<?php
// Example of a simple login using LogLimiter.
// We will see how LogLimiter can helps us to avoid bruteforces attacks.
// Setting the configuration
$attempts = 5; // Max attempts before blocking
$delay = 10; // Time of blocking (minutes)
$elapse = 10; // Time after restart attempts counting (minutes)
// Connecting to database
$db = @mysql_connect('db_host', 'db_user', 'db_password');
if (!$db) die("Sorry Buzz, there's a problem: ".mysql_errno().": ".mysql_error());
if (!@mysql_select_db('db_name', $db)) die("Sorry Buzz, there's a problem: ".mysql_errno().": ".mysql_error());
// Login datas:
$login_u = "buzzlightyear"; // Username
$login_p = "zurgdaddy"; // Password
// OT: It would be a great login for Buzz, woudn't it? ;)
// Including LogLimiter class file
include_once "loglimiter.class.php";
// Getting an istance of LogLimiter
$LL = new LogLimiter($db, $attempts, $delay, $elapse);
if (isset($_POST['user'])) {
// First of all, sanitize your input data!
$user = strip_tags(trim($_POST['user']));
$pwd = strip_tags(trim($_POST['pwd']));
// This is not good sanitizing if you have to do SQL queries!
// Use something like mysql_real_escape_string(strip_tags(trim($string))) if you have to!
if ($LL->dbBlock()) { // $LL->dbBlock() tells us if this IP has reached the max attempts number (if TRUE).
$LL->ckGen(); // Generate the cookie block. Don't trust in this, deleting cookie is simple for everyone.
die("Sorry, but we are not enjoyed by your bruteforce attempt, damned Zurg!"); // Are you scared, my dear b14ck h4t h4x0r? :P
// If you want to be bastard, you can delete the die() statement and put here a sleep(many_many_seconds) statement.
// The bruteforce script will be freezed for many_many_seconds.. Poor b14ck h4t h4x0r. :'(
}
if (($user==$login_u)&&($pwd==$login_p)) { // If the login data are right..
$LL->login(); // $LL->login() cleans the database table db_ip from the failed attempts of this IP address.
echo "Welcome Buzz. Enjoyed in your holidays with your dear daddy? :P";
}
else {
$LL->fail(); // $LL->fail() logs the failed attempts of this IP address, blocks and logs the cracking attempt if the max attempt number is reached.
// A log-viewer is not included in LogLimiter yet (and probably it will never be): write it by yourself in your own control-panel!
echo "Wrong username/password, Buzz.. Your daddy annoyed you so much to make you forget you credentials? :P";
}
}
else { // Print the login form.
echo "<html>\n<head>\n<title>Space Ranges HQ</title>\n</head>\n<body>\n";
// $LL->ckBlock() works like $LL->dbBlock(). It checks the block cookie. If theres a block cookie, it return TRUE.
if ($LL->ckBlock()) echo "Sorry, you reached the max login attempts. Wait for ".$config["delay"]." minutes and try again.";
else {
echo '<form name="login" method="post">';
echo 'Username: <input type="text" name="user" value="" /><br />';
echo 'Password: <input type="password" name="pwd" value="" /><br />';
echo '<input type="submit" value="Login" /></form>';
}
echo "<body>\n<html>";
}
?>
|
Download
