11 Replies - 2761 Views - Last Post: 09 August 2011 - 08:39 PM Rate Topic: -----

#1 menukadevinda  Icon User is offline

  • D.I.C Regular

Reputation: -7
  • View blog
  • Posts: 470
  • Joined: 14-April 11

login + ip locking facility

Posted 06 August 2011 - 09:15 PM

hi all,

i am new to php. i am developing a login where i compare encrepted password and set session to the user and login to the system.

but I need mote to do with this.
I need to know how to lock IP if a user try more than 2 3 timies to login to the system..
I am using php and don't know what are the areas that i have to stdy to do this..

can any body give me a hint ...

example code is highly appreciated

thanks in advance,
menukaddevinda

Is This A Good Question/Topic? 0
  • +

Replies To: login + ip locking facility

#2 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5388
  • View blog
  • Posts: 27,384
  • Joined: 10-May 07

Re: login + ip locking facility

Posted 06 August 2011 - 09:20 PM

*
POPULAR

Assuming you have not had a look through our large resource of tutorials...

Creating a Secure, Professional Login Module (Offers IP Locking)
Basic Login Script
Password reset without using databases
Handling Sessions in PHP
Was This Post Helpful? 5
  • +
  • -

#3 Loopzle  Icon User is offline

  • New D.I.C Head

Reputation: 6
  • View blog
  • Posts: 35
  • Joined: 23-October 10

Re: login + ip locking facility

Posted 07 August 2011 - 01:31 PM

I'm sure it says, even behind this text as I type, "We won't do your homework for you". I think by giving you example code we would be.

Can't you just start out by finding out how to get the user's IP, then make some sort of system possibly using a database or even flat text (not really recommended) to count the amount of failures the user has had? Then you could clear it when they login. It's pretty simple really.
Was This Post Helpful? 3
  • +
  • -

#4 E_Geek  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 45
  • View blog
  • Posts: 236
  • Joined: 20-February 11

Re: login + ip locking facility

Posted 08 August 2011 - 11:36 AM

Want to go ahead an say ...
Blocking I.P is fairly useless if you use a proxy, for example I use one, and have a button which says 'Cycle I.P', upon clicking it I have a new I.P address, and therefore could carry on attempting to login.

Not everyone uses this, but you should be aware :)
Was This Post Helpful? 1
  • +
  • -

#5 menukadevinda  Icon User is offline

  • D.I.C Regular

Reputation: -7
  • View blog
  • Posts: 470
  • Joined: 14-April 11

Re: login + ip locking facility

Posted 09 August 2011 - 04:52 AM

hi I too do that, trick with my dongle. I would disconnect and reconnect.then i get a new ip hah ..
so is there any way to handle this? and i want to know that is there any option than enumerating on username and password to get access to the login. I mean without username and password how can somebody logging to a sight.
Was This Post Helpful? 0
  • +
  • -

#6 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5388
  • View blog
  • Posts: 27,384
  • Joined: 10-May 07

Re: login + ip locking facility

Posted 09 August 2011 - 11:16 AM

View Postmenukadevinda, on 09 August 2011 - 07:52 AM, said:

hi I too do that, trick with my dongle. I would disconnect and reconnect.then i get a new ip hah ..
so is there any way to handle this?

Use a service like No Ip, or contact your ISP to get commercial grade service (static ip).
Was This Post Helpful? 0
  • +
  • -

#7 E_Geek  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 45
  • View blog
  • Posts: 236
  • Joined: 20-February 11

Re: login + ip locking facility

Posted 09 August 2011 - 01:10 PM

If you mean handle I.P addresses for a client(user) then no. If I wanted to change my i.p address, there is nothing you can do to stop or, (or nothing legal you can do to trace my i.p change)

Instead, you should consider locking the account after x amount of failed login attempts, requiring a reset.

Quote

i want to know that is there any option than enumerating on username and password to get access to the login.


Um, If I understand you correctly, then yes. You would simply use a WHERE clause to select the matching username and password from a database, if the pairing isn't present, you would get no result returned.
Was This Post Helpful? 0
  • +
  • -

#8 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6107
  • View blog
  • Posts: 23,659
  • Joined: 23-August 08

Re: login + ip locking facility

Posted 09 August 2011 - 01:23 PM

Quote

I mean without username and password how can somebody logging to a sight.


Have you been to sites (that's the correct spelling) where you log in WITHOUT providing some identifying information? On its face this is simply a ridiculous question.
Was This Post Helpful? 0
  • +
  • -

#9 menukadevinda  Icon User is offline

  • D.I.C Regular

Reputation: -7
  • View blog
  • Posts: 470
  • Joined: 14-April 11

Re: login + ip locking facility

Posted 09 August 2011 - 07:18 PM

hi,
I meaned logging to site that user name and password request but without both, how can somebody loge.simply how can a thief do that?

thx
Was This Post Helpful? 0
  • +
  • -

#10 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5388
  • View blog
  • Posts: 27,384
  • Joined: 10-May 07

Re: login + ip locking facility

Posted 09 August 2011 - 07:39 PM

View Postmenukadevinda, on 09 August 2011 - 10:18 PM, said:

simply how can a thief do that?

By exploiting poorly written code.
Was This Post Helpful? 2
  • +
  • -

#11 menukadevinda  Icon User is offline

  • D.I.C Regular

Reputation: -7
  • View blog
  • Posts: 470
  • Joined: 14-April 11

Re: login + ip locking facility

Posted 09 August 2011 - 08:35 PM

Quote

By exploiting poorly written code.


does it mean that perfect code, can prevent exploiting?? i thought there is technological issues except the poor coding.
i have read that sometimes, hacking and exploiting can not stop but control.

This post has been edited by no2pencil: 09 August 2011 - 08:36 PM
Reason for edit:: Corrected quote tags

Was This Post Helpful? 0
  • +
  • -

#12 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5388
  • View blog
  • Posts: 27,384
  • Joined: 10-May 07

Re: login + ip locking facility

Posted 09 August 2011 - 08:39 PM

Again, the wonderful tutorial section of Dream In Code offers the following :

Preventing MySql injection
Preventing PHP Mail Header Injection

It's really as simple as validating input. The easiest targets are websites that do not validate user input.

View Postmenukadevinda, on 09 August 2011 - 11:35 PM, said:

Quote

By exploiting poorly written code.


does it mean that perfect code, can prevent exploiting??

No, because code is just syntax. It's either right or it's wrong. You must write your code with security in mind.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1