Php 如何在登录页面中添加3次尝试
大家好,我只是想问一下如何在我的登录页面中添加三次尝试。下面是代码Php 如何在登录页面中添加3次尝试,php,html,security,login,Php,Html,Security,Login,大家好,我只是想问一下如何在我的登录页面中添加三次尝试。下面是代码 <?php include 'connect.php'; ?> <?php if(isset($_POST) && !empty($_POST)) { session_start(); include("config_DB.php"); //including config.php in our file $username = mysql_real_escape_string(strip
<?php
include 'connect.php';
?>
<?php
if(isset($_POST) && !empty($_POST))
{
session_start();
include("config_DB.php"); //including config.php in our file
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$user_type= $_GET['user_type'];
$match = "select * from $table where username = '".$username."' and password = '".sha1($password)."';";
$qry = mysql_query($match);
$row=mysql_fetch_array($qry);
$num_rows = mysql_num_rows($qry);
if($num_rows >= 1){
$_SESSION['user']= $_POST["username"];
$_SESSION['name'] = $row['empName'];
$_SESSION['position'] = $row['empPosition'];
$_SESSION['user_type'] = $row['user_type'];
header("location:index.php/index_controller/home");
} else {
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes($_POST['password']));
include("config_DB.php"); //including config.php in our file
$match = "select * from $table where username = '".$username."' and password = '".sha1($password)."';";
$qry = mysql_query($match);
$row=mysql_fetch_array($qry);
$num_rows = mysql_num_rows($qry);
$attemps =0;
if($num_rows <= 0){
echo
"<script type=\"text/javascript\">".
"window.alert('Invalid username/password!');".
'window.location.href="index.php";'.
"</script>";
exit;
}
$_SESSION['user']= $_POST["username"];
$_SESSION['name'] = $row['empName'];
$_SESSION['position'] = $row['empPosition'];
$_SESSION['user_type'] = $row['user_type'];
header("location:index.php/index_controller/home");
}
}else{
?>
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>City Planning and Development Office--Login</title>
<link rel="stylesheet" href="<?php echo base_url();?>assets/css/bootstrap.min.css"/>
<link rel="stylesheet" href="<?php echo base_url();?>assets/css/login-style.css"/>
<link rel="stylesheet/less" href="<?php echo base_url();?>assets/less/icons.less"/>
<!-- Load JavaScript Libraries -->
<script src="<?php echo base_url();?>assets/js/jquery/jquery-1.11.1.min.js"></script>
<script src="<?php echo base_url();?>assets/js/jquery/jquery-ui.js"></script>
<script src="<?php echo base_url();?>assets/js/jquery/jquery.widget.min.js"></script>
<!-- Load Metro JavaScript -->
<script src="<?php echo base_url();?>assets/js/load-metro.js"></script>
<script src="<?php echo base_url();?>assets/js/metro.min.js"></script>
<script src="<?php echo base_url();?>assets/js/metro-calendar.js"></script>
<script src="<?php echo base_url();?>assets/js/metro-datepicker.js"></script>
<!-- Load Bootstrap JavaScript -->
<script src="<?php echo base_url();?>assets/js/bootstrap.min.js"></script>
<script src="<?php echo base_url();?>assets/js/validate.js"></script>
<script src="<?php echo base_url();?>assets/js/condition.js"></script>
<!-- Login parallax -->
<style type="text/css">
body{
background:#000;
}
input.info{
color:#000 !important;
}
.vertical-offset-100{
padding-top:100px;
}
.login{
background:#ed1c24;
color:#fff;
}
body{
background: url(img/back.png);
background-color: #444;
background: url(/cpdo_ci/assets/images/pinlayer2.png),url(/cpdo_ci/assets/images/pinlayer1.png),url(/cpdo_ci/assets/images/back.png);
}
.vertical-offset-100{
padding-top:100px;
}
</style>
</head>
<body>
<script src="<?php echo base_url();?>assets/js/TweenLite.min.js"></script>
<div class="container" >
<div class="row vertical-offset-100">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<div class="row-fluid user-row">
<center><img src="/cpdo_ci/assets/images/malolos.png" height="200" width="200" alt="CPDO"></center>
</div>
</div>
<div class="panel-body">
<form accept-charset="UTF-8" id="login" action="<?php $_SERVER['PHP_SELF'] ?>" method="post" name="login" class="form-signin" role="form">
<fieldset>
<div class="form-group">
<input class="form-control info" placeholder="Username" name="username" id="username" required type="text">
</div>
<div class="form-group">
<input class="form-control info" placeholder="Password" name="password" id="password" required type="password" value="">
</div>
<label>
<div style=" font-size:90%" >
</div>
</label>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
$(document).ready(function(){
$(document).mousemove(function(e){
TweenLite.to($('body'),
.5,
{ css:
{
backgroundPosition: ""+ parseInt(event.pageX/8) + "px "+parseInt(event.pageY/'12')+"px, "+parseInt(event.pageX/'15')+"px "+parseInt(event.pageY/'15')+"px, "+parseInt(event.pageX/'30')+"px "+parseInt(event.pageY/'30')+"px"
}
});
});
});
</script>
</body>
<?php
}
?>
</html>
</html>
城市规划和发展办公室——登录
在接收登录参数的后端尝试此操作
if($_POST["password"]) !== $password_stored_in_db) {
if($attempts == 3) {
header('Location: login.php?max_attempt=exceeded');
}
} else if (isset($attempts)) {
$attempts = ++ $attempts;
} else {
$attempts = 0;
}
header('Location: login.php?attempt=' . $attempts);
还要将此添加到login.php以确定用户是否超过最大尝试次数:
通过添加以下内容,确保login.php设置为检查是否超出了max_trunt=的范围:
if(isset($_GET["max_attempt"])) {
if($_GET["max_attempt"] == "exceeded") {
// Error message
// Use $_SESSION to record the time and to stop user from trying again for a while because if you use cookies, it maybe overridden or re-set.
