1
处于困境因此Im ..登录日志 - 发送电子邮件给管理员一旦
我已经创建了我的班,工作正常,象电子邮件的发送然而,如果用户保持按压登录它会一遍又一遍地发送电子邮件,它只应该发送一次。我要么把它放在错误的地方或者我需要添加别的东西给它,而我是有点失落。
这里是我的代码:
public function login($username, $password)
{
if (!empty($username) || !empty($password))
{
$ip = $_SERVER['REMOTE_ADDR'];
$stmt = $this->run("SELECT * FROM `users` WHERE `username` = ?");
$stmt->execute([$username]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$blocked = $this->run("SELECT count(*) FROM `failedLogins` WHERE `ipAddress` = ?");
$blocked->execute([$ip]);
$re = $blocked->fetchColumn();
$ipBlock = $this->run("SELECT * FROM `blockedIPS` WHERE `ip` = ?");
$ipBlock->execute([$ip]);
if ($re <= 6) {
if ($ipBlock->rowCount() == 0)
{
if ($stmt->rowCount() > 0) {
if (password_verify($password, $row['password'])) {
$_SESSION['user_session'] = $row['userid'];
$stmt = $this->run("UPDATE `users` SET `loginCount` = `loginCount` + 1, `loginIP` = ? WHERE `username` = ?");
$stmt->execute([$ip, $username]);
$add = $this->run("INSERT INTO `loginLog` (`username`,`ipAddress`, `date`) VALUES (?,?, NOW())");
$add->execute([$username, $ip]);
$this->redirect('home');
} else {
$stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`,`reason`) VALUES (?,?,?,NOW(),'Incorrect Password')");
$stmt->execute([$username, $password, $ip]);
echo Common::warning('The password you have entered is incorrect');
}
} else {
$stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`, `reason`) VALUES (?,?,?,NOW(), 'Username guess, possible brute force')");
$stmt->execute([$username, $password, $ip]);
echo Common::error('This username doesn\'t exist.');
}
} else {
Common::emailAdmin("The following IP address has now been blocked from logging in: $ip");
echo Common::error('Your IP address has been blocked from accessing our website.');
}
} else {
$stmt = $this->run("INSERT INTO `blockedIPS`(`ip`,`date`) VALUES (?,NOW())");
$stmt->execute([$ip]);
echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.');
}
} else {
echo Common::warning('Please fill in both fields.');
}
}
机会是我已经放错了地方,但第二双眼睛扫视过来,告诉我在哪里我已经搞砸将是巨大的!
似乎做的伎俩:)我想我可能已经完成了与if语句的东西方块!现在,在与初始,IM允许失败的密码在未加密的去掺和这个..通常我不会,但你会建议反对? – Option
不会推荐它,因为你基本上是创建一个没有工作的密码的数据库。如果该信息不断得到泄露,你刚刚提供的不需要尝试密码的列表,从而减少了时间有人来暴力破解正确的。 –
非常真实的那里!我将哈希它在那种情况下甚至删除我猜,因为它不是拼命要求,更是一个日志。再次感谢! – Option