我想用php写一段代码,这样如果用户尝试用同一个IP登录3次而登录失败,那么他将在60秒内无法登录。 我的代码如下 请帮助我如何编写这段代码。 html代码=>
<body class="login-body">
<div class="container">
<img src="../../public/admin/img/logo.png" width="auto" height="150" alt="" class="hamedghLogo"/>
<span style="font-size: 50px;" class="res"></span>
<form class="form-signin" action="" method="post">
<h2 class="form-signin-heading">پنل ورود ادمین</h2>
<div class="login-wrap">
<input type="email" class="form-control email" placeholder="نام کاربری" name="frm[email]" autofocus>
<input type="password" class="form-control" name="frm[password]" placeholder="کلمه عبور">
<!--<label class="checkbox">
<input type="checkbox" value="remember-me"> مرا به خاطر بسپار
<span class="pull-right"> <a href="#"> کلمه عبور را فراموش کرده اید؟</a></span>
</label>-->
<button class="btn btn-lg btn-login btn-block" type="submit" name="btn">ورود</button>
</div>
</form>
</div>
</body>
php代码=>
switch ($action) {
case 'login_adm':
?> <!--<script src="https://www.google.com/recaptcha/api.js?render=6LdLk7EUAAAAAEWHuB2tabMmlxQ2-RRTLPHEGe9Y"></script>--><?php
/*if (isset($_GET["c"])) {
if ($_GET['c'] != "adm" && $_GET["a"] != "login_adm") {
echo "1";
}else{
echo "aa";
}
}*/
define("SITE_URL", "localhost:81");
define("BASE_URL", "http://localhost:81/index.php?c=adm&a=login_adm");
//var_dump($_SERVER);
if ($_SERVER["HTTP_HOST"] == SITE_URL) {
if ($_POST) {
if (isset($_SERVER["HTTP_REFERER"]) && $_SERVER["HTTP_REFERER"] == BASE_URL) {
$data = $_POST['frm'];
$password = sha1(clearInputs($data['password']));
$email = clearInputs($data['email']);
$user = $adm->adm_login($email, $password);
if (!empty($data['email']) && !empty($data['password'])) {
if (strlen($data['email']) == 21/*مقدار عددی پسورد وارد شود*/ && strlen($data['password'])== 3) {
if ($user && !is_null($user['password']) && $user['password'] == $password && $user['email'] == $email) {
$sqlCommand = "SELECT * FROM adm_tbl WHERE email= ? AND password= ?";
$results = $db->prepare($sqlCommand);
$results->execute(array($email, $password));
if ($results->rowCount() == 1) {
session_regenerate_id();
$_SESSION['loggedin_time'] = time();
$_SESSION['email_id'] = $user['email'];
$_SESSION['user_id'] = $user['id'];
$_SESSION['name_id'] = $user['name'];
$_SESSION['lastname_id'] = $user['lastname'];
$_SESSION['work_id'] = $user['work'];
?><script type="text/javascript">window.location="admin/index.php?c=index&a=index";</script><?php
}
} else {
echo "<p class='alert alert-danger' style='text-align: center'>نام کاربری یا رمز عبور وارد شده اشتباه است!</p>";
}
} else {
echo "<p class='alert alert-danger' style='text-align: center'>نام کاربری یا رمز عبور وارد شده اشتباه است.</p>";
}
} else {
$null = "<p class='alert alert-danger' style='text-align: center'>لطفا نام کاربری و رمز عبور را پر کنید.</p>";
echo $null;
}
}
}
}
break;
case
'logout':
session_destroy();
?><script type="text/javascript">window.location="index.php?c=index&a=index";</script><?php
break;
}
功能码=>
class adm
{
public function __construct()
{
global $db;
@$this->db = $db;
}
public function adm_login($email, $password)
{
$results = $this->db->query("SELECT * FROM adm_tbl WHERE email='$email' AND password='$password'");
$row=$results->fetch(PDO::FETCH_ASSOC);
return $row;
}
}
请将代码添加到我的代码中,以便我可以正确检查。
更新您的 php 代码如下
switch ($action) {
case 'login_adm':
define("SITE_URL", "localhost:81");
define("BASE_URL", "http://localhost:81/index.php?c=adm&a=login_adm");
//var_dump($_SERVER);
/// check for login logs first attempt and set variables
if ( !isset( $_SESSION['login_attempt'] ) ) {
$_SESSION['login_attempt'] = 0;
$_SESSION['login_log'] = date( "Y-m-d H:i:s" );
$_SESSION['login_ip'] = $_SERVER["REMOTE_ADDR"];
}
// if fail attempt more than 3 and same ip address
if($_SESSION['login_attempt'] > 3 and $_SERVER["REMOTE_ADDR"]==$_SESSION['login_ip']){
$diff = ( strtotime( date( "Y-m-d H:i:s" ) ) - strtotime( $_SESSION['login_log'] ) );
if ( $diff < 60 ) {
// login blocked
echo "<p class='alert alert-danger' style='text-align: center'>wait for 60 sec</p>";
}
}
if ($_SERVER["HTTP_HOST"] == SITE_URL) {
if ($_POST) {
if (isset($_SERVER["HTTP_REFERER"]) && $_SERVER["HTTP_REFERER"] == BASE_URL) {
$data = $_POST['frm'];
$password = sha1(clearInputs($data['password']));
$email = clearInputs($data['email']);
$user = $adm->adm_login($email, $password);
if (!empty($data['email']) && !empty($data['password'])) {
if (strlen($data['email']) == 21/*مقدار عددی پسورد وارد شود*/ && strlen($data['password'])== 3) {
if ($user && !is_null($user['password']) && $user['password'] == $password && $user['email'] == $email) {
$sqlCommand = "SELECT * FROM adm_tbl WHERE email= ? AND password= ?";
$results = $db->prepare($sqlCommand);
$results->execute(array($email, $password));
if ($results->rowCount() == 1) {
session_regenerate_id();
$_SESSION['loggedin_time'] = time();
$_SESSION['email_id'] = $user['email'];
$_SESSION['user_id'] = $user['id'];
$_SESSION['name_id'] = $user['name'];
$_SESSION['lastname_id'] = $user['lastname'];
$_SESSION['work_id'] = $user['work'];
?>
<script type="text/javascript">window.location="admin/index.php?c=index&a=index";</script>
<?php
}
} else {
// fail login counter
$_SESSION['login_attempt'] ++ ;
echo "<p class='alert alert-danger' style='text-align: center'>نام کاربری یا رمز عبور وارد شده اشتباه است!</p>";
}
} else {
// fail login counter
$_SESSION['login_attempt'] ++ ;
echo "<p class='alert alert-danger' style='text-align: center'>نام کاربری یا رمز عبور وارد شده اشتباه است.</p>";
}
} else {
$null = "<p class='alert alert-danger' style='text-align: center'>لطفا نام کاربری و رمز عبور را پر کنید.</p>";
echo $null;
}
}
}
}
break;
case
'logout':
session_destroy();
?><script type="text/javascript">window.location="index.php?c=index&a=index";</script><?php
break;
}
我添加了会话变量检查系统来跟踪每次登录尝试和之前的登录差异(如果不正确)。登录尝试会话计数器也会在登录失败时更新。