我创建了一个登录尝试锁定系统。
在cms_login_failures中的24小时内发生5次错误锁定尝试后,单个条目应放在cms_user_lockout内,然后代码会检查该表以查看该帐户是锁定还是未锁定。将用户放入cms_user_lockout后,tinyint字段应设置为 0 (锁定48小时)但如果我将其更改为 1 ,它应该解锁。
我的问题是,现在每次不良尝试都会被记录到cms_user_lockout并且锁定本身没有被应用并且错误:
$errors->defineError("locked_out", "Your account has been locked due to repeated login failures, please contact your administrator.", array());
未输出。
以下是锁定系统的代码段,有人可以帮我解决这个问题吗?
$allowed_login = 1;
$qry_CheckDatabase = " SELECT *
FROM
cms_user_lockout
WHERE
culo_date_time >= DATE_SUB(CURRENT_TIMESTAMP, INTERVAL 48 HOUR)
AND
culo_user_id = " . $db->SQLString($row->user_id) . "
LIMIT 1
";
$rs_CheckDatabase = $db->query($qry_CheckDatabase);
if ($rs_CheckDatabase->num_rows > 0) {
$lockedOut = $rs_CheckDatabase->fetch_object();
$allowed_login = $lockedOut->culo_reactivated;
}
if (!$allowed_login) {
$errors->defineError("locked_out", "Your account has been locked due to repeated login failures, please contact your administrator.", array());
} else {
/ ---------------------- /
if (!(isset($pw_ok) && $pw_ok)) {
$errors->defineError("invalid_user_pass", "Your username or password is invalid. Please try again.", array("username","password"));
if (isset($_SERVER["REMOTE_ADDR"])) {
$str_RemoteHost = $_SERVER["REMOTE_ADDR"];
} else {
$str_RemoteHost = '';
}
$qry_CheckDatabase = " SELECT count(*) as login_failures
FROM
cms_user_login_failures
WHERE
culf_date_time >= DATE_SUB(CURRENT_TIMESTAMP, INTERVAL 24 HOUR)
AND
culf_user_id = " . $db->SQLString($row->user_id) . "";
$login_failures = 0;
$rs_CheckDatabase = $db->query($qry_CheckDatabase);
if ($rs_CheckDatabase->num_rows > 0) {
$rowCheck = $rs_CheckDatabase->fetch_object();
$login_failures = $rowCheck->login_failures;
}
$qry_WriteToDatabase = " INSERT INTO cms_user_login_failures
(
culf_user_id,
culf_date_time,
culf_remote_host
)
VALUES (
" . $db->SQLString($row->user_id) . ",
Now(),
" . $db->SQLString($str_RemoteHost, true) . "
)";
$db->query($qry_WriteToDatabase);
if ($login_failures > 4) {
$qry_WriteToDatabase = " INSERT INTO cms_user_lockout
(
culo_user_id,
culo_date_time
)
VALUES (
" . $db->SQLString($row->user_id) . ",
Now()
)";
$db->query($qry_WriteToDatabase);