Here’s an example of controlling access to private pages through php, a class Authorization :
////////////////////////////////////////////////////////////////////
//Authorization class to maintain security of access to admin tool
class Authorization
{
public function grant()
{
$_SESSION['auth'] = true;
unset($_SESSION['locked']);
unset($_SESSION['tries']);
}
public function revoke()
{
unset($_SESSION['auth']);
}
public function fail()
{
if(!isset($_SESSION['tries']))
$_SESSION['tries'] = 1;
else
$_SESSION['tries']++;
if($_SESSION['tries'] >= 6)
$_SESSION['locked'] = true;
}
public function isAuthorized()
{
return isset($_SESSION['auth']);
}
public function isLocked()
{
return isset($_SESSION['locked']);
}
public function getAttempts()
{
if(isset($_SESSION['tries']))
return $_SESSION['tries'];
else
return 0;
}
}
then at the main code of the webpage, we can put the max attemps and block the connection if you do more than this.
session_start();
$maxAttempts = 3; //maximum number of password attempts
$password="xxx"
$auth = new Authorization(); //create authorization object
if(isset($_POST['logout'])) //user has attempted to log out
{
$auth->revoke();
}
else if(isset($_POST['login'])) //user has attempted to log in
{
if($_POST['password']==$password)
$auth->grant();
else
$auth->fail();
}
if(!$auth->isAuthorized())
{
echo "<div id='loginBox'>";
echo "<h1>SQLite3Admin</h1>";
echo "<h2>".$DBFilename."</h2>";
if($auth->isLocked())
{
echo "Unfortunately, you have entered an incorrect password too many times. You <span style="white-space: pre;"> </span>are locked out. Sorry.";
}
else
{
$lock = $auth->getAttempts();
if($lock>0)
echo $lock." attempts out of ".$maxAttempts.".<br/><br/>";
echo "<form action='".$thisName."' method='post'>";
echo "Password: <input type='password' name='password'/>";
echo "<input type='submit' value='Log In' name='login'/>";
echo "</form>";
}
echo "</div>";
}
