2. PHPRunner General questions
  3. [SOLVED]  lock access after 3 attempts - Example code
This topic is locked
[SOLVED]

 lock access after 3 attempts - Example code

 		1/18/2012 8:38:03 AM
PHPRunner General questions
A
 Athlon author

Can some one please advise. Thank you.
I have tried using the code provided on the website ( example )
It does not work.
I noticed firstly that no auto increment is made when creating the table with the provided script. It should I think..
Is the code out of date for runner 6

sample from page below does not work.
been searching for a fix for some time.
My scenario is as follows: Table name Users
userID name password email IP_Address
Using dynamic permissions I am using the email address as username.

All I wish to do is deny login if the IP_address does not match.
function BeforeLogin($username, $password)

{

//** Custom code ****

// check if this IP address is currently blocked

global $conn;

$sql = "select Attempts, LastLogin from LoginAttempts where ip = '" . $_SERVER["REMOTE_ADDR"] . "'";

$rs = db_query($sql,$conn);

$data = db_fetch_array($rs);
if (!$data || !strlen($data["LastLogin"]))

return true;
$atime = db2time($data["LastLogin"]);

$time = mktime($atime[3],$atime[4],$atime[5],$atime[1],$atime[2],$atime[0]);

$diff = (time()-$time)/60;
if ($data["Attempts"]>=3)

{

if($diff<30)

{

echo "<p align=center>
<font color=red><b>Access denied for 30 minutes</b> <font></p>";

return false;

}

else

{

db_exec("update LoginAttempts set Attempts=0 where ip = '" . $_SERVER["REMOTE_ADDR"] . "'",$conn);

return true;

}

}

return true;

}
function AfterSuccessfulLogin()

{

//** Custom code ****

// clear previous attempts
global $conn;

db_exec("update LoginAttempts set Attempts=0 where ip = '" . $_SERVER["REMOTE_ADDR"] . "'",$conn);
}
function AfterUnsuccessfulLogin()

//** Custom code ****

// increase number of attempts

// set last login attempt timeif required

{

global $conn;

$sql = "select * from LoginAttempts where ip = '" . $_SERVER["REMOTE_ADDR"] . "'";

$rs = db_query($sql,$conn);

$data = db_fetch_array($rs);
if($data)

{

$attempts = $data["Attempts"]+1;
if($attempts==3)

db_exec("update LoginAttempts set Attempts=" . $attempts . ", LastLogin=now() where ip = '" .$_SERVER["REMOTE_ADDR"] . "'",$conn);

else

db_exec("update LoginAttempts set Attempts=" . $attempts . " where ip = '" .$_SERVER["REMOTE_ADDR"] . "'",$conn);

}

else

db_exec("insert into LoginAttempts (Attempts,IP,LastLogin) values (1, '".$_SERVER["REMOTE_ADDR"] . "',NOW())",$conn);

}
// Place event code here.

// Use "Add Action" button to add code snippets.
return true;
C
 		cgphp 1/18/2012

"Lock user account after three unsuccessful logins" is an option in the Audit trail window (http://xlinesoft.com/phprunner/docs/audit.htm)
A
 		Athlon author 1/18/2012

Thanks - obvious in the end. Remember that page before at some point in the distant past.
That was easy !