reCaptcha - 强力保护（php / codeIgniter）

I am adding a reCaptcha field in my login form when failed attempt on the same username is > 5. I'm having problem doing this without cookies. If someone has an idea, it is welcome.

Here is my pseudo code :

User get on page, counter is set to failed_login=0 When trying to login, if user guess a good username but a bad password, the db field for this username is increased When the counter is > 5, show a captcha on the login page

The problem I have is that even when the counter is > 5, the captcha field is not verified by my controller. And also, A user may just leave my site and come back to have it's counter back to 0. Is this possible to do without using cookie? I would like to have a simple way. If I use cookie, maybe check if user has cleared his cookie not too long ago, and display a captcha, any idea welcome https://www.dropbox.com/s/30mf4ha1rm7w407/still_login.png

I'll post my full code below

Controller :

public function index()
{
    $data['publickey'] = "6LczHPd2USAAAAAbffN2Po1HaNqPyfdfdfdfdsRfaDPO9E-"; // for reCaptcha

    $this->form_validation->set_error_delimiters('<div class="alert alert-danger">', '</div>');

    $this->form_validation->set_rules('email', 'lang:label_email', 'required');
    $this->form_validation->set_rules('password', 'lang:label_password', 'required');


    global $nb_failed_attempt;
    $data['show_captcha'] = FALSE;


    if ($this->form_validation->run() === FALSE)
    {
        $this->load->view('templates/header', $data);
        $this->load->view('templates/topMenu', $data);
        $this->load->view('pages/login', $data);

    }
    else
    {
        #check login
        $success = $this->User_model->checkLogin($this->input->post('email'), $this->input->post('password'));

        #sucess redirect to home page
        if ($success) {
            redirect('/');
        }
        # bad login, reload page with error message
        else {

            echo $nb_failed_attempt;  ## variable not defined even when it is global inside user_model.php?

            if ($nb_failed_attempt > 5) {
                $data['show_captcha'] = TRUE;
                $this->form_validation->set_rules('recaptcha_challenge_field', 'Challenge', 'trim|required|callback_captcha_check');
                # this doesnt get triggered even when >5, no captcha filled and with good pw you can still login..
            }
            else {
                $data['show_captcha'] = FALSE;
            }

            $this->load->view('templates/header', $data);
            $this->load->view('templates/topMenu', $data);
            $this->load->view('pages/login', $data);
        }
    }
}


public function captcha_check($string) {

    $privatekey = "6LczHPUSAAAAAKQ58YZoV8S8ZCZ6A4ZiuqxSbbK5";
    $resp = recaptcha_check_answer ($privatekey,
            $_SERVER["REMOTE_ADDR"],
            $_POST["recaptcha_challenge_field"],
            $_POST["recaptcha_response_field"]);

    if (!$resp->is_valid) {
        $this->form_validation->set_message('captcha_check', 'The reCAPTCHA wasn\'t entered correctly. Go back and try it again.');
        return FALSE;
    } else {
        return TRUE;
    }
}

User_Model (db request)

   public function checkLogin($email, $password) {


    global $nb_failed_attempt; 
    if (!isset($nb_failed_attempt)) {
        $nb_failed_attempt = 0;
    }

        #retrieve the user salt
        $query1 = $this->db->get_where ( 'user', array ('email' => $email), 1, 0 );


        if ($query1->num_rows () <= 0) {
            $this->messages->add ( sprintf ( lang ( 'error_log_in' ), 'not_exist' ), "error" );
            return false;
        }
        else {
            if ($query1->first_row ()->confirm_code != 'y') {
                $this->messages->add ( sprintf ( lang ( 'error_log_in' ), 'not yet activated' ), "error" );
                return false;
            }
        }

        $salt = $query1->first_row ()->salt;

        // check for hashed password
        $saltedPW = $password . $salt;
        $hashedPW = hash ( 'sha256', $saltedPW );


        $query2 = $this->db->get_where ( 'user', array ('email' => $email, 'password' => $hashedPW), 1, 0 );


        ### FAILED LOGIN ATTEMPT, increase failed_attempt value
        if ($query2->num_rows () <= 0) {
            $this->messages->add ( sprintf ( lang ( 'error_log_in' ), 'bad_pwd' ), "error" );  

            $nb_failed_attempt = $query1->first_row ()->failed_attempt + 1;
            $data = array ('failed_attempt' => $nb_failed_attempt );

            $this->db->where('email', $email);
            $this->db->update('user', $data);
            return false;
        }


        ######## Reset failed login attempt if need be #######
        if ($query2->first_row ()->failed_attempt > 0) {

            $nb_failed_attempt = 0;
            $data = array ('failed_attempt' => $nb_failed_attempt );

            $this->db->where('email', $email);
            $this->db->update('user', $data);
        }


        ######### Save info into cookies #########
        $this->session->set_userdata ( array (
                'id_user' => $query2->first_row ()->id,
                'email' => $query2->first_row ()->email,
                'first_name' => $query2->first_row ()->first_name,
                'last_name' => $query2->first_row ()->last_name,
                'display_name' => $query2->first_row ()->display_name,
                'birthdate' => $query2->first_row ()->birthdate,
                'sex' => $query2->first_row ()->sex,
                'weight' => $query2->first_row ()->weight,
                'height' => $query2->first_row ()->height
        ) );


        return true;
    }

Here is my table "User":

CREATE TABLE IF NOT EXISTS `user` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `email` varchar(150) NOT NULL,
  `password` varchar(255) NOT NULL,
  `failed_attempt` int(3) unsigned DEFAULT 0,
  `salt` varchar(255) NOT NULL,
  `confirm_code` varchar(255),
  `reset_token` varchar(255) NOT NULL,
  `reset_token_expire` datetime DEFAULT NULL,
  `session_id` varchar(255) NOT NULL,
  `first_name` varchar(50) NOT NULL,
  `last_name` varchar(50) NOT NULL,
  `display_name` varchar(50) NOT NULL,
  `birthdate` date NOT NULL,
  `sex` char(1) NOT NULL,
  `last_ip` varchar(50) NOT NULL,
  `last_login` datetime DEFAULT NULL,
  `date_signup` datetime DEFAULT NULL,
  `os` varchar(25) NOT NULL,
  `weight` decimal(5,2) unsigned DEFAULT NULL,
  `height` decimal(5,2) unsigned DEFAULT NULL

  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 ;

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dqm88684 2014-06-13 20:21
关注
You may use it without cookies. Some ways are using checking remote IP in table with all IPs and counting, or just set counter for username without checking cookie or IP.

$nb_failed_attempt for index() function is a global variable? If it's not - that your answer ($nb_failed_attempt not set everytime).

UPD

Start of checkLogin() should be like this:

global $nb_failed_attempt; $query1 = $this->db->get_where ( 'user', array ('email' => $email), 1, 0 ); $nb_failed_attempt = $query1->first_row ()->failed_attempt; if(@!$nb_failed_attempt) $nb_failed_attempt = 0;

Start of index() should be like this:

global $nb_failed_attempt;

Check also error messages and please write, if echo $nb_failed_attempt; work.

UPD2

I use follow structure of session table in big projects:

CREATE TABLE IF NOT EXISTS `session` ( `id` bigint AUTO_INCREMENT, `login` char(128), `ip` char(128), `try` smallint, `blocktime` datetime, `sitesession` char(128), `firsttime` datetime, `lasttime` datetime, PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=1;

It helps save additional information about logins, enters, and help to users's support.

This table may be not fine, but it work for me.
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

在codeigniter上使用ajax验证recaptcha的invalid-request-cookie ajax jquery php
2014-12-24 03:36

回答 1 已采纳 Just made it without ajax requests, and making it a basic form, with the form helper, and the code
在PHP中使用ReCaptcha v2实现 php
2019-01-18 16:55

回答 2 已采纳 You are trying to echo an stdObject. $googleobj = json_decode($response); echo $googleobj; This
谷歌ReCaptcha v2坏php脚本 php
2018-09-08 18:50

回答 1 已采纳 you can check for captcha is empty or not and check is verify or not: $secretKey = "XXXXXXXXXXXXX
NoCAPTCHA-reCAPTCHA-PHP:NoCAPTCHA reCAPTCHA 显示和验证 PHP 功能
2021-06-10 05:48

NoCAPTCHA-reCAPTCHA-PHP NoCAPTCHA reCAPTCHA 显示和验证 PHP 功能。文档： : 例子函数recaptcha_display() <?php include ( 'nocaptcha-recaptcha.php' ); ?> < form action =" ? " method =" post " &...
带有Recaptcha v2的PHP表单 - 表单刷新而不提交 php
2018-07-05 13:55

回答 1 已采纳 Remove the enctype="text/plain" attribute from your form and the form should submit. You can let i
CodeIgniter reCaptcha麻烦 javascript php
2011-04-08 16:13

回答 2 已采纳 This wiki article and library are extremely simple. Because you don't want just a link here is som
我的服务器端PHP在reCaptcha（数百垃圾邮件）之后仍然被黑客入侵 php
2018-06-26 19:47

回答 3 已采纳 You've to sanitizing user input as said @kevin Cai You've an error in line: if($response.success=
codeigniter-recaptcha:一个易于使用的 CodeIgniter 库，可与 reCAPTCHA 2.0 版一起使用，又名 NO CAPTCHA reCAPTCHA
2021-06-25 06:19

一个易于使用的 CodeIgniter 库，可与 reCAPTCHA 2.0 版（又名 NO CAPTCHA reCAPTCHA）配合使用。安装将文件复制到各自的位置。 ##Configuration 打开“ application/config/recaptcha.php ”并将您的站点密钥、...
将reCaptcha集成到现有的contact.php中 php
2017-01-04 09:57

回答 3 已采纳 I have updated the whole of your code to the way I would have done it (I run a social-networking s
使用PHPMailer的HTML电子邮件中没有很好地显示UTF-8口音 php
2019-06-18 14:20

回答 1 已采纳 Bonjour Stéphane. This page describes the symptom you are seeing; one character turning into two m
是wp_nonce_field字段使用与google reCaptcha相同的保护？ php
2019-08-05 08:34

回答 1 已采纳 According to WP codex: The nonce field is used to validate that the contents of the form reque
recaptcha-2-phpbbmod:适用于phpBB Olympus 3.0的reCAPTCHA v2
2021-05-17 15:58

要求PHP 5.3.0以上如何安装下载将全部内容复制到phpBB安装的根目录运行install_recaptcha_new.php 转到ACP->“常规”标签->“垃圾邮件对策” 点击“已安装的插件”下拉菜单，然后选择reCAPTCHA v2。单击“配置”...
ajax，jquery联系表单与reCAPTCHA v2 - 500内部服务器错误 ajax javascript jquery php
2016-11-09 23:42

回答 1 已采纳 Okay, I fixed it. One reason it wasn't working was that I had to enable allow_url_fopen in php.ini
Google-recaptcha-php
2021-04-29 10:38

Google Recaptcha演示教程> V3教程> 演示> reCAPTCHA v3演示>
laravel-google-recaptcha-v3:这可能是适用于Google reCAPTCHA v3的最佳Laravel软件包。支持Vue组件
2021-05-10 05:04

目录验证高级用法贡献者演示代码： https : //github.com/RyanDaDeng/laravel-google-recaptcha-v3/wiki/Simple-Demo 演示隐形-隐藏排队角落描述Google reCAPTCHA v3是一种用于验证用户是否为漫游器的新机制。...
ReCaptcha-Asp-Net：适用于Asp Net的Google ReCaptcha，已简化
2021-02-01 08:38

ReCaptcha-Asp-Net 适用于Asp Net的Google ReCaptcha，已简化安装Nuget网址：：//www.nuget.org/packages/ReCaptcha-AspNet PM > Install-Package ReCaptcha-AspNet组态通过获取您的秘密和公共密钥在里面添加到您的...
recaptcha-secure-token:生成兼容ReCaptcha的安全令牌
2021-04-29 18:28

"slushie/recaptcha-secure-token": "~1.0", /* ... */ } 在您PHP代码中，您可以创建ReCaptchaToken类的实例，并传递site_key和site_secret值： $config = ['site_key' => 'YOUR_SITE_KEY', 'site_secret' => '...
PHP-reCAPTCHA:用于 PHP 的 Google reCAPTCHA API
2021-07-04 23:04

PHP-reCAPTCHA 适用于 PHP 版本的 Google reCAPTCHA API
recaptcha-spring-boot-starter：Google的reCAPTCHA的Spring Boot启动器
2021-01-30 05:45

compile group : ' com.github.mkopylec ' , name : ' recaptcha-spring-boot-starter ' , version : ' 2.3.1 ' } 如何使用该启动器可以在3种不同的模式下使用：正常的Web应用程序使用在HTML网页中嵌入reCAPTCHA...
recaptcha-go:在golang中验证Google reCAPTCHA v2和v3表单提交包
2021-05-11 06:10

go get -u gopkg.in/ezzarghili/recaptcha-go.v4recaptcha v2 API import "gopkg.in/ezzarghili/recaptcha-go.v4"func main (){ captcha , _ := recaptcha . NewReCAPTCHA ( recaptchaSecret , recaptcha . V2 , 10 ...
没有解决我的问题, 去提问

悬赏问题

¥15 关于#Java#的问题，如何解决？
¥15 加热介质是液体，换热器壳侧导热系数和总的导热系数怎么算
¥15 想问一下树莓派接上显示屏后出现如图所示画面，是什么问题导致的
¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
¥15 cmd cl 0x000007b
¥20 BAPI_PR_CHANGE how to add account assignment information for service line
¥500 火焰左右视图、视差（基于双目相机）
¥100 set_link_state
¥15 虚幻5 UE美术毛发渲染
¥15 CVRP 图论物流运输优化

reCaptcha - 强力保护（php / codeIgniter）

1条回答 默认 最新

悬赏问题

1条回答默认最新