Well right now DOS(denial of service) can be prevented and it is possible. But what I mean for brute force attack is actually a person deliberately trying to enter username and password for accessing the protected directory, using kind of hacker software which could generate thousands of fake username and password, check if it match with the one in your password database.
The method has better chance of accessing the protected directory if the password database has thousands of username.
This will result server idleness or even makes your server very slow in responding. And on top of that it will actually eat up your bandwidth end up for some people in bankruptcy(Can't afford to pay $$$$$ of bandwidth expenses).
What I'm trying now is actually dealing with .htaccess and instead gets the list of users in the old way which is txt document the new attempt is actually have my .htaccess deal with MySQL which is faster for accessing data and quicker in execution time(Thanx to MySQL for such a nice and free software).
Wish newer version of apache has this kind of functionality by default.
About the brute force attack. What I want is actually each user has lets say 5 grace logins once they exceed its limit then block this user ip address and prevent it from further try. The php will be able to deal with htaccess and give the negative response to (I dont really know where) so that the server will forbid the login attampt by the user ip address
That's what my pseudo code after all.
Now the problem is how to implement it in very efficient way.
Thanx for your splendid piece of code you've written there.