如何限制登录脚本中的登录尝试次数? [英] How to limit the number of login attempts in a login script?

问题描述

我无法弄清楚如何在我的脚本中实现cookie代码.这是我在下面的页面的代码:

I cant work out how to implement the cookie code into my script. Heres my code for my pages below:

登录页面:-

<form name="loginform" class="form-horizontal" action="includes/login.php" method="post" onsubmit="return validateloginForm()">

  <div class="form-group">
    <label for="username" class="col-sm-2 control-label">Username</label>
    <div class="col-sm-10">
      <input type="text" class="form-control" name="username" placeholder="Enter the username" id="username">
    </div>
  </div>

  <div class="form-group">
    <label for="password" class="col-sm-2 control-label">Password</label>
    <div class="col-sm-10">
      <input type="password" class="form-control" name="password" placeholder="Password" id="password">
    </div>
  </div>

  <div class="form-group">
    <div class="col-sm-offset-2 col-sm-10">
      <button type="submit" name="signin" class="btn btn-primary">Sign in</button>
    </div>
  </div>
</form>

登录检查

if(isset($_POST['signin'])) {

    $username = $_POST['username'];
    $password = $_POST['password'];

    $username = mysqli_real_escape_string($connection, $username);
    $password = mysqli_real_escape_string($connection, $password);

    $query = "SELECT *FROM users WHERE username = '{$username}'";
    $select_user_query = mysqli_query($connection, $query);

    if(!$select_user_query) {
       die("QUERY FAILED". mysqli_error($connection));
    }
    while ($row = mysqli_fetch_array($select_user_query)) {
        $db_user_id = $row['user_id'];
        $db_username = $row['username'];
        $db_user_password = $row['user_password'];
        $db_user_firstname = $row['user_firstname'];
        $db_user_lastname = $row['user_lastname'];
        $db_user_role = $row['user_role'];
    }
    $password = crypt($password, $db_user_password);

    if ($username !== $db_username && $password !== $db_user_password ){
        header("Location: ../index.php");
    } else if ($username == $db_username && $password == $db_user_password) {
        $_SESSION['username'] = $db_username;
        $_SESSION['firstname'] = $db_user_firstname;
        $_SESSION['lastname'] = $db_user_lastname;
        $_SESSION['user_role'] = $db_user_role;

        header("Location: ../admin"); 
    } else {
        header("Location: ../login.php");
    }
}

我需要在上面的脚本中实现此代码

I need to implement this code into the the script above

if($login_incorrect){
     if(isset($_COOKIE['login'])){
          if($_COOKIE['login'] < 3){
               $attempts = $_COOKIE['login'] + 1;
               setcookie('login', $attempts, time()+60*10); //set the cookie for 10 minutes with the number of attempts stored
          } else{
               echo 'You are banned for 10 minutes. Try again later';
          }
     } else{
          setcookie('login', 1, time()+60*10); //set the cookie for 10 minutes with the initial value of 1
     }
}

先谢谢您.我需要将登录次数限制为3次，然后禁止登录10分钟.

Thank you in advance. I need to limit the login to 3 times attempts and then ban them for 10mins.

推荐答案

Cookie不是可靠的方法.
我可以创建一个脚本，该脚本发送请求中想要的任何Cookie.
我会使用mySQL

Cookies are not a reliable method.
I can create a script that sends whatever cookies I want in the request.
I would use mySQL

$ip = $_SERVER["REMOTE_ADDR"];
mysqli_query($connection, "INSERT INTO `ip` (`address` ,`timestamp`)VALUES ('$ip',CURRENT_TIMESTAMP)");
$result = mysqli_query($connection, "SELECT COUNT(*) FROM `ip` WHERE `address` LIKE '$ip' AND `timestamp` > (now() - interval 10 minute)");
$count = mysqli_fetch_array($result, MYSQLI_NUM);

if($count[0] > 3){
  echo "Your are allowed 3 attempts in 10 minutes";
}

页面加载后，添加查询以删除10分钟之前的所有记录.

After the page is loaded add a query to delete any records older than 10 minutes.

ip表:

CREATE TABLE IF NOT EXISTS `ip` (
  `address` char(16) COLLATE utf8_bin NOT NULL,
  `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

您应该为mysqli_real_escape_string()

mysqli_set_charset($connection, "utf8")

不是使用重定向来引起额外的routnd trip http请求，

Instead of using a redirect which causes an additional routnd trip http request,

header("Location: ../login.php");

使用更快的方法包括:

include("../login.php");

进行重定向时，应使用完整路径:

When doing a redirect you should use the full path:

header("Location: http://example.com/login.php");

我不喜欢使用"SELECT *"，当在查询中返回不需要的数据时，会浪费资源.在大多数查询中，返回数据的时间占用了大部分查询时间.

I do not like using "SELECT *", when unneeded data is returned in the query it is a waste of resources. In most queries the time to return the data takes most of the query time.

我个人对检索字段值的偏好:

My personal preference for retrieving field values:

SELECT `user_id`,`username`,`user_password`,`user_firstname`,`user_lastname`,`user_role` FROM users WHERE ...


while (list($db_user_id,$db_username,$db_user_password,$db_user_firstname,$db_user_lastname,$db_user_role ) = mysqli_fetch_array($select_user_query, MYSQLI_NUM)) {

这篇关于如何限制登录脚本中的登录尝试次数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！