BestHub
Sign in
Backend Development 5 min read

Implementing IP Blocking and Login Attempt Limiting in Backend Applications

This article explains how to record login failures, lock accounts after multiple errors, block client IPs based on IP ranges, and limit login attempts using server variables, database checks, and PHP session handling, providing complete code examples for each technique.

Laravel Tech Community
Laravel Tech Community
Laravel Tech Community
Implementing IP Blocking and Login Attempt Limiting in Backend Applications

The article explains the principle of recording login attempts in a database, using date differences to lock accounts after a certain number of failures, and describes methods for blocking IP addresses based on IP ranges.

It provides a code example for matching a client IP against an allowed IP segment using split functions and conditional logic.

url=split(ip,".")  // client IP
fsip="192.168.*.*"  // allowed segment
fip=split(fsip,".")
if fip(0)=url(0) and fip(1)=url(1) then
    response.write "您的IP被封"
else
    response.write "可以通过"
end if

Another example shows how to obtain the client’s real IP address from server variables, convert it to a numeric value, and compare it with stored ranges.

if Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
    IP=Request.ServerVariables("REMOTE_ADDR")
else
    IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
end if
sip=IP
cip=split(ip,".")
ip=256*256*256*cip(0)+256*256*cip(1)+256*cip(2)+cip(3)-1

A more complete PHP implementation is presented, defining an IP class to retrieve the client IP, a function to extract the network prefix, and logic to read allowed IP ranges from a file and decide whether to grant access.

<?php
class IP{ //获取客户IP地址
  function getIpAdr(&$ip){
    $ip1=getenv("HTTP_X_FORWARDED_FOR");
    $ip2=getenv("HTTP_CLIENT_IP");
    $ip3=getenv("REMOTE_ADDR");
    if($ip1 && $ip1!='unknow')
      $ip=$ip1;
    else if($ip2 && $ip2!='unknow')
      $ip=$ip2;
    else if($ip3 && $ip3!='unknow')
      $ip=$ip3;
    else
      $ip='127.0.0.1';
  }
}
function get_netip($myip){ //只留客户IP地址的前三位
  $temp=explode(".",$myip);
  $netip=$temp[0].".".$temp[1].".".$temp[2];
  return $netip;
}
$filename="test.ini"; //定义操作文件
$ip_lib=file($filename); //读取文件数据到数组中
$allow=0;
$IP=new IP;
$thisip="";
$IP->getIpAdr(&$thisip);
$thenetip=get_netip($thisip);
for($i=0;$i
location.href='Error.php';
";
}
?>

Finally, the article demonstrates how to limit login attempts using PHP sessions, incrementing a counter on each failed password and blocking further attempts after three failures.

if(用户的密码是错误的){
  if(!empty($_SESSION['login_error'])){
    if($_SESSION['login_error'] == 3){
      exit("这里已经是第三次了");
    } else {
      $_SESSION['login_error'] = $_SESSION['login_error']++;
    }
  } else {
    $_SESSION['login_error'] = 1;
  }
}
BackendPHPCode ExampleSession ManagementIP blockinglogin security
Laravel Tech Community
Written by

Laravel Tech Community

Specializing in Laravel development, we continuously publish fresh content and grow alongside the elegant, stable Laravel framework.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment