dongzha5934 2015-06-22 07:41
浏览 38

第n次登录尝试后阻止用户 - PHP

I am working in login such that unsuccessful login attempts are stored a database.

Then, after the 3rd login attempt, login will be disabled for the affected user based on the recorded IP address and/or user account.

Unfortunately, my code is not working as expected; the login attempts is not getting stored into the database, and login is still not disabled for the affected user.

What am I doing wrong and how can I fix it?

Below is my login script:

session_start();

//Get IP address
// code goes here

$loginDate      = date("Y-m-d H:i:s");
$Error          = "";
$successMessage = "";

if (($_REQUEST['captcha'] == $_SESSION['vercode'])) {
    //captcha code goes here

    if (isset($_POST['submit'])) {
        if (!( $_POST['username'] == "" && $_POST['password'] == "")) {
            //submit form codes goes here

            if (filter_var($username, FILTER_VALIDATE_INT)) {
                $con = mysqli_connect("localhost", "root", "", "test");
                $result = mysqli_query($con, "SELECT * FROM Users WHERE username='$username' AND password='$password'");
                $loginAttempt = mysqli_query($con, "SELECT * FROM Logs WHERE username='$username'");
                $data = mysqli_fetch_row($result);

                if (count($data)>0) {
                    $_SESSION['login_user']=$username;
                    mysqli_query($con, "INSERT INTO `test`.`Logs`(`username`, `lastLogin`, `ipAddress`, `captcha`) 
                                VALUES('$username', '$loginDate', '$ipaddress', '$captcha')
                                ON DUPLICATE KEY UPDATE `username` = '$username', `lastLogin` = '$loginDate'");
                    header('Location: privatepage.php');
                } else {
                    $Error ="Invalid Contract Number or Password";
                }
                mysqli_close($con);
            }     else {
                $Error ="Invalid Contract Number";
            }

            if (($data['username'] == $username) || ($data['password'] == $password)) {
                $loginAttempt = mysqli_query($con, "UPDATE Logs SET loginAttempt = 0 WHERE username='$username'");
                mysqli_close($con);
            } else {
                if ($loginAttempt >= 3) {
                    echo 'Sorry your account has been lock out. Please contact the administrator';
                } else {
                    mysqli_query($con, "UPDATE Logs SET loginAttempt = loginAttempt +1 WHERE username= '$username'");
                }
            }
        }
    }
}

I got this errors:

PHP Notice: Undefined variable: loginAttempt on line 62

PHP Warning: mysqli_query(): Couldn't fetch mysqli on line 65

  • 写回答

3条回答 默认 最新

  • dtlzdofl66441 2015-06-22 07:44
    关注

    Your $data is only containing number of rows in mysql

     $data = mysqli_num_rows($result);

    Consider using mysqli_fetch_row

    评论

报告相同问题?

悬赏问题

  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法