<?php

/* mysql_connect() */
/* mysql_select_db() */

$clean = array();
$mysql = array();

$now = time();
$max = $now - 15;

$salt = 'SHIFLETT';

if (ctype_alnum($_POST['username']))
{
    $clean['username'] = $_POST['username'];
}
else
{
    /* ... */
}

$clean['password'] = md5($salt . md5($_POST['password'] . $salt));
$mysql['username'] = mysql_real_escape_string($clean['username']);

$sql = "SELECT last_failure, password
        FROM   users
        WHERE  username = '{$mysql['username']}'";

if ($result = mysql_query($sql))
{
    if (mysql_num_rows($result))
    {
        $record = mysql_fetch_assoc($result);

        if ($record['last_failure'] > $max)
        {
            /* Less than 15 seconds since last failure */
        }
        elseif ($record['password'] == $clean['password'])
        {
            /* Successful Login */
        }
        else
        {
            /* Failed Login */

            $sql = "UPDATE users
                    SET    last_failure = '$now'
                    WHERE  username = '{$mysql['username']}'";

            mysql_query($sql);
        }
    }
    else
    {
        /* Invalid Username */
    }
}
else
{
    /* Error */
}
</body>
</html>