PHP – SESSION Brute Force Defense

Published by Durukan Bal on 

function BruteForce ( $VeriDatasiSay, $Say )
{
	if ( $Say = -1 )
    {
		$_SESSION[$VeriDatasiSay] = 0;
        return 1;
    }
        
    if ( isset ( $_SESSION[$VeriDatasiSay] ) == TRUE && is_numeric ( $_SESSION[$VeriDatasiSay] ) == TRUE )
    {
        $_SESSION[$VeriDatasiSay] = intval ( $_SESSION[$VeriDatasiSay] ) + 1;
    }
    else
    {
        $_SESSION[$VeriDatasiSay] = 0;
    }
        
    if ( intval ( $_SESSION[$VeriDatasiSay] ) > intval ( $Say ) )
    {
        return 2; // 3 adet denemenin üzerinde deneme yaptı engelle
    }
    else
    {
        return 1; // henüz deneme limitini geçmedi problem yok
    }
}
	
if ( BruteForce ( "login", 3 ) == 2 )
{
	echo "Invalid password. You will not be able to login for an hour because you have made too many incorrect password attempts.";
    exit(); 
}
Categories: PHP language
Tags:

2,681 Comments

Leave a Reply

Avatar placeholder

Related Posts

PHP language

PHP – Simple Master Whois Server On Linux

PHP language

PHP – Basic Torrent Tracker Server

Using Server URL: “http://torrent.tracker.durukanbal.com/“ “https://torrent.tracker.durukanbal.com/“

PHP language

PHP – Automation File Lock