Quote:
Originally Posted by AdultSoftwareSolutions
hash = md5(IP ADDRESS + DATE + HOUR + "secretstring")
if (cookie has hash value) let them in
else if (isGood(user, pass)) set cookie to hash
|
Because IP addresses don't change do they
You're better logging the country of origin using GeoIP. Possibly hashing the user agent, although this isn't good either.
Use a captcha, yes there are farms etc. but it costs money to get people to fill them out.
Force password reset via email on 5 failed attempts.
This isn't rocket science and isn't worth $150.