登录日志 - 发送电子邮件给管理员一旦

Question

处于困境因此Im ..

我已经创建了我的班，工作正常，象电子邮件的发送然而，如果用户保持按压登录它会一遍又一遍地发送电子邮件，它只应该发送一次。我要么把它放在错误的地方或者我需要添加别的东西给它，而我是有点失落。

这里是我的代码：

public function login($username, $password) 
    { 
     if (!empty($username) || !empty($password)) 
     { 
      $ip = $_SERVER['REMOTE_ADDR']; 
      $stmt = $this->run("SELECT * FROM `users` WHERE `username` = ?"); 
      $stmt->execute([$username]); 

      $row = $stmt->fetch(PDO::FETCH_ASSOC); 

      $blocked = $this->run("SELECT count(*) FROM `failedLogins` WHERE `ipAddress` = ?"); 
      $blocked->execute([$ip]); 
      $re = $blocked->fetchColumn(); 


      $ipBlock = $this->run("SELECT * FROM `blockedIPS` WHERE `ip` = ?"); 
      $ipBlock->execute([$ip]); 

      if ($re <= 6) { 
       if ($ipBlock->rowCount() == 0) 
       { 
        if ($stmt->rowCount() > 0) { 
         if (password_verify($password, $row['password'])) { 
          $_SESSION['user_session'] = $row['userid']; 

          $stmt = $this->run("UPDATE `users` SET `loginCount` = `loginCount` + 1, `loginIP` = ? WHERE `username` = ?"); 
          $stmt->execute([$ip, $username]); 

          $add = $this->run("INSERT INTO `loginLog` (`username`,`ipAddress`, `date`) VALUES (?,?, NOW())"); 
          $add->execute([$username, $ip]); 
          $this->redirect('home'); 

         } else { 
          $stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`,`reason`) VALUES (?,?,?,NOW(),'Incorrect Password')"); 
          $stmt->execute([$username, $password, $ip]); 

          echo Common::warning('The password you have entered is incorrect'); 
         } 
        } else { 
         $stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`, `reason`) VALUES (?,?,?,NOW(), 'Username guess, possible brute force')"); 
         $stmt->execute([$username, $password, $ip]); 
         echo Common::error('This username doesn\'t exist.'); 
        } 
       } else { 
        Common::emailAdmin("The following IP address has now been blocked from logging in: $ip"); 
        echo Common::error('Your IP address has been blocked from accessing our website.'); 
       } 
      } else { 
       $stmt = $this->run("INSERT INTO `blockedIPS`(`ip`,`date`) VALUES (?,NOW())"); 
       $stmt->execute([$ip]); 

       echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.'); 
      } 
     } else { 
      echo Common::warning('Please fill in both fields.'); 
     } 
    } 

机会是我已经放错了地方，但第二双眼睛扫视过来，告诉我在哪里我已经搞砸将是巨大的！

Answer 1

我会删除代码的else部分：

else { 
    Common::emailAdmin("The following IP address has now been blocked from logging in: $ip"); 
    echo Common::error('Your IP address has been blocked from accessing our website.'); 
} 

并移动电子邮件行成else，你更新blockedIPS，如：

$stmt = $this->run("INSERT INTO `blockedIPS`(`ip`,`date`) VALUES (?,NOW())"); 
$stmt->execute([$ip]); 

echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.'); 

Common::emailAdmin("The following IP address has now been blocked from logging in: $ip"); 

因为这是你实际上是在那里阻止IP，它使得在这个阶段发送电子邮件。

而且，你实际上并没有从尝试再次登录阻断blockedIPS，你应该确保你避免这些IP来自登录，无论失败的尝试。

E.g.

if ($ipBlock->rowCount() >= 1) { 
    // IP has been blocked already 
    echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.'); 
    // prevent further access 
} else { 
// do the rest, including blocking IP here 
}