Home/ Questions/Q 1467
Alex Hales
  • 0
Teacher
Asked: 2022-05-30T17:13:33+00:00

php – The login attempt counter is not working as it should

  • 0

[ad_1]

I have the following login.php file with the following content:

<?php
require 'db.php';
require '../functions/log_attempts.php';

session_start();

// Jeżeli sesja istnieje, przekierowuje do index.php
if(isset($_SESSION['IS_LOGIN'])) {
        header('Location: index.php');
}

if(isset($_POST['submit'])) {
    
// Limit prób logowania
$bantime = time()-30;
$ip_address = getIpAddr();

// Sprawdzenie ilości prób logowania
$check_attempts = mysqli_query($connect, "SELECT count(*) as total_count FROM login_attempts WHERE log_times > $bantime and ip='$ip_address'");
$check_login_row = mysqli_fetch_assoc( $check_attempts);
$total_count = $check_login_row['total_count'];

if($total_count==3) {
    echo '<div class="alert-box error">Osiągnięto limit prób logowania. Spróbuj ponownie po 30 sekundach.</div>';
}
else {
$login = mysqli_real_escape_string($connect, $_POST['login']);
$password = mysqli_real_escape_string($connect, $_POST['password']);

$sql = "SELECT * FROM accounts WHERE login = '".$login."'";
$result = mysqli_query($connect, $sql);
$numRows = mysqli_num_rows($result);

if($numRows == 1) {
        $row = mysqli_fetch_assoc($result);
        if(password_verify($password, $row['password'])) {

                session_start();
                $_SESSION['IS_LOGIN'] = true;
                mysqli_query($connect, "DELETE FROM login_attempts WHERE ip='$ip_address'");
                $_SESSION['login'] = $row['login'];
                $_SESSION['password'] = $row['password'];
                header('Location: index.php');
                exit();

        }
        else {
                
                $total_count++;
                $rem_attempts = 3-$total_count;

                if ($rem_attempts==0) {
                echo '<div class="alert-box error">
                Osiągnięto limit prób logowania. Spróbuj ponownie po 30 sekundach.</div>';
                } else {

                echo '<div class="alert-box error">
                Nieprawidłowe dane logowania.<br>Pozostało prób: '.$rem_attempts.'</div>';
                }
                
                $try_time=time();
                mysqli_query($connect, "INSERT INTO login_attempts(id, ip, log_times) VALUES ('','".$ip_address."','".$try_time."')");
        }
}
else {
        echo '<div class="alert-box error">
        Nieprawidłowe dane logowania.</div>';
}
}
}
$connect->close();
?>

log_attempts.php:

<?php
require 'db.php';

function getIpAddr() {
    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
        $ipAddr=$_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
        $ipAddr=$_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ipAddr=$_SERVER['REMOTE_ADDR'];
    }
    return $ipAddr;
}


?>

and database:

CREATE TABLE `login_attempts` (
    `id` INT(11) NOT NULL,
    `ip` VARBINARY(16) NOT NULL,
    `log_times` BIGINT(20) NOT NULL
)
COLLATE='utf8_general_ci'
ENGINE=InnoDB
;

and after entering the wrong password to the existing login, it keeps writing that there are 2 attempts left, and no record to the login_attempts database is registered, what went wrong? I took the counter code from this source: http://phpgurukul.com/how-to-limit-login-attempt-using-php-and-mysql/

[ad_2]

Share
Leave an answer

Leave an answer

Browse

Stats

  • Questions : 43k