-1
ユーザーが最初にログインに失敗した場合は、タスク70-73を実行してから111にジャンプします。ただし、残されたチャンスが0になると、dbのfailedLogins値5行目から76行目までのステップを実行するはずですが、そうではありません。代わりに、左のチャンスに0を表示し、それがそれです。私の論理は正しいと確信していますが、コードはちょうど間違った場所に置かれています。ログインに失敗しました
// User is registered and verified
$query = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$row = mysqli_fetch_array($result);
$lockDate = $row['lockDate'];
// Find out if user is locked out of their account
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) <= time())) {
$currentDateTime = time();
$minutes = floor(($currentDateTime-$lockDate)/60);
// Take minutes and perform tasks
if ($lockDate > 0 && $minutes < 10) {
// Calculate time remaining
$timeRemaining = 10 - $minutes;
// Account locked error
$output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. You must wait ' .$timeRemaining.' minutes before you can log in again!');
} else {
// Clear the lock
$query = "UPDATE manager_users_logins_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
}
} else {
// Escape post data
$password = mysqli_real_escape_string($dbc,$_POST['password']);
// Assign hashed password to variable
$regenFromPostPW = reGenPassHash($password, $passwordDB2);
// Comparing the database password with the posted password
if ($passwordDB == $regenFromPostPW) {
$query2 = "UPDATE manager_users_logins SET numberOfLogins = numberOfLogins + 1, lastOnline = CURRENT_TIMESTAMP WHERE userID = '".$userID."'";
$result2 = mysqli_query($dbc,$query2);
// Assign user data into an array
$loggedinUserDataArray = array('userID' => $userID, 'name' => $firstName . " " . $lastName);
// Assign user data array to new session
$_SESSION['user_data'] = $loggedinUserDataArray;
// See if the remember me checkbox was checked
if (isset($_POST['remember'])) {
// Sets an expiration time for the cookie
$myExpiration = time()+60*60*24*100;
// Sets the cookie for the username
setcookie("username", $username, $myExiration, "/");
}
// Succesful login complete
$output = array('errorsExist' => false, 'message' => 'You have been logged in, please allow a moment while we load your account data!');
} else {
// Login unsuccessful
$query = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$row = mysqli_fetch_array($result);
$failedLogins = $row['failedLogins'];
// Take failed logins and compare it
if ($row['failedLogins'] >= 5) {
// Retrieve IP Address of user trying to hack into account
$hackerIPAddress = $_SERVER['REMOTE_ADDR'];
// Update database after account getting hacked and run query
$query = "UPDATE manager_users_logins_hacking SET lockDate = CURRENT_TIMESTAMP, hackerIPAddress = '".$hackerIPAddress."' WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$query2 = "SELECT * FROM manager_users WHERE userID = '".$userID."'";
$result2 = mysqli_query($dbc,$query2);
$row = mysqli_fetch_array($result2);
$firstName = $row['firstName'];
$lastName = $row['lastName'];
// Email user new registration account
function my_domain_name() {
$my_domain = $_SERVER['HTTP_HOST'];
$my_domain = str_replace('www.', '', $my_domain);
return $my_domain;
}
$sender_email = "[email protected]";
$reply_to = "[email protected]";
$recipient_email = $email;
$email_subject = "KOW Manager Account Locked";
$email_body = 'Hello '.$firstName.' '.$lastName.' You, or someone using your account at '.my_domain_name().', has attempted to hack into your account. If this is an error, ignore this email and you will be removed from our mailing list.<br /><br />Regards, '.my_domain_name().' Team';
mailSomeone($email, $sender_email, $email_subject, $email_body);
// Account locked error
$output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s! You must wait 10 minutes before you can login again!');
} else {
$query = "UPDATE manager_users_logins_hacking SET failedLogins = '".$failedLogins."'+ 1 WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
$query2 = "SELECT * FROM manager_users_logins_hacking WHERE userID = '".$userID."'";
$result2 = mysqli_query($dbc,$query2);
$row2 = mysqli_fetch_array($result2);
$failedLogins = $row2['failedLogins'];
// Calculate how many chances the user has to login before account gets locked
$chancesLeft = 5 - $failedLogins;
// Invalid username and password error
$output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' chances left to login succesfully or the account will be locked!');
}
}
}
ここに投稿されました。笑 –
どちらの行はどちらですか? – deceze
多くのifとmixed SQLクエリ、検証、ビジネスロジックがあるため、コードを理解するのは難しいです。読者があなたが期待していることを理解するのに役立つ行番号を提供していますが、SOは行番号を表示せず、ペーストビンは「現在重い負荷がかかっています」ので、これは役に立ちません。私は最初にリファクタリングコードを提案してから、あなたのバグがどこにあるのかを見てみるか、私たちのコードを再度表示して、あなたに手伝ってください。 –