1. 首頁
  2. 問答
  3. 三次登錄嘗試失敗後PHP阻止訪問登錄頁

三次登錄嘗試失敗後PHP阻止訪問登錄頁

2016-08-30 200 views
-3

我想在使用ip進行3次錯誤的登錄嘗試後,阻止用戶一段時間。 我的問題是,計數器總是1每次我輸入錯誤的數據計數器仍然是1 任何幫助,我在下面的代碼錯了嗎?三次登錄嘗試失敗後PHP阻止訪問登錄頁

表名試圖在
的cols,IP

<?php 
    $dsn = "mysql:host=localhost;dbname=e-check"; 
    $username = "root"; 
    $password = ""; 
    $options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION); 
    $pdo = new PDO($dsn, $username, $password, $options); 
$max_time_in_seconds = 5; 
$max_attempts = 3; 
//here i printed to see ht counter number 
echo login_attempt_count($max_time_in_seconds, $pdo) <= $max_attempts; 
if(login_attempt_count($max_time_in_seconds, $pdo) <= $max_attempts){ 
    // login form 
    echo'  
<form action="index_new.php" method="POST"> 
     <table align="left"> 
      <tr><td><span class="caption">login form</span></td></tr> 
      <tr><td colspan="2"><hr></td></tr> 
      <tr><td>name:</td></tr> 
      <tr><td><input type="text" name="uname" required></td> </tr> 
      <tr><td>pass:</td></tr> 
      <tr><td><input type="password" name="psswd" required></td></tr> 
      <tr><td class="button1"><input type="submit" name="submitBtn" value="login" class="button"></td></tr> 
     </table> </form>'; 

} else { 
    echo "<div class='test'>will be blocked for few seconds</div>"; 
}function login_attempt_count($seconds, $pdo) { 
    try { 
     // delete old attempts from the table 
     $del_old = "DELETE FROM attempts WHERE `when` < ?"; 
     $oldest = strtotime(date("Y-m-d H:i:s")." - ".$seconds." seconds"); 
     $oldest = date("Y-m-d H:i:s",$oldest); 
     $del_data = array($oldest); 
     $remove = $pdo->prepare($del_old); 
     $remove->execute($del_data); 
     // insert this attempt into the table 
     $insert = "INSERT INTO attempts (`ip`, `when`) VALUES (?, ?)"; 
     $data = array($_SERVER['REMOTE_ADDR'], date("Y-m-d H:i:s")); 
     $input = $pdo->prepare($insert); 
     $input->execute($data); 
     //count the number of recent attempts from this ip address 
     $count = "SELECT count(*) as number FROM attempts where `ip` = ?"; 
     $num = $pdo->prepare($count); 
     $num->execute(array($_SERVER['REMOTE_ADDR'])); 
     foreach($num as $attempt) { 
      $attempts = $attempt['number']; 
     }return $attempts; 
    } catch (PDOEXCEPTION $e) { 
     echo "Error: ".$e;}}?>

來源

2016-08-30 Suma

+1

將$ max_time_in_seconds增加到60並再次檢查。 –

+0

'WHERE created_at> = DATE_SUB(UTC_TIMESTAMP(),INTERVAL 60 SECOND)''也許? – tadman

+0

您想更新失敗嘗試的行,而不是INSERT。這就是爲什麼你總是有1計數。你總是插入相同的。 –

回答

0 
<?php 
$dsn = "mysql:host=localhost;dbname=e-check"; 
$username = "root"; 
$password = ""; 
$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION); 
$pdo = new PDO($dsn, $username, $password, $options); 
$max_time_in_seconds = 5; 
$max_attempts = 3; 
//here i printed to see ht counter number 
echo login_attempt_count($max_time_in_seconds, $pdo) <= $max_attempts; 
if(login_attempt_count($max_time_in_seconds, $pdo) <= $max_attempts){ 
// login form 
echo'  
<form action="index_new.php" method="POST"> 
    <table align="left"> 
     <tr><td><span class="caption">login form</span></td></tr> 
     <tr><td colspan="2"><hr></td></tr> 
     <tr><td>name:</td></tr> 
     <tr><td><input type="text" name="uname" required></td> </tr> 
     <tr><td>pass:</td></tr> 
     <tr><td><input type="password" name="psswd" required></td></tr> 
     <tr><td class="button1"><input type="submit" name="submitBtn"   value="login" class="button"></td></tr> 
    </table> </form>'; 

} else { 
echo "<div class='test'>will be blocked for few seconds</div>"; 
}function login_attempt_count($seconds, $pdo) { 
try { 
    //do not delete old attempts from the table 

    // insert this attempt into the table 
    $insert = "INSERT INTO attempts (`ip`, `when`) VALUES (?, ?)"; 
    $data = array($_SERVER['REMOTE_ADDR'], CURRENT_TIMESTAMP); 
    $input = $pdo->prepare($insert); 
    $input->execute($data); 
    //count the number of recent attempts from this ip address 
    $count = "SELECT count(*) as number FROM attempts where (when > now() - INTERVAL 5 MINUTE) and `ip` = ?"; 
    $num = $pdo->prepare($count); 
    $num->execute(array($_SERVER['REMOTE_ADDR'])); 
    foreach($num as $attempt) { 
     $attempts = $attempt['number']; 
    }return $attempts; 
} catch (PDOEXCEPTION $e) { 
    echo "Error: ".$e;}}?>

此外,你將要運行的某種cron作業清除舊的登錄表。在我自己的服務器上,我清除了超過一個月的登錄數據。它每晚在午夜運行。如果您只存儲失敗的登錄名,則可以清除大於每分鐘X分鐘的所有行。

來源

2016-08-31 03:36:02

相關問題

 相關問題