PHP Classes

Log Limiter: Limit the number of failed login attempts

Recommend this page to a friend!
  Info   View files Example   View files View files (4)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStarStar 66%Total: 982 All time: 3,703 This week: 455Up
Version License PHP version Categories
loglimiter 0.3Public Domain5.0PHP 5, User Management, Security
Description 

Author

This class can be used to limit the number of times an user fails to login.

It keeps track in a MySQL database the number of a time an user with a given IP address fails to attempt to login.

When the number of failed login attempts exceeded a given limit, the class sets a cookie that is used to determine that the user is blocked while the cookie does not expire.

Picture of Francesco Cirać
Name: Francesco Cirać <contact>
Classes: 3 packages by
Country: Italy Italy
Age: 32
All time rank: 129651 in Italy Italy
Week rank: 226 Up10 in Italy Italy Up

Recommendations

Example

<?php
// Example of a simple login using LogLimiter.
// We will see how LogLimiter can helps us to avoid bruteforces attacks.

// Setting the configuration
$attempts = 5; // Max attempts before blocking
$delay = 10; // Time of blocking (minutes)
$elapse = 10; // Time after restart attempts counting (minutes)
// Connecting to database
$db = @mysql_connect('db_host', 'db_user', 'db_password');
if (!
$db) die("Sorry Buzz, there's a problem: ".mysql_errno().": ".mysql_error());
if (!@
mysql_select_db('db_name', $db)) die("Sorry Buzz, there's a problem: ".mysql_errno().": ".mysql_error());
// Login datas:
$login_u = "buzzlightyear"; // Username
$login_p = "zurgdaddy"; // Password
// OT: It would be a great login for Buzz, woudn't it? ;)

// Including LogLimiter class file
include_once "loglimiter.class.php";
// Getting an istance of LogLimiter
$LL = new LogLimiter($db, $attempts, $delay, $elapse);

if (isset(
$_POST['user'])) {
   
// First of all, sanitize your input data!
   
$user = strip_tags(trim($_POST['user']));
   
$pwd = strip_tags(trim($_POST['pwd']));
   
// This is not good sanitizing if you have to do SQL queries!
    // Use something like mysql_real_escape_string(strip_tags(trim($string))) if you have to!
   
   
if ($LL->dbBlock()) { // $LL->dbBlock() tells us if this IP has reached the max attempts number (if TRUE).
       
$LL->ckGen(); // Generate the cookie block. Don't trust in this, deleting cookie is simple for everyone.
       
die("Sorry, but we are not enjoyed by your bruteforce attempt, damned Zurg!"); // Are you scared, my dear b14ck h4t h4x0r? :P
        // If you want to be bastard, you can delete the die() statement and put here a sleep(many_many_seconds) statement.
        // The bruteforce script will be freezed for many_many_seconds.. Poor b14ck h4t h4x0r. :'(
   
}
    if ((
$user==$login_u)&&($pwd==$login_p)) { // If the login data are right..
       
$LL->login(); // $LL->login() cleans the database table db_ip from the failed attempts of this IP address.
       
echo "Welcome Buzz. Enjoyed in your holidays with your dear daddy? :P";
    }
    else {
       
$LL->fail(); // $LL->fail() logs the failed attempts of this IP address, blocks and logs the cracking attempt if the max attempt number is reached.
        // A log-viewer is not included in LogLimiter yet (and probably it will never be): write it by yourself in your own control-panel!
       
echo "Wrong username/password, Buzz.. Your daddy annoyed you so much to make you forget you credentials? :P";
    }
}
else {
// Print the login form.
   
echo "<html>\n<head>\n<title>Space Ranges HQ</title>\n</head>\n<body>\n";
   
// $LL->ckBlock() works like $LL->dbBlock(). It checks the block cookie. If theres a block cookie, it return TRUE.
   
if ($LL->ckBlock()) echo "Sorry, you reached the max login attempts. Wait for ".$config["delay"]." minutes and try again.";
    else {
        echo
'<form name="login" method="post">';
        echo
'Username: <input type="text" name="user" value="" /><br />';
        echo
'Password: <input type="password" name="pwd" value="" /><br />';
        echo
'<input type="submit" value="Login" /></form>';
    }
    echo
"<body>\n<html>";
}
?>


Details

== LogLimiter == A PHP class for login attempts abuse preventing.

= What is LogLimiter LogLimiter implements an easy way to limit the login attempts from an user in a time period, for preventing things like bruteforces attacks.

= Using LogLimiter LogLimiter usage is simple. It is explained in the example file, moreover the class file is heavily commented. The only thing you need to do is to create the MySQL tables of LogLimiter (use the tables.sql dump file).

= LogLimiter License LogLimiter has not a license. Simply do what you want. I just enjoyed coding Token, don't care about.

= Author contacts Website: http://sydarex.org Email: sydarex@gmail.com

= Notes This is, in fact, a re-release of LogLimiter; I had already released it time ago. The only difference is the license change.


  Files folder image Files  
File Role Description
Accessible without login Plain text file example.php Example Usage example
Plain text file loglimiter.class.php Class The LogLimiter class file
Accessible without login Plain text file readme.txt Doc. Readme file
Accessible without login Plain text file tables.sql Data SQL database dump

 Version Control Unique User Downloads Download Rankings  
 0%
Total:982
This week:0
All time:3,703
This week:455Up
 User Ratings  
 
 All time
Utility:83%StarStarStarStarStar
Consistency:83%StarStarStarStarStar
Documentation:83%StarStarStarStarStar
Examples:83%StarStarStarStarStar
Tests:-
Videos:-
Overall:66%StarStarStarStar
Rank:493