Add Login Security

Functions

<?php
define("TIME_PERIOD", "30");
define("ATTEMPTS_NUMBER", "3");

function confirmIPAddress($value) {
// database connction
        $con = DBconnect();
  $query = "SELECT Attempts, (CASE when LastLogin is not NULL and DATE_ADD(LastLogin, INTERVAL ".TIME_PERIOD.
  " MINUTE)>NOW() then 1 else 0 end) as Denied FROM ".TABLE_LOGINATTEMPTS." WHERE IP = '$value'";

$result = $con->query($query);
  $data = $result->fetch_assoc();

//Verify that at least one login attempt is in database

if (!$data) {
    return 0;
  }
  if ($data["Attempts"] >= ATTEMPTS_NUMBER)
  {
    if($data["Denied"] == 1)
    {
      return 1;
    }
    else
    { 
      clearLoginAttempts($value);
      return 0; 
    }
  }
  return 0;
}

function addLoginAttempt($value) {
// database connction
        $con = DBconnect();
   //Increase number of attempts. Set last login attempt if required.

$q = "SELECT * FROM ".TABLE_LOGINATTEMPTS." WHERE IP = '$value'";
   $result = $con->query($q);
   $data = $result->fetch_assoc();
  
   if($data)
   {
     $attempts = $data["Attempts"]+1;

if($attempts==3) {
       $q = "UPDATE ".TABLE_LOGINATTEMPTS." SET Attempts=".$attempts.", LastLogin=NOW() WHERE IP = '$value'";
       $result = $con->query($q);
     }
     else {
       $q = "UPDATE ".TABLE_LOGINATTEMPTS." SET Attempts=".$attempts." WHERE IP = '$value'";
       $result = $con->query($q);
     }
   }
   else {
     $q = "INSERT INTO ".TABLE_LOGINATTEMPTS." (Attempts,IP,LastLogin) values (1, '$value', NOW())";
     $result = $con->query($q);
   }
}

function clearLoginAttempts($value) {
	// database connction
        $con = DBconnect();
  $query = "UPDATE ".TABLE_LOGINATTEMPTS." SET Attempts = 0 WHERE IP = '$value'";
  return $con->query($query);
}

// Function to get the client IP address
function get_client_ip() {
    $ipaddress = '';
    if (getenv('HTTP_CLIENT_IP'))
        $ipaddress = getenv('HTTP_CLIENT_IP');
    else if(getenv('HTTP_X_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
    else if(getenv('HTTP_X_FORWARDED'))
        $ipaddress = getenv('HTTP_X_FORWARDED');
    else if(getenv('HTTP_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_FORWARDED_FOR');
    else if(getenv('HTTP_FORWARDED'))
       $ipaddress = getenv('HTTP_FORWARDED');
    else if(getenv('REMOTE_ADDR'))
        $ipaddress = getenv('REMOTE_ADDR');
    else
        $ipaddress = 'UNKNOWN';
    return $ipaddress;
}	
?>

<?php

define("TIME_PERIOD", "30");

define("ATTEMPTS_NUMBER", "3");

function confirmIPAddress($value) {

// database connction

$con = DBconnect();

$query = "SELECT Attempts, (CASE when LastLogin is not NULL and DATE_ADD(LastLogin, INTERVAL ".TIME_PERIOD.

" MINUTE)>NOW() then 1 else 0 end) as Denied FROM ".TABLE_LOGINATTEMPTS." WHERE IP = '$value'";

$result = $con->query($query);

$data = $result->fetch_assoc();

//Verify that at least one login attempt is in database

if (!$data) {

return 0;

}

if ($data["Attempts"] >= ATTEMPTS_NUMBER)

{

if($data["Denied"] == 1)

{

return 1;

}

else

{

clearLoginAttempts($value);

return 0;

}

return 0;

}

function addLoginAttempt($value) {

// database connction

$con = DBconnect();

//Increase number of attempts. Set last login attempt if required.

$q = "SELECT * FROM ".TABLE_LOGINATTEMPTS." WHERE IP = '$value'";

$result = $con->query($q);

$data = $result->fetch_assoc();

if($data)

{

$attempts = $data["Attempts"]+1;

if($attempts==3) {

$q = "UPDATE ".TABLE_LOGINATTEMPTS." SET Attempts=".$attempts.", LastLogin=NOW() WHERE IP = '$value'";

$result = $con->query($q);

}

else {

$q = "UPDATE ".TABLE_LOGINATTEMPTS." SET Attempts=".$attempts." WHERE IP = '$value'";

$result = $con->query($q);

}

else {

$q = "INSERT INTO ".TABLE_LOGINATTEMPTS." (Attempts,IP,LastLogin) values (1, '$value', NOW())";

$result = $con->query($q);

}

function clearLoginAttempts($value) {

// database connction

$con = DBconnect();

$query = "UPDATE ".TABLE_LOGINATTEMPTS." SET Attempts = 0 WHERE IP = '$value'";

return $con->query($query);

}

// Function to get the client IP address

function get_client_ip() {

$ipaddress = '';

if (getenv('HTTP_CLIENT_IP'))

$ipaddress = getenv('HTTP_CLIENT_IP');

else if(getenv('HTTP_X_FORWARDED_FOR'))

$ipaddress = getenv('HTTP_X_FORWARDED_FOR');

else if(getenv('HTTP_X_FORWARDED'))

$ipaddress = getenv('HTTP_X_FORWARDED');

else if(getenv('HTTP_FORWARDED_FOR'))

$ipaddress = getenv('HTTP_FORWARDED_FOR');

else if(getenv('HTTP_FORWARDED'))

$ipaddress = getenv('HTTP_FORWARDED');

else if(getenv('REMOTE_ADDR'))

$ipaddress = getenv('REMOTE_ADDR');

else

$ipaddress = 'UNKNOWN';

return $ipaddress;

}

Uses

first of all call confirmIPAddress(get_client_ip()) function. if username is incorrect then call addLoginAttempt(get_client_ip())

After 3 time incorrect it block ip address for 30 min.

Recent Posts

Add Login Security

Functions

Uses

Leave a reply Cancel reply

Recent Posts

Add Login Security

Functions

Uses

Related Posts:

Leave a reply Cancel reply