0
我有幾乎完成登錄系統的代碼。我的工作是,用戶每次嘗試登錄並接收一條消息,說他們有一定的嘗試次數。如果他們已經登錄了5分鐘,他們也會自動註銷,我也有編碼。我正在努力如何基於會話變量鎖定用戶10分鐘。任何人都可以告訴我在哪裏設置會話變量['LoginID']以及它需要處於什麼狀態,因爲此刻,我收到一個錯誤,它是一個未定義的變量。如果有人可以用我當前的代碼來幫助我,而不是完全提供一種不同的方法,那很好,因爲那樣我才能真正理解它。這裏是我的代碼:PHP鎖定用戶3次失敗登錄10分鐘後
//careMarkBase starts a session, connects to the DB and has the following code for logging out a user after 5 minutes(which works)
$duration = (5 * 60);
if(isset($_SESSION['started'])){
$time = ($duration - (time() - $_SESSION['started']));
if($time <= 0){
session_unset();
session_destroy();
}
}
else{
$_SESSION['started'] = time();
}
,這是登錄PHP
<?php include "CareMarkBase.php"; ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
echo "<p>Thanks for logging in <b>".$_SESSION['FName']." ".$_SESSION['SName']."</b>.</p>";
echo "<a href='CareMarkLogout.php'><input name='logoutBtn' type='submit' value='Logout'/></a>";
#set failed_login_attempts = 0
$set_failed_login_attempts=mysql_query("UPDATE login SET failed_login_attempts=0 WHERE LoginID=".$_SESSION['LoginID']);
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$userID = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checkloginEmp = mysql_query("SELECT * FROM UserDetails WHERE UserID = '".$userID."' AND Password = '".$password."'") or die(mysql_error());
if(mysql_num_rows($checkloginEmp) == 1)
{
$row = mysql_fetch_array($checkloginEmp);
$_SESSION['Username'] = $userID;
$_SESSION['FName'] = $row['FName'];
$_SESSION['SName'] = $row['SName'];
$_SESSION['LoggedIn'] = 1;
echo "<meta http-equiv='refresh' content='1;CareMarkLogin2.php'/>";
}
else
{
if (isset($_SESSION['LoggedAttempts'])){
$_SESSION['LoggedAttempts']++;
}
else{
$_SESSION['LoggedAttempts'] = 0;
}
$login = mysql_query("SELECT failed_login_attempts, last_failed_login FROM login WHERE LoginID ='".$_SESSION['LoginID']."'")or die(mysql_error());
if(mysql_num_rows($login) == 0){
#create failed_login_attempts = failed_login_attempts + 1 AND last_failed_login = NOW()
$failed_login_attempts=mysql_query("INSERT INTO login VALUES ('','".$_SESSION['LoggedAttempts']."',NOW())");
}
else{
$row = mysql_fetch_array($login);
$_SESSION['LoginID'] = $row['LoginID'];
$update_failed_login_attempts=mysql_query("UPDATE login SET failed_login_attempts='".$_SESSION['LoggedAttempts']."',
last_failed_login = NOW() WHERE LoginID ='".$_SESSION['LoginID']."'") or die(mysql_error());
}
}
$login_attempts_remaining=2 - $_SESSION['LoggedAttempts'];
if ($login_attempts_remaining<=0){
echo 'Locked out!';
//going to add code here after to check if they were locked out for more than 10 minutes then to set failed login attempts back to zero
}
else{
echo "Login Details Incorrect<p></p><p></p>";
echo "<p>Please try again or contact head office on 091 771705</p>
<p>You have ". $login_attempts_remaining ." login attempts remaining. </p>
<p> <form action='CareMarkLogin2.php' method='POST'>
<input type='submit' name='login' id='login' value='Try again'/>
</form>
</p>";
}
}
//}
else{
?>
<div id="mainText" style="width:400px;text-align:center;float:left" class="post">
<form method="post" action="CareMarkLogin2.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label>
<input type="text" name="username" id="username"/><br/><br/>
<label for="password">Password:</label>
<input type="password" name="password" id="password"/><br/><br/>
<input type="submit" name="login" id="login" value="Login"/>
</fieldset>
</form>
</div>
<?php
}
?>
感謝您的評論,我有點困惑。登錄ID不等於用戶ID雖然。我的主要問題是什麼設置$ _SESSION ['LoginID']和... – user2363025 2013-05-12 18:38:39
爲什麼你使用不同的ID?如果他們還沒有登錄,您必須使用的唯一ID是用戶名,這就是超時應與之相關聯的內容。 – Barmar 2013-05-12 18:44:17
我改變了佈局,因爲我感到非常困惑,但謝謝! – user2363025 2013-05-12 21:34:39