> in a file I have a function
>
> when one access at the file, to have initially a text box where is
> necessary to insert a word Safety (similar at password but must to be in
> clear) to continue the code.
Actually, I'm surprised it's not a text box into which you have to type
(or paste) an overly long and complicated copy of the terms of service,
complete with the requirement to turn over the first-born child,
character-for-character correct for each of 100KB characters.
>
> other
> if one enter wrong security code for 5 times, lock all for an hour
You will need to have users identify themselves securely before they get
to this page. You also need to avoid the problem of a user following
this logic:
X: Create a new account.
Log in to that account.
Enter the wrong security code.
Enter the wrong security code.
Enter the wrong security code.
Enter the wrong security code.
Enter the wrong security code.
Go to X.
and doing it with a bot so the whole loop executes in a few seconds.
Either prohibit user creation of new accounts, or require something
unique for each account (like an email address or phone number that
works (and you test before activating the account), different from
that of any other account), or introduce long delays between signing
up and the account becoming active.
I presume you DO NOT mean: if 5 different users (but since you
have no login system you don't know this) enter the wrong security
code in order, one in Texas, one in France, one in Australia, one
in Japan, and one in China, with no intervening entry of the correct
code by any other user, then you lock out *ALL* users in the entire
world from accessing the file for the next hour.
You have not specified details of the algorithm. One way might be:
On initially creating a user, set the error count to 0 and
lockout_until_time to the distant past. Or, depending on
what's in this file, set lockout_until_time to the date and
time of his 18th birthday.
Check that the user is correctly logged in each time this
page where you enter the security code is visited.
If it's earlier than lockout_until_time, regardless of the
count, ignore the security code and set lockout_until_time to
1 hour in the future and deny access, else
If the user enters a correct security code, set the error
count to 0 and allow access, else
If the user enters an incorrect security code, increment
the error code. If the resulting error count is >= 5, set
the lockout_until_time to 1 hour in the future, and deny
access. Be sure not to let the error count overflow to a
negative number or zero.
Thus, if a user entered an incorrect security code in 1776, 1876,
1976, and 2009, and does so again now, you lock him out until 1
hour in the future. If he subsequently tries to get in every 59
minutes, continue locking him out indefinitely regardless of what
security code he enters until he takes a break longer than an
hour. (Humans need to sleep; bots don't).
You need a way to keep track of each user, with a count of the
number of wrong codes and the time of the last one. This probably
goes into a database. *DO NOT* store things like the bad security
code count on the user's browser in a cookie so he can reset it by
clearing cookies.
After you have implemented a whole user-login system, checking the
security code should be easy, and I assume it's a homework assignment.