mysql - PHP best practice to handle IP block and flood control for user login -


my every coding & algorithm set ok, required advice, if i'm going direction or not. have 2 concerns advice/review required.

concern i: algorithm

in login page, don't use google recaptcha. have following logic control flood & block ip:

  • for each non user failed login attempt, store ip on mysql "flood" table ip & time.
  • this way store & check maximum 20 attempts in last 2 hours. if occurs, delete flood records related ip & add ip "block_ip" mysql table.

for each of our php pages(30+) call following ip block function redirected blocked ip visitors "block.php" page.

function block_ip(){ $mysqli_2 = new mysqli(host, user, password, database);     if ($mysqli_2->connect_error) {     header("location: ../error.php?err=unable connect mysql");     exit();     }    $stmt_block_ip= $mysqli_2->prepare("select b_ip block_ip");       $stmt_block_ip->execute();    $stmt_block_ip->store_result();    $stmt_block_ip->bind_result($block_iip);    while( $stmt_block_ip->fetch()){   if(strpos($_server['remote_addr'],$block_iip) === 0)     {        header("location: ../block.php");         exit();     }     }   $stmt_block_ip->close();  }
  • next admin plan is, if total number of block ip goes > 50, clear table copying blocked ip & asking server service provider add .htaccess redirect them.

is idea good? or should keep on blocked ip table, might slow page loading, isn't it? long list of blocked ip's? better idea?

concern ii: algorithm

on forgot-username.php & forgot-password.php page have google recaptcha. didn't add flood control algo here, non-user attempted redirect them register page.

for security concern approach okay?

my 1st concern got solved seems willparky suggestion: code below ip block checking should done faster. guess don't need use .htaccess & transfer blocked ip here , there.

  function block_ip(){   $viewer_ip = $_server['remote_addr'];    $mysqli_2 = new mysqli(host, user, password, database);     if ($mysqli_2->connect_error) {     header("location: ../error.php?err=unable connect mysql");     exit();     }   $stmt_block_ip= $mysqli_2->prepare("select b_ip block_ip b_ip =     ?");    $stmt_block_ip->bind_param('s',$viewer_ip);   $stmt_block_ip->execute();   $stmt_block_ip->store_result();   if($stmt_block_ip->num_rows == 1){     {      header("location: ../block.php");      exit();    }   }  $stmt_block_ip->close();   }

Comments

Post a Comment

Popular posts from this blog

Sort a complex associative array in PHP -

this question has answer here: php sort array subarray value 5 answers i have associative array in php like: $newarray1 = array ( [producta] => array ( [link] => http://sanjosespartan.com/blog/products/agile-java-development/ [visitcount] => 4 ) [productd] => array ( [link] => http://sanjosespartan.com/blog/products/intro-to-go/ [visitcount] => 1 ) [productg] => array ( [link] => http://sanjosespartan.com/blog/products/node-js-for-developers/ [visitcount] => 1 ) [productb] => array ( [link] => http://sanjosespartan.com/blog/products/beginning-mysql/ [visitcount] => 1 ) [productc] => array ( [link] => http://sanjosespartan.com/blog/products/computer-networks/ [visitcount] => 1 ) ...
Read more

vb.net - How to ignore if a cell is empty nothing -

how use roscolor() ignore value (like empty cell) ? color row if value upper 5 when there nothing in cell, want ignore roscolor() apply, how? public sub roscolor() integer = 0 quotedatagridview1.rows.count() - 1 step +1 dim val integer val = quotedatagridview1.rows(i).cells(3).value if val = vbempty quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.white elseif val < 5 quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.red elseif val > 5 , val < 10 quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.lightyellow end if next end sub you can check empty value following public sub roscolor() integer = 0 quotedatagridview1.rows.count() - 1 step +1 dim val = quotedatagridview1.rows(i).cells(3).value if isdbnull(val) or val nothing quotedatagridview1.rows(i).defaultcellstyle.backcolor = color.white ...
Read more

recursion - Can every recursive algorithm be improved with dynamic programming? -

i first year undergraduate csc student looking competitive programming. recursion involves defining , solving sub problems. understand, top down dynamic programming (dp) involves memoizing solutions sub problems reduce time complexity of algorithm. can top down dp used improve efficiency of every recursive algorithm overlapping sub problems? dp fail work , how can identify this? the short answer is: yes. however, there constraints. obvious 1 recursive calls must overlap. i.e. during execution of algorithm, recursive function must called multiple times same parameters. lets truncate recursion tree memoization. can use memoization reduce number of calls. however, reduction of calls comes price. need store results somewhere. next obvious constraint need have enough memory. comes not-so obvious constraint. memory access requires time. first need find result stored , maybe copy location. in cases, might faster let recursion calculate result instead of loading somewher...
Read more