login sleep

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Zoram
Forum Contributor
Posts: 166
Joined: Sun Aug 18, 2002 3:28 pm
Location: Utah
Contact:

login sleep

Post by Zoram »

I was reading in the php manual about the sleep() function and people were talking about using it for login... how does that work exactly? Where would i use it?
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

try here

Post by phpScott »

http://www.php.net is in my opinion the best online resource for explaining php functions and the like. Of course here is even better because you can get real explantions to specific problems :D
try here
http://www.php.net/manual/en/function.sleep.php
User avatar
Zoram
Forum Contributor
Posts: 166
Joined: Sun Aug 18, 2002 3:28 pm
Location: Utah
Contact:

Re: login sleep

Post by Zoram »

Zoram wrote:I was reading in the php manual about the sleep() function and people were talking about using it for login... how does that work exactly? Where would i use it?
lol, yeah, i was curious about a little more in depth about how i would implement this in the login process :)
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

sorry

Post by phpScott »

sorry i missed the php manual stuff. I have never used it so I won't be of any help. :?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

brute force password attacks use a massive amounts of login attemps.
If one attempt takes 0.1 seconds a hacker can try more combinations compared with a 0.1 seconds+sleep(1) interval for login responses.
i.e.

Code: Select all

<?php
sleep(1);
if (checkLogin($_POSTї'login'], $_POSTї'pass'])
   loggedIn();
else
   loginFailed();
...
this will delay each login attempt wether it is successful or not giving no clue to a hacker.
Post Reply