How to make max 10 attempts per IP

[amine2]

How to make max 10 attempts per IP.

I have a login panel and i need a tutorial about how i can make max 10 attempts per IP.

And after 24 Hours the attempts will be 10.

[Tekken]

Hi, to do so you will need a table where you will store IP’s and attempts like so:

local trys = {};

-- when someone joins
trys[IP] = 0; -- default to 0;
 -- when the player 'attempts' something you do a check;

if trys[IP] < 10 then                               
--do the thing;
    trys[IP] = #trys[IP] + 1; --add 1 to his attempts;
end
                               
                        

Note that this will drop when you restart server/resource so you mai need to make a backup of the table

[amine2]

1 hour ago, Tekken said:

 

 

and how i can make the timer

 

[Tekken]

Timer for what ?

[amine2]

when fail in 10 attempts you will have a timer with 24 so the attempts will be 10

[Tekken]

24 what ?  hours, minutes, seconds ? ?

[amine2]

hours

 

[Addlibs]

When incrementing the attempts counter, check if it just surpassed 10 (that is, it was below 10 before the increment and is now equal or greater than 10), and if so, either start a timer for 24 hours to clear the lock, or store the current timestamp + 86400 sec, and ensure the next time the user attempts to do the same thing, the current timestamp is greater or equal to the previously stored timestamp (of course all of this, per IP).

Something like this:

local attempts = {}
local lockouts = {}

function isIPLockedOut(ip)
  -- check if the lockout needs to be cleared
  if (lockouts[ip]) then -- if ip was locked out before

    if (lockouts[ip] < getRealTime().timestamp) then
      -- if lockout timestamp hasn't been reached
      return true
    else
      -- if lockout timestamp is in the past, 
      lockouts[ip] = nil -- clear the lockout and continue the function
      attempts[ip] = 0 -- clear the attempts count
    end

  end

  local offenseCount = attempts[ip] or 0
  if (offenseCount >= 10) then
    return true -- if count is above 10, return true
  end

  return false -- otherwise return false
end

function incrementOffenseCount(ip)
  local offenseCount = attempts[ip] or 0 -- default to 0 offenses if not set

  if (offenseCount >= limit) then -- if limit exceeded
    lockouts[ip] = getRealTime().timestamp + 86400 -- lockout for 24h
  else -- otherwise
    attempts[ip] = offenseCount + 1 -- increment offense count
  end
end


-- example usage
function attemptLogin(player, username, password)
  local ip = getPlayerIP(player)
  if isIPLockedOut(ip) then
    local seconds = lockouts[ip] - getRealTime().timestamp
    local hours = math.floor((seconds%86400)/3600)
    local mins = math.floor((seconds%3600)/60)
    outputChatBox(string.format("You've attempted this action too many times. Your IP is blocked for %dh %02dm.", hours, mins), player, 255, 0, 0)
  else
    if getAccount(username, password) then
      logIn(player, username, password)
    else
      incrementOffenseCount(ip) -- only call this within a conditional block on isIPLockedOut(ip) == false
      outputChatBox("Wrong username or password", player, 255, 0, 0)
    end
  end
end

For the above provided code, make sure you only ever call incrementOffenseCount if isIPLockedOut returned false, otherwise you'll be resetting the lockout timer.

Edited July 8, 2022 by Addlibs