Jump to content

Repeated Login Attempts Blocking

BrandonE97

By BrandonE97
in PHP Coding Help

 Share

Recommended Posts

Hypnos Newbie

Hypnos

Posted
Posted

You can use sessions, or if you really want to be aggressive, make a login_error table, and log IPs.

 

session_start();
if($_SESSION['errorcount']) {
$_SESSION['errorcount']++;
}
else {
$_SESSION['errorcount']= 1;
}

if($_SESSION['errorcount'] > 3) {
die("Get out of here, loser.");
}
else {
// Login
}

 

Of course, they can break it by clearing their cookies.

Link to comment
Share on other sites
Hypnos Newbie

Hypnos

Posted
Posted

Insert a row for every failed login, with the IP and date.

 

Then, to see if they have permission to login, do a query for their IP, with NOW - 30 minutes ago for date. If there are 3 results, don't let them login.

 

You probably want to have a cron job to truncate the table. But, that depends on how active your site is.

Link to comment
Share on other sites
Hypnos Newbie

Hypnos

Posted
Posted

The server sends the data to the host on 80 but the host can ask the server on any port. If you have mulitple computers behind one IP address then the ports will be different for each computer when it ask for the page.

It's the reverse of that. Hosts send the request on 80.

 

But to answer the question, there's no need to log any port information.

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Here an example if th user put in a name what is not god or 1234 afther 3 attempts there kicked out.

 

couldnt get the 30min stay out with a seesion theo sorry.

 

<?php session_start();

if(empty($name) && empty($password)){

$x=$_SERVER['PHP_SELF'];

echo<<<form
<center>
Please fill out all the form!
<p></p>
<form method="POST" action="$x">
<br><br>
Name
<br>
<input type="text" name="name">
<br><br>
Password
<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Send">
</form>
</center>
form;


session_destroy();

unset($_SESSION['name']);
unset($_SESSION['count']);
unset($_SESSION['ip']);

exit;

}

if($_POST['submit']){

if($_SESION['count']=0){

}else{

$_SESSION['count']++;

}

if( ($_SESSION['count']==3) && ($name!="god") && (!$password!="1234") ){

echo"<center> <h1>Sorry you submitted to many times </h1> </center>";

unset($_SESSION['count']);

exit;

}elseif($name=="god" && $password=="1234"){

echo"congrateulation's your in!";	
}
}

$x=$_SERVER['PHP_SELF'];

echo<<<form
<center>
Please login cheers!
<p></p>
<form method="POST" action="$x">
<br><br>
Name
<br>
<input type="text" name="name">
<br><br>
Password
<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Send">
</form>
</center>
form;


?>

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

mini upgrade sorry admin modify post run's out to quick.

 

<?php session_start();

//database connection

//select staement

//while loop

//set while condition to the get_time varable.

$get_time= // add your my sql time varable.

if(($_SESSION['time_out'] < $get_time)){

echo "sorry wait 2 minutes";

exit;
}

if(empty($name) && empty($password)){

$x=$_SERVER['PHP_SELF'];

echo<<<form
<center>
Please fill out all the form!
<p></p>
<form method="POST" action="$x">
<br><br>
Name
<br>
<input type="text" name="name">
<br><br>
Password
<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Send">
</form>
</center>
form;


session_destroy();

unset($_SESSION['name']);
unset($_SESSION['count']);
unset($_SESSION['ip']);

exit;

}

if($_POST['submit']){

if($_SESION['count']=0){

}else{

$_SESSION['count']++;

}

if( ($_SESSION['count']==3) && ($name!="god") && (!$password!="1234") ){


$_SESSION['time_out']=time()+160; // set how long user stays out

echo"<center> <h1>Sorry you submitted to many times </h1> </center>";

unset($_SESSION['count']);

exit;

}elseif($name=="god" && $password=="1234"){

echo"congrateulation's your in!";	
}
}

$x=$_SERVER['PHP_SELF'];

echo<<<form
<center>
Please login cheers!
<p></p>
<form method="POST" action="$x">
<br><br>
Name
<br>
<input type="text" name="name">
<br><br>
Password
<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Send">
</form>
</center>
form;


?>

Link to comment
Share on other sites
king arthur Member

king arthur

Posted
Posted

Locking a user out after three failed attempts may work. Logging the IP address won't achieve much though. What you ought to do is create a database table that records the username used in the failed attempt, plus the time of the attempt. Insert a new row on every failed attempt. Count up all attempts with the same username in the past hour or however long you want, if there are three or more, disallow access regardless of the password. Delete any rows older than one hour.

 

The reason recording the IP is not much good is, there are brute force password hacking programs out there that can hide themselves behind proxies. So each time they attempt a username/password combination, the IP address appears to be different. If your server can cope with the login page being hit once per second for several hours, using the above method may be good enough to foil these programs.

Link to comment
Share on other sites
rcorlew Member

rcorlew

Posted
Posted

You could also log the mac address, which is much harder than ip addy to fake, each mac address is unique.

 

You would have to use java script to get though I do beleive, although I have seen it done, just never really tried to o it myself.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.