PHP, simple abuse preventer script, bruteforce blocker with delay, page protection

Question

abuse protect, try limit, throttle download

mrmucha · Answer

Simple abuse (bruteforce) preventer in php.

description

User can trigger this script 5 times until lock counter start
Using SESSION, not cookies
If delay will exceed last value (25+sec) script is goint to countdown this value until fresh start

how to use?

if(!check_user_password()){
 abuse_preventer();
};

code

<?php
//muszak.eu abuse preventer 1.0
abuse_preventer();

function abuse_preventer()
{
    if (!isset($_SESSION))
        session_start();

    $usage = array(2, 3, 5, 6, 7, 10, 15, 20, 25); // seconds to wait after each request
    $freeHits = 5;

    if (getVal('free_hits') <= $freeHits) {
        setVal('free_hits', getVal('free_hits') + 1);
        return;
    }

    if (getVal('use_last')) {

        $usageCounter = $usage[getVal('use_count', 0)];
        $nextin = getVal('use_last') + $usageCounter;
        if ($nextin >= time()) {

            if (!getVal('use_locked')) {
                $counter = getVal('use_count') + 1;
                setVal('use_count', $counter);
                setVal('use_locked', false);
            }

            if (getVal('use_count') > sizeof($usage) - 1) {
                setVal('use_count', sizeof($usage) - 1);
                setVal('use_locked', true);
            }
            echo 'Poczekaj ' . ($nextin - time()) . ' sekund.  &hellip; ';
            die();
        } else {
            setVal('use_count', 0);
            setVal('use_locked', false);
            setVal('free_hits', 0);
        }
    } else {
        setVal('use_count', 0);
    }

    if (!getVal('use_locked')) {
        setVal('use_last', time());
    }
}

function getVal($keyName, $default = null)
{
    return $_SESSION[$keyName] ?? $default;
}

function setVal($keyName, $value)
{
    if (!isset($_SESSION))
        session_start();

    return $_SESSION[$keyName] = $value;
}