0
我有几乎完成登录系统的代码。我的工作是,用户每次尝试登录并接收一条消息,说他们有一定的尝试次数。如果他们已经登录了5分钟,他们也会自动注销,我也有编码。我正在努力如何基于会话变量锁定用户10分钟。任何人都可以告诉我在哪里设置会话变量['LoginID']以及它需要处于什么状态,因为此刻,我收到一个错误,它是一个未定义的变量。如果有人可以用我当前的代码来帮助我,而不是完全提供一种不同的方法,那很好,因为那样我才能真正理解它。这里是我的代码:PHP锁定用户3次失败登录10分钟后
//careMarkBase starts a session, connects to the DB and has the following code for logging out a user after 5 minutes(which works)
$duration = (5 * 60);
if(isset($_SESSION['started'])){
$time = ($duration - (time() - $_SESSION['started']));
if($time <= 0){
session_unset();
session_destroy();
}
}
else{
$_SESSION['started'] = time();
}
,这是登录PHP
<?php include "CareMarkBase.php"; ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
echo "<p>Thanks for logging in <b>".$_SESSION['FName']." ".$_SESSION['SName']."</b>.</p>";
echo "<a href='CareMarkLogout.php'><input name='logoutBtn' type='submit' value='Logout'/></a>";
#set failed_login_attempts = 0
$set_failed_login_attempts=mysql_query("UPDATE login SET failed_login_attempts=0 WHERE LoginID=".$_SESSION['LoginID']);
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$userID = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checkloginEmp = mysql_query("SELECT * FROM UserDetails WHERE UserID = '".$userID."' AND Password = '".$password."'") or die(mysql_error());
if(mysql_num_rows($checkloginEmp) == 1)
{
$row = mysql_fetch_array($checkloginEmp);
$_SESSION['Username'] = $userID;
$_SESSION['FName'] = $row['FName'];
$_SESSION['SName'] = $row['SName'];
$_SESSION['LoggedIn'] = 1;
echo "<meta http-equiv='refresh' content='1;CareMarkLogin2.php'/>";
}
else
{
if (isset($_SESSION['LoggedAttempts'])){
$_SESSION['LoggedAttempts']++;
}
else{
$_SESSION['LoggedAttempts'] = 0;
}
$login = mysql_query("SELECT failed_login_attempts, last_failed_login FROM login WHERE LoginID ='".$_SESSION['LoginID']."'")or die(mysql_error());
if(mysql_num_rows($login) == 0){
#create failed_login_attempts = failed_login_attempts + 1 AND last_failed_login = NOW()
$failed_login_attempts=mysql_query("INSERT INTO login VALUES ('','".$_SESSION['LoggedAttempts']."',NOW())");
}
else{
$row = mysql_fetch_array($login);
$_SESSION['LoginID'] = $row['LoginID'];
$update_failed_login_attempts=mysql_query("UPDATE login SET failed_login_attempts='".$_SESSION['LoggedAttempts']."',
last_failed_login = NOW() WHERE LoginID ='".$_SESSION['LoginID']."'") or die(mysql_error());
}
}
$login_attempts_remaining=2 - $_SESSION['LoggedAttempts'];
if ($login_attempts_remaining<=0){
echo 'Locked out!';
//going to add code here after to check if they were locked out for more than 10 minutes then to set failed login attempts back to zero
}
else{
echo "Login Details Incorrect<p></p><p></p>";
echo "<p>Please try again or contact head office on 091 771705</p>
<p>You have ". $login_attempts_remaining ." login attempts remaining. </p>
<p> <form action='CareMarkLogin2.php' method='POST'>
<input type='submit' name='login' id='login' value='Try again'/>
</form>
</p>";
}
}
//}
else{
?>
<div id="mainText" style="width:400px;text-align:center;float:left" class="post">
<form method="post" action="CareMarkLogin2.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label>
<input type="text" name="username" id="username"/><br/><br/>
<label for="password">Password:</label>
<input type="password" name="password" id="password"/><br/><br/>
<input type="submit" name="login" id="login" value="Login"/>
</fieldset>
</form>
</div>
<?php
}
?>
感谢您的评论,我有点困惑。登录ID不等于用户ID虽然。我的主要问题是什么设置$ _SESSION ['LoginID']和... – user2363025 2013-05-12 18:38:39
为什么你使用不同的ID?如果他们还没有登录,您必须使用的唯一ID是用户名,这就是超时应与之相关联的内容。 – Barmar 2013-05-12 18:44:17
我改变了布局,因为我感到非常困惑,但谢谢! – user2363025 2013-05-12 21:34:39