Add a lockout system for login page?

Jozz · March 8, 2011, 9:45am

Hey everyone!

I’m using a PHP Password system made by Zubrag called ‘Page Password Protect 2.13’

I am using the script as follows:
[php]<?php
##################################################################

SETTINGS START

##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma “,” at the end of line
$LOGIN_INFORMATION = array(
‘passwordremovedforforum’
);

// request login? true - show login and password boxes, false - password box only
define(‘USE_USERNAME’, false);

// User will be redirected to this page after logout
define(‘LOGOUT_URL’, ‘http://removedforforum/’);

// time out after NN minutes of inactivity. Set to 0 to not timeout
define(‘TIMEOUT_MINUTES’, 60);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define(‘TIMEOUT_CHECK_ACTIVITY’, false);

##################################################################

SETTINGS END

##################################################################

///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET[‘help’])) {
die(‘Include following code into every page you would like to protect, at the very beginning (first line):
<?php include("’ . str_replace(’\’,’\\’,FILE) . ‘"); ?>’);
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET[‘logout’])) {
setcookie(“verify”, ‘’, $timeout, ‘/’); // clear password;
header('Location: ’ . LOGOUT_URL);
exit();
}

if(!function_exists(‘showLoginPasswordProtect’)) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>

Uploading your Worke

<?php include("../includes/header.php"); ?> <?php include("../includes/navigation.php"); ?>

Welcome!

Let's upload the latest Newsletter!
Before we can further, I will need you to enter the password.
<?php echo $error_msg; ?>
<?php if (USE_USERNAME) echo 'Login:

Password:
'; ?>

<?php // stop at this point die(); } } // user provided password if (isset($_POST['access_password'])) { $login = isset($_POST['access_login']) ? $_POST['access_login'] : ''; $pass = $_POST['access_password']; if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION) || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) ) { showLoginPasswordProtect("Incorrect password. Please try again.
"); } else { // set cookie if password was validated setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed // So need to clear password protector variables unset($_POST['access_login']); unset($_POST['access_password']); unset($_POST['Submit']); } } else { // check if password cookie is set if (!isset($_COOKIE['verify'])) { showLoginPasswordProtect(""); } // check if cookie is good $found = false; foreach($LOGIN_INFORMATION as $key=>$val) { $lp = (USE_USERNAME ? $key : '') .'%'.$val; if ($_COOKIE['verify'] == md5($lp)) { $found = true; // prolong timeout if (TIMEOUT_CHECK_ACTIVITY) { setcookie("verify", md5($lp), $timeout, '/'); } break; } } if (!$found) { showLoginPasswordProtect(""); } } ?>[/php]

How would I add a system in the code where after 3 attempts of the password, it would lock the user out and not allow anymore attempts for 10 minutes? This could be a redirect to a page using a cookie or something like that, I just have no idea how to add it in the code.

Any help would be lovely.