PHP Classes

File: example.php

Recommend this page to a friend!
  Classes of Francesco Cirać   Log Limiter   example.php   Download  
File: example.php
Role: Example script
Content type: text/plain
Description: Usage example
Class: Log Limiter
Limit the number of failed login attempts
Author: By
Last change:
Date: 15 years ago
Size: 3,130 bytes
 

Contents

Class file image Download
<?php
// Example of a simple login using LogLimiter.
// We will see how LogLimiter can helps us to avoid bruteforces attacks.

// Setting the configuration
$attempts = 5; // Max attempts before blocking
$delay = 10; // Time of blocking (minutes)
$elapse = 10; // Time after restart attempts counting (minutes)
// Connecting to database
$db = @mysql_connect('db_host', 'db_user', 'db_password');
if (!
$db) die("Sorry Buzz, there's a problem: ".mysql_errno().": ".mysql_error());
if (!@
mysql_select_db('db_name', $db)) die("Sorry Buzz, there's a problem: ".mysql_errno().": ".mysql_error());
// Login datas:
$login_u = "buzzlightyear"; // Username
$login_p = "zurgdaddy"; // Password
// OT: It would be a great login for Buzz, woudn't it? ;)

// Including LogLimiter class file
include_once "loglimiter.class.php";
// Getting an istance of LogLimiter
$LL = new LogLimiter($db, $attempts, $delay, $elapse);

if (isset(
$_POST['user'])) {
   
// First of all, sanitize your input data!
   
$user = strip_tags(trim($_POST['user']));
   
$pwd = strip_tags(trim($_POST['pwd']));
   
// This is not good sanitizing if you have to do SQL queries!
    // Use something like mysql_real_escape_string(strip_tags(trim($string))) if you have to!
   
   
if ($LL->dbBlock()) { // $LL->dbBlock() tells us if this IP has reached the max attempts number (if TRUE).
       
$LL->ckGen(); // Generate the cookie block. Don't trust in this, deleting cookie is simple for everyone.
       
die("Sorry, but we are not enjoyed by your bruteforce attempt, damned Zurg!"); // Are you scared, my dear b14ck h4t h4x0r? :P
        // If you want to be bastard, you can delete the die() statement and put here a sleep(many_many_seconds) statement.
        // The bruteforce script will be freezed for many_many_seconds.. Poor b14ck h4t h4x0r. :'(
   
}
    if ((
$user==$login_u)&&($pwd==$login_p)) { // If the login data are right..
       
$LL->login(); // $LL->login() cleans the database table db_ip from the failed attempts of this IP address.
       
echo "Welcome Buzz. Enjoyed in your holidays with your dear daddy? :P";
    }
    else {
       
$LL->fail(); // $LL->fail() logs the failed attempts of this IP address, blocks and logs the cracking attempt if the max attempt number is reached.
        // A log-viewer is not included in LogLimiter yet (and probably it will never be): write it by yourself in your own control-panel!
       
echo "Wrong username/password, Buzz.. Your daddy annoyed you so much to make you forget you credentials? :P";
    }
}
else {
// Print the login form.
   
echo "<html>\n<head>\n<title>Space Ranges HQ</title>\n</head>\n<body>\n";
   
// $LL->ckBlock() works like $LL->dbBlock(). It checks the block cookie. If theres a block cookie, it return TRUE.
   
if ($LL->ckBlock()) echo "Sorry, you reached the max login attempts. Wait for ".$config["delay"]." minutes and try again.";
    else {
        echo
'<form name="login" method="post">';
        echo
'Username: <input type="text" name="user" value="" /><br />';
        echo
'Password: <input type="password" name="pwd" value="" /><br />';
        echo
'<input type="submit" value="Login" /></form>';
    }
    echo
"<body>\n<html>";
}
?>