问题是在帐户锁定之后,然后在下一次失败的尝试中它清除锁定,换句话说,上面的两个变量不对,或者if条件不对,因为它应该等待10分钟,之后用户尝试并在10分钟后成功登录,然后解锁帐户 意思是清除它
// Find out if user is locked out of their account
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) < time())) {
$currentDateTime = time();
$minutes = floor(($currentDateTime-$lockDate) / 60);
// Take minutes and perform tasks
if ($lockDate > 0 && $minutes < 10) {
// Calculate time remaining
$timeRemaining = 10 - $minutes;
// Account locked error
$errors = true;
$message = "Your account is currently locked, we appologize for the inconvienence. You must wait '" .$timeRemaining."' minutes before you can log in again!";
$output = array('errorsExist' => $errors, 'message' => $message);
} else {
// Clear the lock
$query = "UPDATE manager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
}
}
答案 0 :(得分:2)
如果您在检索用户记录时在数据库中进行了日期/时间比较,那会更好。
$sql = <<<EOL
SELECT userID, UNIX_TIMESTAMP(lockDate) as lockDatetimestamp
FROM manage_users
WHERE (userID = $userID) and
(lockDate IS NOT NULL) and
(lockoutDate <= DATE_SUB(now(), INTERVAL 10 MINUTE));
EOL;
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$row mysql_fetch_assoc($result);
$locktime = date('...some date format ...', $row['lockDatetimestamp'])
die("Your account is locked and reopens $locktime");
}
... if you get here, the account's not locked ...
答案 1 :(得分:1)
我认为您的代码没有任何问题。只要字段lockDate和hackerIPAddress可以为空并且userID是字符串,您的查询就可以正常运行。