第n次登录尝试后阻止用户-PHP [英] Block user after nth login attempt - PHP
问题描述
我正在登录,以便将失败的登录尝试存储在数据库中.
I am working in login such that unsuccessful login attempts are stored a database.
然后,在第三次登录尝试后,将根据记录的IP地址和/或用户帐户为受影响的用户禁用登录.
Then, after the 3rd login attempt, login will be disabled for the affected user based on the recorded IP address and/or user account.
不幸的是,我的代码无法按预期运行;登录尝试不会被存储到数据库中,并且仍然不会为受影响的用户禁用登录.
Unfortunately, my code is not working as expected; the login attempts is not getting stored into the database, and login is still not disabled for the affected user.
我在做什么错,我该如何解决?
What am I doing wrong and how can I fix it?
下面是我的登录脚本:
session_start();
//Get IP address
// code goes here
$loginDate = date("Y-m-d H:i:s");
$Error = "";
$successMessage = "";
if (($_REQUEST['captcha'] == $_SESSION['vercode'])) {
//captcha code goes here
if (isset($_POST['submit'])) {
if (!( $_POST['username'] == "" && $_POST['password'] == "")) {
//submit form codes goes here
if (filter_var($username, FILTER_VALIDATE_INT)) {
$con = mysqli_connect("localhost", "root", "", "test");
$result = mysqli_query($con, "SELECT * FROM Users WHERE username='$username' AND password='$password'");
$loginAttempt = mysqli_query($con, "SELECT * FROM Logs WHERE username='$username'");
$data = mysqli_fetch_row($result);
if (count($data)>0) {
$_SESSION['login_user']=$username;
mysqli_query($con, "INSERT INTO `test`.`Logs`(`username`, `lastLogin`, `ipAddress`, `captcha`)
VALUES('$username', '$loginDate', '$ipaddress', '$captcha')
ON DUPLICATE KEY UPDATE `username` = '$username', `lastLogin` = '$loginDate'");
header('Location: privatepage.php');
} else {
$Error ="Invalid Contract Number or Password";
}
mysqli_close($con);
} else {
$Error ="Invalid Contract Number";
}
if (($data['username'] == $username) || ($data['password'] == $password)) {
$loginAttempt = mysqli_query($con, "UPDATE Logs SET loginAttempt = 0 WHERE username='$username'");
mysqli_close($con);
} else {
if ($loginAttempt >= 3) {
echo 'Sorry your account has been lock out. Please contact the administrator';
} else {
mysqli_query($con, "UPDATE Logs SET loginAttempt = loginAttempt +1 WHERE username= '$username'");
}
}
}
}
}
我收到此错误:
PHP注意:未定义的变量:第62行的loginAttempt
PHP Notice: Undefined variable: loginAttempt on line 62
PHP警告:mysqli_query():无法在第65行获取mysqli
PHP Warning: mysqli_query(): Couldn't fetch mysqli on line 65
推荐答案
您的$ data仅包含mysql中的行数
Your $data is only containing number of rows in mysql
$data = mysqli_num_rows($result);
考虑使用mysqli_fetch_row
Consider using mysqli_fetch_row
这篇关于第n次登录尝试后阻止用户-PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!