}
}
您确实应该将尝试的信息存储在DB上,但是通过将数据存储在会话上进行一些快速的黑客攻击是非常必要的
<?php
include 'connect.php';
if(isset($_POST) && !empty($_POST))
{
session_start();
include("config_DB.php"); //including config.php in our file
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
$user_type= $_GET['user_type'];
$match = "select * from $table where username = '".$username."' and password = '".sha1($password)."';";
$qry = mysql_query($match);
$row=mysql_fetch_array($qry);
$num_rows = mysql_num_rows($qry);
if($num_rows >= 1){
$_SESSION['attemps'] = 0;
$_SESSION['user']= $_POST["username"];
$_SESSION['name'] = $row['empName'];
$_SESSION['position'] = $row['empPosition'];
$_SESSION['user_type'] = $row['user_type'];
header("your_home_page");
} else {
$_SESSION['attemps'] ||= 0;
$_SESSION['attemps'] += 1;
if ($_SESSION['attemps'] > 3) {
header("location:/access_denied.php");
}
$display_warning = true;
}
}else{
?>
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>City Planning and Development Office--Login</title>
<link rel="stylesheet" href="<?php echo base_url();?>assets/css/bootstrap.min.css"/>
<link rel="stylesheet" href="<?php echo base_url();?>assets/css/login-style.css"/>
<link rel="stylesheet/less" href="<?php echo base_url();?>assets/less/icons.less"/>
<!-- Load JavaScript Libraries -->
<script src="<?php echo base_url();?>assets/js/jquery/jquery-1.11.1.min.js"></script>
<script src="<?php echo base_url();?>assets/js/jquery/jquery-ui.js"></script>
<script src="<?php echo base_url();?>assets/js/jquery/jquery.widget.min.js"></script>
<!-- Load Metro JavaScript -->
<script src="<?php echo base_url();?>assets/js/load-metro.js"></script>
<script src="<?php echo base_url();?>assets/js/metro.min.js"></script>
<script src="<?php echo base_url();?>assets/js/metro-calendar.js"></script>
<script src="<?php echo base_url();?>assets/js/metro-datepicker.js"></script>
<!-- Load Bootstrap JavaScript -->
<script src="<?php echo base_url();?>assets/js/bootstrap.min.js"></script>
<script src="<?php echo base_url();?>assets/js/validate.js"></script>
<script src="<?php echo base_url();?>assets/js/condition.js"></script>
<!-- Login parallax -->
<style type="text/css">
body{
background:#000;
}
input.info{
color:#000 !important;
}
.vertical-offset-100{
padding-top:100px;
}
.login{
background:#ed1c24;
color:#fff;
}
body{
background: url(img/back.png);
background-color: #444;
background: url(/cpdo_ci/assets/images/pinlayer2.png),url(/cpdo_ci/assets/images/pinlayer1.png),url(/cpdo_ci/assets/images/back.png);
}
.vertical-offset-100{
padding-top:100px;
}
</style>
</head>
<body>
<script src="<?php echo base_url();?>assets/js/TweenLite.min.js"></script>
<div class="container" >
<div class="row vertical-offset-100">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<div class="row-fluid user-row">
<center><img src="/cpdo_ci/assets/images/malolos.png" height="200" width="200" alt="CPDO"></center>
</div>
</div>
<div class="panel-body">
<form accept-charset="UTF-8" id="login" action="<?php $_SERVER['PHP_SELF'] ?>" method="post" name="login" class="form-signin" role="form">
<fieldset>
<div class="form-group">
<input class="form-control info" placeholder="Username" name="username" id="username" required type="text">
</div>
<div class="form-group">
<input class="form-control info" placeholder="Password" name="password" id="password" required type="password" value="">
</div>
<label>
<div style=" font-size:90%" >
</div>
</label>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
$(document).ready(function(){
<?php if defined($display_warning) : ?>
window.alert('Invalid username/password!');
<?php endif; ?>
$(document).mousemove(function(e){
TweenLite.to($('body'),
.5,
{ css:
{
backgroundPosition: ""+ parseInt(event.pageX/8) + "px "+parseInt(event.pageY/'12')+"px, "+parseInt(event.pageX/'15')+"px "+parseInt(event.pageY/'15')+"px, "+parseInt(event.pageX/'30')+"px "+parseInt(event.pageY/'30')+"px"
}
});
});
});
</script>
</body>
</html>
</html>
城市规划和发展办公室——登录
如果($failed&&$_SESSION['attempts']+<3){允许更多尝试}
您希望每个会话只尝试3次,还是希望锁定他们的帐户?有人可以在尝试3次后重新打开浏览器,然后再试一次。我建议使用后者,方法是在用户表中添加一个布尔IsLocked列。此时,您可能会要求他们输入电子邮件,然后向他们发送一个有关如何重置密码的链接。我建议将“isLocked”也添加到用户表中。此外,我还设置了锁过期的时间。通过这种方式,你可以做一些事情,比如“如果5次错误尝试,锁定30分钟”,那么如果有人试图访问他的帐户,真正的用户仍然可以稍后登录,而无需重置密码。