Php 登录失败
因此,当用户第一次登录失败时,它执行任务70-73,然后跳到111。但是,当剩余概率为0时,该部分工作正常,这意味着db中的failedLogins值为5,它应该执行从第76行开始的步骤,但它没有。相反,剩下的机会显示为0,就这样了。我确信我的逻辑是正确的,但代码只是放在了错误的地方Php 登录失败,php,Php,因此,当用户第一次登录失败时,它执行任务70-73,然后跳到111。但是,当剩余概率为0时,该部分工作正常,这意味着db中的failedLogins值为5,它应该执行从第76行开始的步骤,但它没有。相反,剩下的机会显示为0,就这样了。我确信我的逻辑是正确的,但代码只是放在了错误的地方 //用户已注册并验证 $query=“SELECT*FROM manager\u users\u logins\u hacking,其中userID=”“$userID。””; $result=mysqli_查询
//用户已注册并验证
$query=“SELECT*FROM manager\u users\u logins\u hacking,其中userID=”“$userID。””;
$result=mysqli_查询($dbc,$query);
$row=mysqli\u fetch\u数组($result);
$lockDate=$row['lockDate'];
//了解用户是否被锁定在其帐户之外
如果($lockDate!==“0000-00-00:00:00”)和(strotime($lockDate)0&$minutes<10){
//计算剩余时间
$timeRemaining=10-$minutes;
//帐户锁定错误
$output=array('errorsExist'=>true,'message'=>'您的帐户当前已锁定,我们将对此事件进行道歉。您必须等待'$timeRemaining.'分钟,然后才能再次登录!');
}否则{
//把锁打开
$query=“更新管理器\u用户\u登录\u黑客设置lockDate=NULL,hackedripaddress=NULL,failedLogins=0,其中userID=”“$userID.”;
$result=mysqli_查询($dbc,$query);
}
}否则{
//转义post数据
$password=mysqli\u real\u escape\u字符串($dbc,$\u POST['password']);
//将哈希密码分配给变量
$RegenFromPostW=reGenPassHash($password,$passwordDB2);
//将数据库密码与发布的密码进行比较
if($passwordDB==$regenFromPostPW){
$query2=“更新管理器\u用户\u登录设置numberOfLogins=numberOfLogins+1,lastOnline=CURRENT\u时间戳,其中userID=”“$userID.””;
$result2=mysqli_查询($dbc,$query2);
//将用户数据分配到数组中
$loggedinUserDataArray=array('userID'=>$userID,'name'=>$firstName.“$lastName”);
//将用户数据数组分配给新会话
$\会话['user\u data']=$loggedinUserDataArray;
//查看是否选中了“记住我”复选框
如果(isset($_POST['memory'])){
//设置cookie的过期时间
$myexpatation=time()+60*60*24*100;
//设置用户名的cookie
setcookie(“用户名”、$username、$myexiation“/”;
}
//成功登录完成
$output=array('errorsExist'=>false,'message'=>'您已经登录,请稍等片刻,我们加载您的帐户数据!');
}否则{
//登录失败
$query=“SELECT*FROM manager\u users\u logins\u hacking,其中userID=”“$userID。””;
$result=mysqli_查询($dbc,$query);
$row=mysqli\u fetch\u数组($result);
$failedLogins=$row['failedLogins'];
//接受失败的登录并进行比较
如果($row['failedLogins']>=5){
//检索试图侵入帐户的用户的IP地址
$hackerIPAddress=$_服务器['REMOTE_ADDR'];
//帐户被黑客攻击后更新数据库并运行查询
$query=“更新管理器\u用户\u登录\u黑客设置锁定日期=当前\u时间戳,hackerIPAddress=”“$hackerIPAddress.”其中userID=”“$userID.””;
$result=mysqli_查询($dbc,$query);
$query2=“从管理器中选择*用户,其中userID=”“$userID。””;
$result2=mysqli_查询($dbc,$query2);
$row=mysqli\u fetch\u数组($result2);
$firstName=$row['firstName'];
$lastName=$row['lastName'];
//电子邮件用户新注册帐户
函数my_domain_name(){
$my_domain=$\u服务器['HTTP_主机'];
$my_domain=str_replace('www.,'',$my_domain);
返回$myu域;
}
$sender_email=”noreply@kansasoutlawwrestling.com";
$reply_to=”noreply@kansasoutlawwrestling.com";
$recipient_email=$email;
$email\u subject=“KOW经理帐户已锁定”;
$email_body='Hello'.$firstName.'.$lastName.'您或使用您在.my_domain_name()上的帐户的人试图侵入您的帐户。如果这是一个错误,请忽略此电子邮件,您将从我们的邮件列表中删除。
问候,'.my_domain_name().“团队”;
mailSomeone($email、$sender\u email、$email\u subject、$email\u body);
//帐户锁定错误
$output=array('errorsExist'=>true,'message'=>'您的帐户当前已锁定,我们对此事件深表歉意。这是由许多失败登录的用户实施的安全措施!您必须等待10分钟才能再次登录!');
}否则{
// User is registered and verified
$query = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$row = mysqli_fetch_array($result);
$lockDate = $row['lockDate'];
// Find out if user is locked out of their account
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) <= time())) {
$currentDateTime = time();
$minutes = floor(($currentDateTime-$lockDate) / 60);
// Take minutes and perform tasks
if ($lockDate > 0 && $minutes < 10) {
// Calculate time remaining
$timeRemaining = 10 - $minutes;
// Account locked error
$output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait ' .$timeRemaining.' minutes before you can log in again!');
} else {
// Clear the lock
