconds.

5. If the login is successful, clear the contents of this key directly

Because @vimac answer does not solve the problem of the last hour, the following only provides a thought, details can be improved

  Get ($key) or array (), $allow _times = 12;if (! checkallowtimes ($login _failed, $allow _times)) {throw new Exception ("Allow t IMEs Max ", 1);}    if (! Passvalid ($user _id, $password)) {Array_unshift ($login _failed, Time ()); Save up to 12 records if (count ($login _failed) > $allow _times) {$login _failed = array_slice ($login _failed, 0, $allow _                times); } $mem->set ($key, $login _failed, 3600);}    else{//Login successfully deleted failed records, depending on whether it was a continuous failure or a cumulative failure?    $mem->delete ($key); // ...} function Passvalid ($user _id, $password) {//...//pseudo-code return TRUE or FALSE;}    function Checkallowtimes ($login _failed, $allow _times) {$last _hour = strtotime (' 1 hours ago ');            for ($i = 0; $i < count ($login _failed), $i + +) {//If the login failed 12 times if ($i >= $allow _times-1) {        return false;        }//1 hours ago Logon record does not retrieve if ($login _failed[$i] <= $last _hour) {return true; }} return true;

