我必须限制登录,如果大规模失败尝试进入,我想阻止所有IP。如何使用下面的代码实现这一点?如果以下代码不够好,请告知有关此事的好教程。
<?php
$throttle = array(1 => 1, 10 => 2, 1000 => 'captcha');
$getfailedq = 'SELECT MAX(attempted) AS attempted FROM failed_logins';
$getfailed = $muc->prepare($getfailedq);
$getfailed->execute();
if ($getfailed->rowCount() > 0) {
$row = $getfailed->fetch(PDO::FETCH_ASSOC);
$latest_attempt = (int) date('U', strtotime($row['attempted']));
$getfailedq = 'SELECT Count(*) AS failed FROM failed_logins WHERE attempted > Date_sub(Now(), INTERVAL 15 minute)';
$getfailed = $muc->prepare($getfailedq);
$getfailed->execute();
if ($getfailed->rowCount() > 0) {
$row = $getfailed->fetch(PDO::FETCH_ASSOC);
$failed_attempts = (int) $row['failed'];
krsort($throttle);
foreach ($throttle as $attempts => $delay) {
if ($failed_attempts > $attempts) {
if (is_numeric($delay)) {
$remaining_delay = time() - $latest_attempt + $delay;
echo 'You must wait ' . $remaining_delay . ' seconds before your next login attempt';
} else {
echo "captcha";
}
break;
}
}
}
}
?>
答案 0 :(得分:3)
这主要是伪代码,基于您的示例。您可以在public $host = 'localhost';
public $user = 'root;
public $password = '';
public $db = 'joomla';
public $dbprefix = 'jos_';
表格中添加ip字段,同时创建名为failed_logins的新表格。
blocked_logins这至少应该让你开始朝着正确的方向前进。