如何限制登录脚本中的登录尝试次数? [英] How to limit the number of login attempts in a login script?
问题描述
我无法弄清楚如何在我的脚本中实现cookie代码.这是我在下面的页面的代码:
I cant work out how to implement the cookie code into my script. Heres my code for my pages below:
登录页面:-
<form name="loginform" class="form-horizontal" action="includes/login.php" method="post" onsubmit="return validateloginForm()">
<div class="form-group">
<label for="username" class="col-sm-2 control-label">Username</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="username" placeholder="Enter the username" id="username">
</div>
</div>
<div class="form-group">
<label for="password" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" placeholder="Password" id="password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="signin" class="btn btn-primary">Sign in</button>
</div>
</div>
</form>
登录检查
if(isset($_POST['signin'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
$query = "SELECT *FROM users WHERE username = '{$username}'";
$select_user_query = mysqli_query($connection, $query);
if(!$select_user_query) {
die("QUERY FAILED". mysqli_error($connection));
}
while ($row = mysqli_fetch_array($select_user_query)) {
$db_user_id = $row['user_id'];
$db_username = $row['username'];
$db_user_password = $row['user_password'];
$db_user_firstname = $row['user_firstname'];
$db_user_lastname = $row['user_lastname'];
$db_user_role = $row['user_role'];
}
$password = crypt($password, $db_user_password);
if ($username !== $db_username && $password !== $db_user_password ){
header("Location: ../index.php");
} else if ($username == $db_username && $password == $db_user_password) {
$_SESSION['username'] = $db_username;
$_SESSION['firstname'] = $db_user_firstname;
$_SESSION['lastname'] = $db_user_lastname;
$_SESSION['user_role'] = $db_user_role;
header("Location: ../admin");
} else {
header("Location: ../login.php");
}
}
我需要在上面的脚本中实现此代码
I need to implement this code into the the script above
if($login_incorrect){
if(isset($_COOKIE['login'])){
if($_COOKIE['login'] < 3){
$attempts = $_COOKIE['login'] + 1;
setcookie('login', $attempts, time()+60*10); //set the cookie for 10 minutes with the number of attempts stored
} else{
echo 'You are banned for 10 minutes. Try again later';
}
} else{
setcookie('login', 1, time()+60*10); //set the cookie for 10 minutes with the initial value of 1
}
}
先谢谢您.我需要将登录次数限制为3次,然后禁止登录10分钟.
Thank you in advance. I need to limit the login to 3 times attempts and then ban them for 10mins.
推荐答案
Cookie不是可靠的方法.
我可以创建一个脚本,该脚本发送请求中想要的任何Cookie.
我会使用mySQL
Cookies are not a reliable method.
I can create a script that sends whatever cookies I want in the request.
I would use mySQL
$ip = $_SERVER["REMOTE_ADDR"];
mysqli_query($connection, "INSERT INTO `ip` (`address` ,`timestamp`)VALUES ('$ip',CURRENT_TIMESTAMP)");
$result = mysqli_query($connection, "SELECT COUNT(*) FROM `ip` WHERE `address` LIKE '$ip' AND `timestamp` > (now() - interval 10 minute)");
$count = mysqli_fetch_array($result, MYSQLI_NUM);
if($count[0] > 3){
echo "Your are allowed 3 attempts in 10 minutes";
}
页面加载后,添加查询以删除10分钟之前的所有记录.
After the page is loaded add a query to delete any records older than 10 minutes.
ip表:
CREATE TABLE IF NOT EXISTS `ip` (
`address` char(16) COLLATE utf8_bin NOT NULL,
`timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
您应该为mysqli_real_escape_string()
mysqli_set_charset($connection, "utf8")
不是使用重定向来引起额外的routnd trip http请求,
Instead of using a redirect which causes an additional routnd trip http request,
header("Location: ../login.php");
使用更快的方法包括:
include("../login.php");
进行重定向时,应使用完整路径:
When doing a redirect you should use the full path:
header("Location: http://example.com/login.php");
我不喜欢使用"SELECT *",当在查询中返回不需要的数据时,会浪费资源.在大多数查询中,返回数据的时间占用了大部分查询时间.
I do not like using "SELECT *", when unneeded data is returned in the query it is a waste of resources. In most queries the time to return the data takes most of the query time.
我个人对检索字段值的偏好:
My personal preference for retrieving field values:
SELECT `user_id`,`username`,`user_password`,`user_firstname`,`user_lastname`,`user_role` FROM users WHERE ...
while (list($db_user_id,$db_username,$db_user_password,$db_user_firstname,$db_user_lastname,$db_user_role ) = mysqli_fetch_array($select_user_query, MYSQLI_NUM)) {
这篇关于如何限制登录脚本中的登录尝试次数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!