$query = "UPDATE manager_users_logins_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
}
} else {
// Escape post data
$password = mysqli_real_escape_string($dbc,$_POST['password']);
// Assign hashed password to variable
$regenFromPostPW = reGenPassHash($password, $passwordDB2);
// Comparing the database password with the posted password
if ($passwordDB == $regenFromPostPW) {
$query2 = "UPDATE manager_users_logins SET numberOfLogins = numberOfLogins + 1, lastOnline = CURRENT_TIMESTAMP WHERE userID = '".$userID."'";
$result2 = mysqli_query($dbc,$query2);
// Assign user data into an array
$loggedinUserDataArray = array('userID' => $userID, 'name' => $firstName . " " . $lastName);
// Assign user data array to new session
$_SESSION['user_data'] = $loggedinUserDataArray;
// See if the remember me checkbox was checked
if (isset($_POST['remember'])) {
// Sets an expiration time for the cookie
$myExpiration = time()+60*60*24*100;
// Sets the cookie for the username
setcookie("username", $username, $myExiration, "/");
}
// Succesful login complete
$output = array('errorsExist' => false, 'message' => 'You have been logged in, please allow a moment while we load your account data!');
} else {
// Login unsuccessful
$query = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$row = mysqli_fetch_array($result);
$failedLogins = $row['failedLogins'];
// Take failed logins and compare it
if ($row['failedLogins'] >= 5) {
// Retrieve IP Address of user trying to hack into account
$hackerIPAddress = $_SERVER['REMOTE_ADDR'];
// Update database after account getting hacked and run query
$query = "UPDATE manager_users_logins_hacking SET lockDate = CURRENT_TIMESTAMP, hackerIPAddress = '".$hackerIPAddress."' WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$query2 = "SELECT * FROM manager_users WHERE userID = '".$userID."'";
$result2 = mysqli_query($dbc,$query2);
$row = mysqli_fetch_array($result2);
$firstName = $row['firstName'];
$lastName = $row['lastName'];
// Email user new registration account
function my_domain_name() {
$my_domain = $_SERVER['HTTP_HOST'];
$my_domain = str_replace('www.', '', $my_domain);
return $my_domain;
}
$sender_email = "noreply@kansasoutlawwrestling.com";
$reply_to = "noreply@kansasoutlawwrestling.com";
$recipient_email = $email;
$email_subject = "KOW Manager Account Locked";
$email_body = 'Hello '.$firstName.' '.$lastName.' You, or someone using your account at '.my_domain_name().', has attempted to hack into your account. If this is an error, ignore this email and you will be removed from our mailing list.<br /><br />Regards, '.my_domain_name().' Team';
mailSomeone($email, $sender_email, $email_subject, $email_body);
// Account locked error
$output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s! You must wait 10 minutes before you can login again!');
} else {
$query = "UPDATE manager_users_logins_hacking SET failedLogins = '".$failedLogins."'+ 1 WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$query2 = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'";
$result2 = mysqli_query($dbc,$query2);
$row2 = mysqli_fetch_array($result2);
$failedLogins = $row2['failedLogins'];
// Calculate how many chances the user has to login before account gets locked
$chancesLeft = 5 - $failedLogins;
// Invalid username and password error
$output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' chances left to login succesfully or the account will be locked!');
}
}
}
$query2 = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'";
$result2 = mysqli_query($dbc,$query2);
$row2 = mysqli_fetch_array($result2);
$failedLogins = $row2['failedLogins'];