我只想限制登录尝试次数 (三次尝试后,用户将被锁定)
我已经在数据库中拥有用户和密码
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['userName'])) {
$loginUsername=$_POST['userName'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_conn_helpdesk, $conn_helpdesk);
$LoginRS__query=sprintf("SELECT userName, password FROM technician WHERE userName=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $conn_helpdesk) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
echo "erorr";
}
header("Location: " . $MM_redirectLoginSuccess );
}
}
?>
如何将其实现到我的代码中? PS:此代码由Dreamweaver生成。
答案 0 :(得分:1)
首先,您需要在数据库中创建一个新表,以存储有关某台计算机的登录尝试的信息。在MySQL服务器中创建此类表的SQL脚本将如下所示。对于其他数据库,它会略有不同。
CREATE TABLE `LoginAttempts`
(
`IP` VARCHAR( 20 ) NOT NULL ,
`Attempts` INT NOT NULL ,
`LastLogin` DATETIME NOT NULL
)
假设您已经拥有授权页面。否则,您可以使用PHP,SSI和类似语言创建它。编写这个程序(脚本)没有太大的困难。
授权页面应该使用两个表:一个表存储有关注册用户的信息,另一个表列出登录尝试失败的表。 在验证输入的数据之前,系统必须检查用户是否超出了尝试限制。如果在LoginAttempts表中有两个以上的记录对应一个IP地址,则会出现错误消息,说明访问被阻止了一段时间。您可以自行决定时间段。根据您的安全政策,它可以在1分钟到24小时或更长时间内变化。在以下示例中,访问将被阻止30分钟。
<?php
function confirmIPAddress($value) {
$q = "SELECT attempts, (CASE when lastlogin is not NULL and DATE_ADD(LastLogin, INTERVAL ".TIME_PERIOD.
" MINUTE)>NOW() then 1 else 0 end) as Denied FROM ".TBL_ATTEMPTS." WHERE ip = '$value'";
$result = mysql_query($q, $this->connection);
$data = mysql_fetch_array($result);
//Verify that at least one login attempt is in database
if (!$data) {
return 0;
}
if ($data["attempts"] >= ATTEMPTS_NUMBER)
{
if($data["Denied"] == 1)
{
return 1;
}
else
{
$this->clearLoginAttempts($value);
return 0;
}
}
return 0;
}
function addLoginAttempt($value) {
//Increase number of attempts. Set last login attempt if required.
$q = "SELECT * FROM ".TBL_ATTEMPTS." WHERE ip = '$value'";
$result = mysql_query($q, $this->connection);
$data = mysql_fetch_array($result);
if($data)
{
$attempts = $data["attempts"]+1;
if($attempts==3) {
$q = "UPDATE ".TBL_ATTEMPTS." SET attempts=".$attempts.", lastlogin=NOW() WHERE ip = '$value'";
$result = mysql_query($q, $this->connection);
}
else {
$q = "UPDATE ".TBL_ATTEMPTS." SET attempts=".$attempts." WHERE ip = '$value'";
$result = mysql_query($q, $this->connection);
}
}
else {
$q = "INSERT INTO ".TBL_ATTEMPTS." (attempts,IP,lastlogin) values (1, '$value', NOW())";
$result = mysql_query($q, $this->connection);
}
}
function clearLoginAttempts($value) {
$q = "UPDATE ".TBL_ATTEMPTS." SET attempts = 0 WHERE ip = '$value'";
return mysql_query($q, $this->connection);
}
?>