PHP secure login function(repost2)

We need a php function that stores the last date/time a user has logged in and prevents password guessing attacks The function signature is check_password(user's ip address, username, password) The function 1. Does not allow the same ip address to be used for more than 100 different usernames in any given hour. 2. Does not allow a user to have more than 4 wrong (but different) passwords in 1 minute 3. Does not allow the same username to be associated with 10 different ip addresses in 5 minutes. 4. Does not allow concurrent login requests for the same user 5. Does not allow concurrent login requests for the same ip address 6. Returns a list of failed loggin attempts since last login 7. Returns the last successful login and ip address 8. Returns whether subsequent attempts will be delayed. 9. Redirects the user to the same page (with a delay reload). The protections listed above are achieved by just asking the user to wait by 1 minute after 3 wrong passwords and 2 minutes after 10 different passwords, i.,e., protection is *not* acheived by returning a failure. If the user attempts to login when he/she should have waited, the function should fail even if the password was correct. Use sqlite (PDO) to store relevant information. Always salt the passwords with a random value before storing (if you dont understand what "salting" means, this project is not for you). ## Deliverables Two simple test scripts need to be prepared 1. Interactive demo (a simple login page). Display the following text if the user's login fails. Your login credentials are not correct. [You also exceeded <whatever has been exceeded>. You need to wait <60/180> seconds before making another login attempt" This page will <refresh/redirect> in <60/180> seconds.] 2. Regression testing (current requests should be made to demonstrate the correct functioning of the scripts). Examples: Say my username is "han" and password is "pass". Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:01 "han/pass" -> no wait Login from [login to view URL] at 00:02 "han/pass" -> no wait Login from [login to view URL] at 00:05 "han/wrong" -> no wait Login from [login to view URL] at 00:05 "han/wrong" -> no wait Login from [login to view URL] at 00:05 "han/pass" -> no wait Login from [login to view URL] at 00:09 "han/wrong" -> no wait Login from [login to view URL] at 00:09 "han/wrong" -> no wait Login from [login to view URL] at 00:09 "han/wrong" -> no wait Login from [login to view URL] at 00:09 "han/wrong" -> 3 wrong passwords. User has to wait 1 mins (php doesnt. It just returns a 1 min delayed redirect to the webpage) Login from [login to view URL] at 00:13 "han/pass" -> no wait (user waited 1 mins) Login from [login to view URL] at 00:14 "han/wrong" -> no wait Login from [login to view URL] at 00:14 "han/wrong" -> no wait Login from [login to view URL] at 00:14 "han/wrong" -> no wait Login from [login to view URL] at 00:14 "han/wrong" -> user has to wait 1 mins Login from [login to view URL] at 00:14 "han/wrong" -> user didnt wait 1 mins (A 1 min delayed redirect to the webpage) Login from [login to view URL] at 00:14 "han/pass" -> user didnt wait the requested period (login is treated incorrect. a 1 min delayed redirect to the webpage) Login from [login to view URL] at 00:26 "han/pass" -> OK Login from [login to view URL] at 00:30 "han/wrong" -> no wait Login from [login to view URL] at 00:30 "han/wrong" -> no wait Login from [login to view URL] at 00:30 "han/wrong" -> no wait Login from [login to view URL] at 00:30 "han/wrong" -> user has to wait 1 mins Login from [login to view URL] at 00:30 "han/pass" -> user didnt wait 1 mins (login is treated incorrect. a 1 min delayed redirect to the webpage) Login from [login to view URL] at 00:31 "han/wrong" -> user has to wait 1 mins Login from [login to view URL] at 00:31 "han/wrong" -> user has to wait 1 mins Login from [login to view URL] at 00:31 "han/wrong" -> user has to wait 1 mins Login from [login to view URL] at 00:38 "han/wrong" -> user waited but wrong again. user has to wait 1 mins for the next attempt. Login from [login to view URL] at 00:38 "han/pass" -> OK (different IP) Login from [login to view URL] at 00:38 "han/pass" -> Login incorrect. User had to wait 1 mins Login from [login to view URL] at 00:38 "han/pass" -> OK Login from [login to view URL] at 00:38 "han/pass" -> OK Login from [login to view URL] at 00:38 "han/wrong" -> No wait Login from [login to view URL] at 00:39 "han/wrong" -> No wait Login from [login to view URL] at 00:40 "han/wrong" -> No wait ... Login from [login to view URL] at 00:48 "han/wrong" -> No wait (but 10 IP rule triggered). Login from [login to view URL] at 00:49 "han/pass" -> Incorrect. Attack from multiple ips for the same user). Login from [login to view URL] at 00:38 "han01/wrong" -> No wait Login from [login to view URL] at 00:39 "han02/wrong" -> No wait Login from [login to view URL] at 00:48 "han03/wrong" -> No wait ... Login from [login to view URL] at 00:58 "han99/wrong" -> No wait Login from [login to view URL] at 00:58 "han100/wrong" -> No wait Login from [login to view URL] at 00:58 "han/pass" -> Incorrect (a computer is trying to find a login) Also the following ones are OK Same IP/Same time but correct Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait Multple IPs but correct Login from [login to view URL] at 00:00 "han/pass" -> no wait ... Login from [login to view URL] at 00:00 "han/pass" -> no wait Login from [login to view URL] at 00:00 "han/pass" -> no wait ... Login from [login to view URL] at 00:00 "han/pass" -> no wait Same IP but different correct users (probably multiple users behind a NAT) Login from [login to view URL] at 00:00 "han01/pass" -> no wait Login from [login to view URL] at 00:00 "han02/pass" -> no wait ... Login from [login to view URL] at 00:00 "han101/pass" -> no wait 1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done. 2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables): a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment. b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request. 3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement). ## Platform PHp 5.x