-3
我想在使用ip進行3次錯誤的登錄嘗試後,阻止用戶一段時間。 我的問題是,計數器總是1每次我輸入錯誤的數據計數器仍然是1 任何幫助,我在下面的代碼錯了嗎?三次登錄嘗試失敗後PHP阻止訪問登錄頁
表名試圖在
的cols,IP
<?php
$dsn = "mysql:host=localhost;dbname=e-check";
$username = "root";
$password = "";
$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
$pdo = new PDO($dsn, $username, $password, $options);
$max_time_in_seconds = 5;
$max_attempts = 3;
//here i printed to see ht counter number
echo login_attempt_count($max_time_in_seconds, $pdo) <= $max_attempts;
if(login_attempt_count($max_time_in_seconds, $pdo) <= $max_attempts){
// login form
echo'
<form action="index_new.php" method="POST">
<table align="left">
<tr><td><span class="caption">login form</span></td></tr>
<tr><td colspan="2"><hr></td></tr>
<tr><td>name:</td></tr>
<tr><td><input type="text" name="uname" required></td> </tr>
<tr><td>pass:</td></tr>
<tr><td><input type="password" name="psswd" required></td></tr>
<tr><td class="button1"><input type="submit" name="submitBtn" value="login" class="button"></td></tr>
</table> </form>';
} else {
echo "<div class='test'>will be blocked for few seconds</div>";
}function login_attempt_count($seconds, $pdo) {
try {
// delete old attempts from the table
$del_old = "DELETE FROM attempts WHERE `when` < ?";
$oldest = strtotime(date("Y-m-d H:i:s")." - ".$seconds." seconds");
$oldest = date("Y-m-d H:i:s",$oldest);
$del_data = array($oldest);
$remove = $pdo->prepare($del_old);
$remove->execute($del_data);
// insert this attempt into the table
$insert = "INSERT INTO attempts (`ip`, `when`) VALUES (?, ?)";
$data = array($_SERVER['REMOTE_ADDR'], date("Y-m-d H:i:s"));
$input = $pdo->prepare($insert);
$input->execute($data);
//count the number of recent attempts from this ip address
$count = "SELECT count(*) as number FROM attempts where `ip` = ?";
$num = $pdo->prepare($count);
$num->execute(array($_SERVER['REMOTE_ADDR']));
foreach($num as $attempt) {
$attempts = $attempt['number'];
}return $attempts;
} catch (PDOEXCEPTION $e) {
echo "Error: ".$e;}}?>
將$ max_time_in_seconds增加到60並再次檢查。 –
'WHERE created_at> = DATE_SUB(UTC_TIMESTAMP(),INTERVAL 60 SECOND)''也許? – tadman
您想更新失敗嘗試的行,而不是INSERT。這就是爲什麼你總是有1計數。你總是插入相同的。 –