Here’s an example of controlling access to private pages through php, a class Authorization :
//////////////////////////////////////////////////////////////////// //Authorization class to maintain security of access to admin tool class Authorization { public function grant() { $_SESSION['auth'] = true; unset($_SESSION['locked']); unset($_SESSION['tries']); } public function revoke() { unset($_SESSION['auth']); } public function fail() { if(!isset($_SESSION['tries'])) $_SESSION['tries'] = 1; else $_SESSION['tries']++; if($_SESSION['tries'] >= 6) $_SESSION['locked'] = true; } public function isAuthorized() { return isset($_SESSION['auth']); } public function isLocked() { return isset($_SESSION['locked']); } public function getAttempts() { if(isset($_SESSION['tries'])) return $_SESSION['tries']; else return 0; } }
then at the main code of the webpage, we can put the max attemps and block the connection if you do more than this.
session_start(); $maxAttempts = 3; //maximum number of password attempts $password="xxx" $auth = new Authorization(); //create authorization object if(isset($_POST['logout'])) //user has attempted to log out { $auth->revoke(); } else if(isset($_POST['login'])) //user has attempted to log in { if($_POST['password']==$password) $auth->grant(); else $auth->fail(); } if(!$auth->isAuthorized()) { echo "<div id='loginBox'>"; echo "<h1>SQLite3Admin</h1>"; echo "<h2>".$DBFilename."</h2>"; if($auth->isLocked()) { echo "Unfortunately, you have entered an incorrect password too many times. You <span style="white-space: pre;"> </span>are locked out. Sorry."; } else { $lock = $auth->getAttempts(); if($lock>0) echo $lock." attempts out of ".$maxAttempts.".<br/><br/>"; echo "<form action='".$thisName."' method='post'>"; echo "Password: <input type='password' name='password'/>"; echo "<input type='submit' value='Log In' name='login'/>"; echo "</form>"; } echo "</div>"; }