Here’s an example of controlling access to private pages through php, a class Authorization :

    ////////////////////////////////////////////////////////////////////    
    //Authorization class to maintain security of access to admin tool    
    class Authorization    
    {    
		public function grant()    
		{    
			$_SESSION['auth'] = true;    
			unset($_SESSION['locked']);    
			unset($_SESSION['tries']);    
		}    
		public function revoke()    
		{    
			unset($_SESSION['auth']);    
		}    
		public function fail()    
		{    
			if(!isset($_SESSION['tries']))    
				$_SESSION['tries'] = 1;    
			else    
				$_SESSION['tries']++;    
				
			if($_SESSION['tries'] >= 6)    
				$_SESSION['locked'] = true;    
		}    
		public function isAuthorized()    
		{    
			return isset($_SESSION['auth']);    
		}    
		public function isLocked()    
		{    
			return isset($_SESSION['locked']);    
		}    
		public function getAttempts()    
		{    
				if(isset($_SESSION['tries']))    
					return $_SESSION['tries'];    
				else    
					return 0;    
		}    
    }
	

then at the main code of the webpage, we can put the max attemps and block the connection if you do more than this.

    session_start();    
    $maxAttempts = 3; //maximum number of password attempts    
    $password="xxx"    
         
    $auth = new Authorization(); //create authorization object    
         
    if(isset($_POST['logout'])) //user has attempted to log out    
    {    
		$auth->revoke();    
    }    
    else if(isset($_POST['login'])) //user has attempted to log in    
    {    
		if($_POST['password']==$password)    
			$auth->grant();    
		else    
			$auth->fail();    
    }    
         
    if(!$auth->isAuthorized())    
    {    
		echo "<div id='loginBox'>";    
		echo "<h1>SQLite3Admin</h1>";    
		echo "<h2>".$DBFilename."</h2>";    
		if($auth->isLocked())    
		{    
			echo "Unfortunately, you have entered an incorrect password too many times. You <span style="white-space: pre;"> </span>are locked out. Sorry.";    
		}    
		else    
		{    
			$lock = $auth-&gt;getAttempts();    
			if($lock&gt;0)    
			echo $lock." attempts out of ".$maxAttempts.".&lt;br/&gt;&lt;br/&gt;";    
			echo "&lt;form action='".$thisName."' method='post'&gt;";    
			echo "Password: &lt;input type='password' name='password'/&gt;";    
			echo "&lt;input type='submit' value='Log In' name='login'/&gt;";    
			echo "&lt;/form&gt;";    
		}    
		echo "&lt;/div&gt;";    
    }    
    
Facebooktwittergoogle_plusredditpinterestlinkedinmail