2011-06-20 112 views
0

因此,當用戶第一次登錄失敗時,它會執行任務70-73 ,然後跳轉到111.然而,當剩餘機率變爲0時,該部分正常工作,這意味着失敗的登錄值在分貝將是5它應該做的76行開始的步驟,但事實並非如此。相反,它顯示爲0的機會剩下,然後就是這樣。我確定我的邏輯是正確的,但代碼只是放在錯誤的地方。 (http://pastebin.com/p3n1Fr78)用PHP登錄失敗

// User is registered and verified 
$query = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'"; 
$result = mysqli_query($dbc,$query); 
$row = mysqli_fetch_array($result); 

$lockDate = $row['lockDate']; 

// Find out if user is locked out of their account 
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) <= time())) { 

    $currentDateTime = time(); 
    $minutes = floor(($currentDateTime-$lockDate)/60); 

    // Take minutes and perform tasks 
    if ($lockDate > 0 && $minutes < 10) { 

     // Calculate time remaining 
     $timeRemaining = 10 - $minutes; 

     // Account locked error 
     $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait ' .$timeRemaining.' minutes before you can log in again!'); 

    } else { 

     // Clear the lock 
     $query = "UPDATE manager_users_logins_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'"; 
     $result = mysqli_query($dbc,$query); 

    } 

} else { 

    // Escape post data 
    $password = mysqli_real_escape_string($dbc,$_POST['password']); 

    // Assign hashed password to variable 
    $regenFromPostPW = reGenPassHash($password, $passwordDB2); 

    // Comparing the database password with the posted password 
    if ($passwordDB == $regenFromPostPW) { 

     $query2 = "UPDATE manager_users_logins SET numberOfLogins = numberOfLogins + 1, lastOnline = CURRENT_TIMESTAMP WHERE userID = '".$userID."'"; 
     $result2 = mysqli_query($dbc,$query2); 

     // Assign user data into an array 
     $loggedinUserDataArray = array('userID' => $userID, 'name' => $firstName . " " . $lastName); 

     // Assign user data array to new session 
     $_SESSION['user_data'] = $loggedinUserDataArray; 

     // See if the remember me checkbox was checked 
     if (isset($_POST['remember'])) { 

      // Sets an expiration time for the cookie 
      $myExpiration = time()+60*60*24*100; 

      // Sets the cookie for the username 
      setcookie("username", $username, $myExiration, "/"); 

     } 

     // Succesful login complete 
     $output = array('errorsExist' => false, 'message' => 'You have been logged in, please allow a moment while we load your account data!'); 

    } else { 

     // Login unsuccessful 

     $query = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'"; 
     $result = mysqli_query($dbc,$query); 
     $row = mysqli_fetch_array($result); 
     $failedLogins = $row['failedLogins']; 

     // Take failed logins and compare it 
     if ($row['failedLogins'] >= 5) { 

      // Retrieve IP Address of user trying to hack into account 
      $hackerIPAddress = $_SERVER['REMOTE_ADDR']; 

      // Update database after account getting hacked and run query 
      $query = "UPDATE manager_users_logins_hacking SET lockDate = CURRENT_TIMESTAMP, hackerIPAddress = '".$hackerIPAddress."' WHERE userID = '".$userID."'"; 
      $result = mysqli_query($dbc,$query); 

      $query2 = "SELECT * FROM manager_users WHERE userID = '".$userID."'"; 
      $result2 = mysqli_query($dbc,$query2); 
      $row = mysqli_fetch_array($result2); 
      $firstName = $row['firstName']; 
      $lastName = $row['lastName']; 

      // Email user new registration account 
      function my_domain_name() { 
       $my_domain = $_SERVER['HTTP_HOST']; 
       $my_domain = str_replace('www.', '', $my_domain); 
       return $my_domain; 
      } 
      $sender_email = "[email protected]"; 
      $reply_to = "[email protected]"; 
      $recipient_email = $email; 
      $email_subject = "KOW Manager Account Locked"; 

      $email_body = 'Hello '.$firstName.' '.$lastName.' You, or someone using your account at '.my_domain_name().', has attempted to hack into your account. If this is an error, ignore this email and you will be removed from our mailing list.<br /><br />Regards, '.my_domain_name().' Team'; 

      mailSomeone($email, $sender_email, $email_subject, $email_body); 

      // Account locked error 
      $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s! You must wait 10 minutes before you can login again!');   

     } else { 

      $query = "UPDATE manager_users_logins_hacking SET failedLogins = '".$failedLogins."'+ 1 WHERE userID = '".$userID."'"; 
      $result = mysqli_query($dbc,$query); 

      $query2 = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'"; 
      $result2 = mysqli_query($dbc,$query2); 
      $row2 = mysqli_fetch_array($result2); 
      $failedLogins = $row2['failedLogins']; 

      // Calculate how many chances the user has to login before account gets locked 
      $chancesLeft = 5 - $failedLogins; 

      // Invalid username and password error 
      $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' chances left to login succesfully or the account will be locked!'); 

     } 

    } 

} 
+9

堅持,我在你的數據源中計算行數,所以我可以看到你指的是什麼... – kinakuta

+0

我已經把一個鏈接到pastebin http://pastebin.com/p3n1Fr78這是奇怪的 –

+1

這是一段文字牆......你不能把它簡化成簡單的東西嗎? –

回答

2

好,有些東西的:

如果你沒有PHP的有缺陷的版本,數$ failedLogins是線76 if($row['failedLogins']>=5)間增加至5和第111行($query = "UPDATE manager_users_logins_hacking...)。如果它擊中第77行,它不能增加。

這就是說,它也不會遞減,所以我建議你可能要考慮添加邏輯設置計數爲0

您也可能會看到$chancesLeft,並期待它是$failedLogins(全過 - 一個常見的問題,不幸的是,我已經完成了我的份額,因此)。

另外:

第一:你確定你有錯誤報告設置爲最大?
其次,有條件的功能不好:

function my_domain_name() { 
    $my_domain = $_SERVER['HTTP_HOST']; 
    $my_domain = str_replace('www.', '', $my_domain); 
    return $my_domain; 
} 

這是最好的定義函數外,如果塊。即使你只使用一次。
第三,你真的應該只在你的問題中顯示立即相關的代碼,並嘗試格式化,以便於閱讀。我看到很多'".$variable".。您可能想要製作這些"UPDATE...$variable...",或者您應該避免使用單引號 - UPDATE ... SET FOO = \''.$foo.'\' WHERE..."的意思是「解析這個字符串」,我知道我期望它包含一些變量。

+0

它正在執行失敗登錄111上的增量。我知道這是因爲我正在查看數據庫中的失敗登錄字段。 –

+0

它可能會觸及第111行,但絕對不會有任何懷疑的影子,不會在第78行和第111行使用標準PHP安裝。因此,無論您使用的是哪種「if」無法正常工作的PHP版本,或者它沒有打到該行。 – cwallenpoole

1
$query = "UPDATE manager_users_logins_hacking SET failedLogins = '".$failedLogins."'+ 1 WHERE userID = '".$userID."'"; 

心不是failedLogins一些,而不是一個字符串?所以我認爲你需要擺脫報價

+0

好吧,不過謝謝它甚至沒有在76上的if語句上做任務。 –

+0

是的,但是$ failedlogins從0增加到5,語句111 –

+0

是的,我確信這一點。 –