1. 首頁
  2. 問答
  3. 登錄日誌 - 發送電子郵件給管理員一旦

登錄日誌 - 發送電子郵件給管理員一旦

2017-03-14 113 views
1

處於困境因此Im ..登錄日誌 - 發送電子郵件給管理員一旦

我已經創建了我的班,工作正常,象電子郵件的發送然而,如果用戶保持按壓登錄它會一遍又一遍地發送電子郵件,它只應該發送一次。我要麼把它放在錯誤的地方或者我需要添加別的東西給它,而我是有點失落。

這裏是我的代碼:

public function login($username, $password) 
    { 
     if (!empty($username) || !empty($password)) 
     { 
      $ip = $_SERVER['REMOTE_ADDR']; 
      $stmt = $this->run("SELECT * FROM `users` WHERE `username` = ?"); 
      $stmt->execute([$username]); 

      $row = $stmt->fetch(PDO::FETCH_ASSOC); 

      $blocked = $this->run("SELECT count(*) FROM `failedLogins` WHERE `ipAddress` = ?"); 
      $blocked->execute([$ip]); 
      $re = $blocked->fetchColumn(); 


      $ipBlock = $this->run("SELECT * FROM `blockedIPS` WHERE `ip` = ?"); 
      $ipBlock->execute([$ip]); 

      if ($re <= 6) { 
       if ($ipBlock->rowCount() == 0) 
       { 
        if ($stmt->rowCount() > 0) { 
         if (password_verify($password, $row['password'])) { 
          $_SESSION['user_session'] = $row['userid']; 

          $stmt = $this->run("UPDATE `users` SET `loginCount` = `loginCount` + 1, `loginIP` = ? WHERE `username` = ?"); 
          $stmt->execute([$ip, $username]); 

          $add = $this->run("INSERT INTO `loginLog` (`username`,`ipAddress`, `date`) VALUES (?,?, NOW())"); 
          $add->execute([$username, $ip]); 
          $this->redirect('home'); 

         } else { 
          $stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`,`reason`) VALUES (?,?,?,NOW(),'Incorrect Password')"); 
          $stmt->execute([$username, $password, $ip]); 

          echo Common::warning('The password you have entered is incorrect'); 
         } 
        } else { 
         $stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`, `reason`) VALUES (?,?,?,NOW(), 'Username guess, possible brute force')"); 
         $stmt->execute([$username, $password, $ip]); 
         echo Common::error('This username doesn\'t exist.'); 
        } 
       } else { 
        Common::emailAdmin("The following IP address has now been blocked from logging in: $ip"); 
        echo Common::error('Your IP address has been blocked from accessing our website.'); 
       } 
      } else { 
       $stmt = $this->run("INSERT INTO `blockedIPS`(`ip`,`date`) VALUES (?,NOW())"); 
       $stmt->execute([$ip]); 

       echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.'); 
      } 
     } else { 
      echo Common::warning('Please fill in both fields.'); 
     } 
    }

機會是我已經放錯了地方,但第二雙眼睛掃視過來,告訴我在哪裏我已經搞砸將是巨大的!

來源

2017-03-14 Option

回答

1

我會刪除代碼的else部分:

else { 
    Common::emailAdmin("The following IP address has now been blocked from logging in: $ip"); 
    echo Common::error('Your IP address has been blocked from accessing our website.'); 
}

並移動電子郵件行成else,你更新blockedIPS,如:

$stmt = $this->run("INSERT INTO `blockedIPS`(`ip`,`date`) VALUES (?,NOW())"); 
$stmt->execute([$ip]); 

echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.'); 

Common::emailAdmin("The following IP address has now been blocked from logging in: $ip");

因爲這是你實際上是在那裏阻止IP,它使得在這個階段發送電子郵件。

而且,你實際上並沒有從嘗試再次登錄阻斷blockedIPS,你應該確保你避免這些IP來自登錄,無論失敗的嘗試。

E.g.

if ($ipBlock->rowCount() >= 1) { 
    // IP has been blocked already 
    echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.'); 
    // prevent further access 
} else { 
// do the rest, including blocking IP here 
}

來源

2017-03-14 12:22:31

+0

似乎做的伎倆:)我想我可能已經完成了與if語句的東西方塊!現在,在與初始,IM允許失敗的密碼在未加密的去摻和這個..通常我不會,但你會建議反對? – Option

+0

不會推薦它,因爲你基本上是創建一個沒有工作的密碼的數據庫。如果該信息不斷得到泄露,你剛剛提供的不需要嘗試密碼的列表,從而減少了時間有人來暴力破解正確的。 –

+0

非常真實的那裏!我將哈希它在那種情況下甚至刪除我猜,因爲它不是拼命要求,更是一個日誌。再次感謝! – Option

相關問題

 相關問題