php – 使用Codeigniter限制登录尝试3次
发布时间:2020-12-13 21:57:18 所属栏目:PHP教程 来源:网络整理
导读:我目前正在开发一个系统.我已经在我的登录模块中完成了但我想进行一些登录尝试.用户只有3次登录尝试,如果超过3次限制,该用户的电子邮件将被停用,否则将被罚5分钟. 我不知道如何开始它,但我知道的事情;您需要获取用户的IP地址,检查该电子邮件的尝试次数. 用户
|
我目前正在开发一个系统.我已经在我的登录模块中完成了但我想进行一些登录尝试.用户只有3次登录尝试,如果超过3次限制,该用户的电子邮件将被停用,否则将被罚5分钟.
我不知道如何开始它,但我知道的事情;您需要获取用户的IP地址,检查该电子邮件的尝试次数. 用户表 name (varchar) email (varchar) password (varchar) confirm password (varchar) attempts (int) ip_address (varchar) status (varchar) 调节器 public function login()
{
if($this->form_validation->run('login_validate') == FALSE)
{
echo json_encode(validation_errors());
}
else
{
$email = clean_data($this->input->post('email'));
$password = clean_data($this->input->post('password'));
$where = array('email'=>$email);
$get_user = $this->Crud_model->fetch_tag_row('*','users',$where);
if($get_user)
{
$check_password = $get_user->password;
if($this->session->tempdata('penalty'))
{
echo json_encode("Your account is ". $_SESSION['penalty']. " on penalty");
}
else
{
if(password_verify($password,$check_password))
{
if($get_user->status == 'Active')
{
$user_session = [
'id' => $get_user->id,'first_name' => $get_user->first_name,'middle_name' => $get_user->middle_name,'last_name' => $get_user->last_name,'email' => $get_user->email,];
$this->session->set_userdata('logged_in',$user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] .' '. $session['middle_name'] .' '. $session['last_name'];
echo json_encode("success");
}
else if ($get_user->status == 'Inactive')
{
echo json_encode("Your account is inactive. Contact our human resource department regarding this problem.");
}
}
else
{
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt',$attempt);
if($attempt == 3)
{
echo json_encode("Your account is locked");
$this->session->set_tempdata('penalty',true,10);
$this->session->set_userdata('attempt',0);
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
注意:以上是我的登录功能.它工作正常(我对字段的验证,如果帐户已存在,用户名和密码正确等).fetch-> tag->行只能获取特定的行 问题:任何人都可以启发或指导我如何进行登录尝试吗? 解决方法
我不认为你需要使用IP,如果你使用会话变量怎么办?
例如,打开登录页面时,sess var将设置为0,并且在每个错误上将其增加1. 另外,在验证用户并通过之前检查sess var是否小于或等于3,如果是,则给出他们需要等待的消息,如果不是,则处理登录. 现在,如果你想要的是在再次尝试之前实施5分钟的惩罚,你可以在session var中使用tempdata,如果temp数据设置为true,它仍然处于惩罚时间,如果没有,你可以处理登录. 你可以参考Here public function login() {
if ($this->form_validation->run('login_validate') == FALSE) {
echo json_encode(validation_errors());
} else {
$email = $this->input->post('email');
$password = $this->input->post('password');
$where = array('email' => $email);
$get_user = $this->Crud_model->fetch_tag_row('*',$where);
if ($get_user) {
$check_password = $get_user->password;
if($this->session->tempdata('penalty')){
//Shows code that user is on a penalty
}else{
if (password_verify($password,$check_password)) {
if ($get_user->status == 'Active') {
$user_session = ['id' => $get_user->id,'first_name' => $get_user->first_name,'middle_name' => $get_user->middle_name,'last_name' => $get_user->last_name,'email' => $get_user->email,];
$this->session->set_userdata('logged_in',$user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] . ' ' . $session['middle_name'] . ' ' . $session['last_name'];
echo json_encode("success");
} elseif ($get_user->status == 'Inactive') {
echo json_encode("Your account is inactive.");
}
} else {
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt',$attempt);
if ($attempt == 3) {
echo json_encode("Your account is locked");
$this->db->set('attempts','attempts+120',FALSE);
$this->db->where($where);
$this->db->update('users'); // gives UPDATE mytable SET field = field+1 WHERE id = 2
$attempt = 0;
//code for setting tempdata when reached maximun tries
$this->session->set_tempdata('penalty',300); //set the name of the sess var to 'penalty,the value will be true and will expire within 5 minutes (expressed in sec.)
} else {
echo json_encode("Invalid Credentials");
}
}
}
} else {
echo json_encode("No account found");
}
}
}
希望它有效 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |