Nicholas
Just another user:)
- Mar 18, 2015
- 58
- 9
Hello I am a certified PHP developer I have my own brute force script...
First you must run this sql code into your phpmyadmin/navicat
In your configuration file add this line of code
Now create a file name * brute.class.php *
then put this code below in it
Then on you login page call the class and initiate it with the code below
change the vars to your db connection details, and put that at the top of your page.
Then you can validate it by.
I hope this helps with your habbo retro, revcms is not secure so I wanna help make retros secure. If you have any problems contact my Skype at nenglish0820
I have an example on a retro called Vox Hotel,
First you must run this sql code into your phpmyadmin/navicat
Code:
CREATE TABLE `login_attempts` (
`attempt_number` INT(11) NOT NULL,
`time` VARCHAR(255) NOT NULL,
`ip_addr` VARCHAR(255) NOT NULL,
PRIMARY KEY (`ip_addr`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
PHP:
define("MAX_LOGIN_ATTEMPTS", number of attempts you want it to be);
// make sure it is a number not a string
// so it would 0 instead of "0"
then put this code below in it
PHP:
<?php
class brute_force {
public $db = "";
public $connectionstring = "";
function __construct($db_host, $db_user, $db_pass, $db_name) {
$this->connectionstring = "" . $db_host . ", " . $db_user . ", " . $db_pass . ", " . $db_name . "";
$this->db = new mysqli($this->connectionstring);
}
private function getLoginAttempts() {
$date = date("Y-m-d");
$connecting_ip = $_SERVER["REMOTE_ADDR"];
if (!$connecting_ip) {
return PHP_INT_MAX;
}
$query = "SELECT attempt_number FROM login_attempts WHERE ip_addr = ? AND time = ?";
if (!isset($lgt)) {
$lgt = $this->db->prepare($query);
}
$lgt->bind_param("ss", $connecting_ip, $date);
$lgt->execute();
$lgt->store_result();
if ($lgt->num_rows == 1) {
$lgt->bind_result($login_attempts_number);
$lgt->fetch();
return intval($login_attempts_number);
} else {
return 0;
}
}
function insertLoginAttempt() {
$date = date("Y-m-d");
$connecting_ip = $_SERVER["REMOTE_ADDR"];
$current_attempts = $this->getLoginAttempts();
if ($current_attempts > 0) {
$new_attempts = $current_attempts + 1;
$query = "UPDATE login_attempts SET attempt_number = ?, time = ? WHERE ip_addr = ?";
if (!isset($lut)) {
$lut = $this->db->prepare($query);
}
$lut->bind_param("iss", $new_attempts, $date, $connecting_ip);
$lut->execute();
return true;
} else {
$new_interval = 1;
if (!isset($lit)) {
$lit = $this->db->prepare("INSERT INTO login_attempts (attempt_number, time, ip_addr) VALUES (?, ?, ?)");
}
$lit->bind_param("iss", $new_interval, $date, $connecting_ip);
$lit->execute();
return true;
}
}
function checkBruteForce() {
$current_attempts = $this->getLoginAttempts();
if ($current_attempts > MAX_LOGIN_ATTEMPTS) {
return true;
} else {
return false;
}
}
}
?>
PHP:
include "path/to/file/brute.class.php";
$brute = new brute_force(database_host, database_user, database_pass, database_name);
Then you can validate it by.
PHP:
if ($brute->checkBruteForce() == true) {
// login is locked because of too many attempts, unlocks after a day
} else {
$brute->insertLoginAttempt();
// code if user fails login
}
I have an example on a retro called Vox Hotel,
You must be registered for see links
Last edited: