hankey,
You could quickly write your own script for that because when you set up security assist, you get to set the login failed page.
So let's say your login page is "login.php".
And then in the SecurityAssist dialog for failed login, you specify the redirect as "login.php". You could add the a URL variable to the redirect such as "login.php?fail=1".
Now back on your login page, you would add code like this:
First, be sure you have a session start at the top of the page.
<?php session_start(); ?>
Then below that somewhere, you will need to create a session variable and then increment that variable on each failed attempt. Then you can test that variable for failed attempts and create an action.
// This will check to see if the session variable for failed attempts has been set and if not set, it will set it
if (!isset($_SESSION['failedAttempts'])) {
$_SESSION['failedAttempts'] = 0;
}
// This will store the session variable into a variable name easier to work with.
$failedAttempts = $_SESSION['failedAttempts'];
// This code will check for the URL variable to passed after a failed login and then add an increment operator to the failed attempt variable
if (isset($_GET['failed']) && $_GET['failed'] == 1) {
$failedAttempts++;
}
// this statement will see if the failed attempts is higher than 5, if so, it will redirect the user to another page which will keep them from accessing the login page
if ($failedAttempts > 5) {
header("Location: nologin.php");
exit();
}
You could get even fancier and add a session time out, but the default of 30 minutes should be good so I would probably just leave it alone.
Of course, you will want all of this code before the WebAssist login code.
Best regards,
Brian