Block access after 3 bad attempts

This topic is locked

Block access after 3 bad attempts	6/26/2006 2:04:15 PM
PHPRunner General questions
O osluk author I followed the instructions in the article http://xlinesoft.com/articles/system_access_lock.htm but am getting the following errors. I have rename the file until I can get some feedback on the error. Thanks Chris Does this make sense to anyone. Is the mod still current with this version? Warning: Cannot modify header information - headers already sent by (output started at /hsphere/local/home/bauduc-dev/bordeauxreport.com/db-2005/signup/include/events.php:66'>bordeauxreport.com/db-2005/signup/include/events.php:66) in /hsphere/local/home/bauduc-dev/bordeauxreport.com/db-2005/signup/login.php'>bordeauxreport.com/db-2005/signup/login.php on line 34 Warning: Cannot modify header information - headers already sent by (output started at /hsphere/local/home/bauduc-dev/bordeauxreport.com/db-2005/signup/include/events.php:66'>bordeauxreport.com/db-2005/signup/include/events.php:66) in /hsphere/local/home/bauduc-dev/bordeauxreport.com/db-2005/signup/login.php'>bordeauxreport.com/db-2005/signup/login.php on line 35

Mark as Solved Mark as not solved

8 replies


	Admin 6/27/2006
	Chris, the code is valid. Make sure your events.php file ends with "?>". Remove any spaces, line breaks after ?> element.


O	osluk author 6/27/2006
	<?php function BeforeLogin($username, $password) { // Custom code **** // check if this IP address is currently blocked global $conn; $sql = "select Attempts, LastLogin from LoginAttempts where ip = '" . $_SERVER["REMOTE_ADDR"] . "'"; $rs = db_query($sql,$conn); $data = db_fetch_array($rs); if (!$data \|\| !strlen($data["LastLogin"])) return true; $atime = db2time($data["LastLogin"]); $time = mktime($atime[3],$atime[4],$atime[5],$atime[1],$atime[2],$atime[0]); $diff = (time()-$time)/60; if ($data["Attempts"]>=3) { if($diff<30) { echo "<p align=center> <font color=red><b>Access denied for 30 minutes</b> <font></p>"; return false; } else { db_exec("update LoginAttempts set Attempts=0 where ip = '" . $_SERVER["REMOTE_ADDR"] . "'",$conn); return true; } } return true; } function AfterSuccessfulLogin() { // Custom code ****** // clear previous attempts global $conn; db_exec("update LoginAttempts set Attempts=0 where ip = '" . $_SERVER["REMOTE_ADDR"] . "'",$conn); } function AfterUnsuccessfulLogin() // Custom code ******** // increase number of attempts // set last login attempt timeif required { global $conn; $sql = "select * from LoginAttempts where ip = '" . $_SERVER["REMOTE_ADDR"] . "'"; $rs = db_query($sql,$conn); $data = db_fetch_array($rs); if($data) { $attempts = $data["Attempts"]+1; if($attempts==3) db_exec("update LoginAttempts set Attempts=" . $attempts . ", LastLogin=now() where ip = '" .$_SERVER["REMOTE_ADDR"] . "'",$conn); else db_exec("update LoginAttempts set Attempts=" . $attempts . " where ip = '" .$_SERVER["REMOTE_ADDR"] . "'",$conn); } else db_exec("insert into LoginAttempts (Attempts,IP,LastLogin) values (1, '".$_SERVER["REMOTE_ADDR"] . "',NOW())",$conn); } function BeforeRegister($userdata) { // Parameters: // $userdata - Array. // Each field on this form represented as 'Field name'-'Field value' pair // Insert a record into another table **** global $conn; $IP = $_SERVER["REMOTE_ADDR"]; $User = @$_SESSION["UserID"]; $AccessType = "Registration Before"; $strSQLInsert = "insert into audit (IP,User,AccessType,DateTime) values ('$IP','$User','$AccessType',NOW())"; db_exec($strSQLInsert,$conn); return true; // return true if you like to proceed with registration // return false in other case } function AfterSuccessfulRegistration() { // Insert a record into another table ****** global $conn; $IP = $_SERVER["REMOTE_ADDR"]; $User = @$_SESSION["UserID"]; $AccessType = "Registration OK"; $strSQLInsert = "insert into audit (IP,User,AccessType,DateTime) values ('$IP','$User','$AccessType',NOW())"; db_exec($strSQLInsert,$conn); } function AfterUnsuccessfulRegistration() { // Insert a record into another table ******** global $conn; $IP = $_SERVER["REMOTE_ADDR"]; $User = @$_SESSION["UserID"]; $AccessType = "Registration Fails"; $strSQLInsert = "insert into audit (IP,User,AccessType,DateTime) values ('$IP','$User','$AccessType',NOW())"; db_exec($strSQLInsert,$conn); } ?> I seem to have got rid of the error. How can I integtate the different functions - some yours some mine. Chris


	Admin 6/27/2006
	Chris, there is nothing to integrate in your code. Please clarify what you need to combine.


O	osluk author 6/28/2006
	What I meant I gues was is there a specific order they have to be in. Can there be multiple instance of a particular action? Cheers Chris


	Admin 6/28/2006
	Chris, just add several actions to your event in PHPRunner. I.e. add "Display a message on the Web page" and then "Redirect to another page". You'll get a code like this: function AfterSuccessfulLogin() { // Display a message on the Web page **** echo "Your message here"; // Redirect to another page ******** header("Location: anypage.php"); exit(); }


O	osluk author 6/28/2006
	Thanks Fatal error: Cannot redeclare aftersuccessfullogin() (previously declared in /hsphere/local/home/bauduc-dev/bordeauxreport.com/db-2005/AdminD/include/events.php'>bordeauxreport.com/db-2005/AdminD/include/events.php:41'>bordeauxreport.com/db-2005/AdminD/include/events.php'>bordeauxreport.com/db-2005/AdminD/include/events.php:41) in /hsphere/local/home/bauduc-dev/bordeauxreport.com/db-2005/AdminD/include/events.php'>bordeauxreport.com/db-2005/AdminD/include/events.php on line 71 function AfterSuccessfulLogin() { // Custom code **** // clear previous attempts global $conn; db_exec("update LoginAttempts set Attempts=0 where ip = '" . $_SERVER["REMOTE_ADDR"] . "'",$conn); } { // Insert a record into another table ******** global $conn; $IP = $_SERVER["REMOTE_ADDR"]; $User = @$_SESSION["UserID"]; $AccessType = "Login OK"; $strSQLInsert = "insert into audit (IP,User,AccessType,DateTime) values ('$IP','$User','$AccessType',NOW())"; db_exec($strSQLInsert,$conn); } Is this the correct way to combine things within the function. Thanks Chris Fatal error: Call to undefined function: db_exec() in /hsphere/local/home/bauduc-dev/bordeauxreport.com/db-2005/AdminD/include/events.php'>bordeauxreport.com/db-2005/AdminD/include/events.php on line 53 Perhaps not


O	osluk author 6/29/2006
	After a lot of trial and error I have this working. This is the log Could it include the username that was being used perhaps in a different table track all logins successful or not. In the summary table could it show the username and locked status of ips current locked? If the same user attempted logins on a different IP then we would would the user had shared password incorrectly or the account had been compromised. Great mod. Wish I knew more about how the PHP syntax worked. Anyone suggest a good source of knowledge in better understanding how these fuctions fit together! thanks again Chris


	Admin 6/29/2006
	Chris, You need to know some PHP for the advanced use of Events. I can recommend you to check http://www.w3schools.com website as a good start to learn PHP.

8 replies

Mark as Solved Reply