I'm writing an authentication script that bans the IP for thirty minutes if the user makes more than 3 unsuccessful login attempts. The query is to jam the ip address, timestamp, and the timestamp plus 30 minutes into a MySQL table.
For starters, my server uses PHP 4.3.1, MySQL 4.1, and Apache 1.3
I have the following code written:
Code: Select all
else { //the attempt_count >= 3...
$admin_auth = "EXCEEDED"; //more than 3 login attempts have failed in the same session
$auth_message = "You have exceeded the maximum login attempts for this session. To prevent hacking, further attempts from your IP address have been disabled";
$ip_address = decode_ip($user_ip); //function from from phpBB
$expires = //supposed to be NOW + 30minutes????
mysql_select_db($database_conn_member_site, $conn_member_site); //connection is already open
$query_ip_ban_insert = sprintf("INSERT INTO tbl_ip_ban VALUES ('$ip_address','NULL','$expires')";
$result_ip_ban_insert = mysql_query($query_ip_ban_insert, $conn_member_site) or die("snake-eyes...query crapped out! " . mysql_error());
session_unregister(attempt_count); //get rid of the attempt counter so it won't be a factor when the ban expires.
}Any help cleaning this up would be greatly appreciated.
Thanks,