<?php if (!isset($_POST['submit'])) { header("Location: ../index.php?login=error"); exit(); } else { include_once 'dbh.php'; include_once '../header2.php'; $uid = $_POST['uid']; $pwd = $_POST['password']; date_default_timezone_set("Australia/Melbourne"); $date = date("Y-m-d H:i:s");$ sql =“更新用户SET user_session =吗? WHERE user_uid =?;“; $ stmt = mysqli_stmt_init($ conn)//准备准备好的语句if(!mysqli_stmt_prepare($ stmt, $ sql)){ 回显“ SQL语句失败”; } else {//将参数绑定到占位符mysqli_stmt_bind_param($ stmt,“ ss”,$ date, $ _SESSION ['u_uid']); //在数据库内部运行参数 mysqli_stmt_execute($ stmt); //包含错误处理程序: //检查输入是否为空 //登录前检查用户是否已激活他或她的帐户 $ user_activate = 0; if(empty($ uid)|| empty($ pwd)){ 回显“”; 出口(); }其他{
// Check to see if user has activated his or her account $sql = "SELECT * FROM users WHERE user_activate = ? AND user_uid= ?;"; $stmt = mysqli_stmt_init($conn); //Prepare the prepared statement if (!mysqli_stmt_prepare($stmt, $sql)) { echo 'SQL statement failed'; } else { //Bind parameters to the placeholder mysqli_stmt_bind_param($stmt, "is", $user_activate, $uid); //Run parameters inside database mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); $resultCheck = mysqli_num_rows($result); if($resultCheck > 0) { echo "<meta http-equiv='refresh' content='0;url=../signup.php?signup=notactivated'>"; exit(); } else { // Check to see if the username exists in the database $sql = "SELECT * FROM users WHERE user_uid = ? OR user_email = ?"; $stmt = mysqli_stmt_init($conn); //Prepare the prepared statement if (!mysqli_stmt_prepare($stmt, $sql)) { echo 'SQL statement failed'; } else { //Bind parameters to the placeholder mysqli_stmt_bind_param($stmt, "ss", $uid, $uid); //Run parameters inside database mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); $resultCheck = mysqli_num_rows($result); if ($resultCheck < 1) { echo "<meta http-equiv='refresh' content='0;url=../index.php?login=notsignup'>"; exit(); } else { // Does the password match the password in the database? // while($row = mysqli_fetch_assoc($result)); if ($row = mysqli_fetch_assoc($result)) { // insert database results into an array // De-hasing the password $date = strip_tags(date('Y-m-d H:i:s', strtotime("+5 minutes"))); $login_attempts += 1; $sql2 = "UPDATE users SET login_attempts = ?, login_failed_delay = ? WHERE user_uid = ? "; if (!mysqli_stmt_prepare($stmt, $sql2)) { echo 'SQL statement failed'; } else { //Bind parameters to the placeholder mysqli_stmt_bind_param($stmt, "iss", $login_attempts, $date, $uid); //Run parameters inside database mysqli_stmt_execute($stmt); $hashedPwdCheck = password_verify($pwd, $row['user_password']); if ($hashedPwdCheck == false && $date < $row['login_failed_delay']) { echo "<meta http-equiv='refresh' content='0;url=../login_attempt.php?login=passwordfailed&id=".$uid."''>"; exit(); } elseif ($hashedPwdCheck == true && $date > $row['login_failed_delay']){ // Log in the user here $_SESSION['u_id'] = $row['user_id']; $_SESSION['u_first'] = $row['user_first']; $_SESSION['u_last'] = $row['user_last']; $_SESSION['u_email'] = $row['user_email']; $_SESSION['u_uid'] = $row['user_uid']; $_SESSION['u_permission'] = $row['admin']; $_SESSION['u_session'] = $row['user_session']; $_SESSION['freelesson'] = $row['freelesson']; $_SESSION['datejoined'] = $row['datejoined']; $_SESSION['premium'] = $row['premium']; // Insert into reward points when login // Select names from rewards $sql2 = "SELECT * FROM rewards WHERE user_uid = ?;"; $stmt = mysqli_stmt_init($conn); //Prepare the prepared statement if (!mysqli_stmt_prepare($stmt, $sql2)) { echo 'SQL statement failed'; } else { //Bind parameters to the placeholder mysqli_stmt_bind_param($stmt, "s", $uid); //Run parameters inside database mysqli_stmt_execute($stmt); $result2 = mysqli_stmt_get_result($stmt); $resultCheck2 = mysqli_num_rows($result2); while ($row2 = mysqli_fetch_assoc($result2)) { $_SESSION['u_reward_points'] = $row2['reward_points']; $points = 100; $_SESSION['u_reward_points'] += $points; $sql = "UPDATE rewards SET reward_points = ? WHERE user_uid = ?; "; $stmt = mysqli_stmt_init($conn); //Prepare the prepared statement if (!mysqli_stmt_prepare($stmt, $sql)) { echo 'SQL statement failed'; } else { //Bind parameters to the placeholder mysqli_stmt_bind_param($stmt, "is", $_SESSION['u_reward_points'], $_SESSION['u_uid']); //Run parameters inside database mysqli_stmt_execute($stmt); echo "<meta http-equiv='refresh' content='0;URL=../header2.php?login=success' />" ; exit(); } } } } } } } } } } } } }
I get the following output on the screen:
[![enter image description here][1]]
答案 0 :(得分:0)
创建一个全局变量$i = 0;。然后针对每个登录错误(每次您呼叫echo "SQL Statement Failed";),执行/添加$i++;。每次提交表单时,请致电stopLoginAttempts();。
请记住,这是所有客户端代码。 不是服务器端!
function stopLoginAttempts() {
if ($i == 5) {
echo //echo a script tag that setTimeout(login, 5min);
}
elseif ($i == 10) {
echo //echo a script tag with JS that will call another setTimeout that will stop login attempts for a certain amount of time
}
}