解决帐户锁定问题

发布于 2024-11-17 06:14:03 字数 1069 浏览 0 评论 0原文

问题出在帐户锁定之后，然后在下一次失败的尝试时它会清除锁定，因此换句话说，上面的两个变量不正确或 if 条件不正确，因为它应该等待 10 分钟，然后用户尝试并10 分钟后成功登录，然后解锁帐户意义清除它

// Find out if user is locked out of their account
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) < time())) {

    $currentDateTime = time();
    $minutes = floor(($currentDateTime-$lockDate) / 60);

    // Take minutes and perform tasks
    if ($lockDate > 0 && $minutes < 10) {

        // Calculate time remaining
        $timeRemaining = 10 - $minutes;

        // Account locked error
        $errors = true;
        $message = "Your account is currently locked, we appologize for the inconvienence. You must wait '" .$timeRemaining."' minutes before you can log in again!";

        $output = array('errorsExist' => $errors, 'message' => $message);

   } else {

        // Clear the lock
        $query = "UPDATE manager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
        $result = mysqli_query($dbc,$query);

   } 
}

原文

The problem is right after the account locks then on the next failed attempt it clears the lock so in other words the two variables above are not right or the if condition isn't right because its supposed to wait 10 minutes and after that user attempts and successfully logs in after that 10 minutes THEN it unlocks the account
meaning clears it

// Find out if user is locked out of their account
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) < time())) {

    $currentDateTime = time();
    $minutes = floor(($currentDateTime-$lockDate) / 60);

    // Take minutes and perform tasks
    if ($lockDate > 0 && $minutes < 10) {

        // Calculate time remaining
        $timeRemaining = 10 - $minutes;

        // Account locked error
        $errors = true;
        $message = "Your account is currently locked, we appologize for the inconvienence. You must wait '" .$timeRemaining."' minutes before you can log in again!";

        $output = array('errorsExist' => $errors, 'message' => $message);

   } else {

        // Clear the lock
        $query = "UPDATE manager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
        $result = mysqli_query($dbc,$query);

   } 
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

望笑 2024-11-24 06:14:03

如果您在检索用户记录时在数据库中进行日期/时间比较，那就更好了。

$sql = <<<EOL
SELECT userID, UNIX_TIMESTAMP(lockDate) as lockDatetimestamp
FROM manage_users
WHERE (userID = $userID) and
    (lockDate IS NOT NULL) and
    (lockoutDate <= DATE_SUB(now(), INTERVAL 10 MINUTE));
EOL;

$result = mysql_query($sql) or die(mysql_error());

if (mysql_num_rows($result) > 0) {
    $row  mysql_fetch_assoc($result);
    $locktime = date('...some date format ...', $row['lockDatetimestamp'])
    die("Your account is locked and reopens $locktime");
}

... if you get here, the account's not locked ...

It'd be better if you did the date/time comparisons in the database, at the time you retrieve the user record.

$sql = <<<EOL
SELECT userID, UNIX_TIMESTAMP(lockDate) as lockDatetimestamp
FROM manage_users
WHERE (userID = $userID) and
    (lockDate IS NOT NULL) and
    (lockoutDate <= DATE_SUB(now(), INTERVAL 10 MINUTE));
EOL;

$result = mysql_query($sql) or die(mysql_error());

if (mysql_num_rows($result) > 0) {
    $row  mysql_fetch_assoc($result);
    $locktime = date('...some date format ...', $row['lockDatetimestamp'])
    die("Your account is locked and reopens $locktime");
}

... if you get here, the account's not locked ...

回复收藏 0 原文