我目前正在开发一个系统.我已经在我的登录模块中完成了但我想进行一些登录尝试.用户只有3次登录尝试,如果超过3次限制,该用户的电子邮件将被停用,否则将被罚5分钟.
我不知道如何开始它,但我知道的事情; 您需要获取用户的IP地址,检查该电子邮件的尝试次数.
用户表
name (varchar)
email (varchar)
password (varchar)
confirm password (varchar)
attempts (int)
ip_address (varchar)
status (varchar)
调节器
public function login()
{
if($this->form_validation->run('login_validate') == FALSE)
{
echo json_encode(validation_errors());
}
else
{
$email = clean_data($this->input->post('email'));
$password = clean_data($this->input->post('password'));
$where = array('email'=>$email);
$get_user = $this->Crud_model->fetch_tag_row('*','users',$where);
if($get_user)
{
$check_password = $get_user->password;
if($this->session->tempdata('penalty'))
{
echo json_encode("Your account is ". $_SESSION['penalty']. " on penalty");
}
else
{
if(password_verify($password,$check_password))
{
if($get_user->status == 'Active')
{
$user_session = [
'id' => $get_user->id,
'first_name' => $get_user->first_name,
'middle_name' => $get_user->middle_name,
'last_name' => $get_user->last_name,
'email' => $get_user->email,
];
$this->session->set_userdata('logged_in',$user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] .' '. $session['middle_name'] .' '. $session['last_name'];
echo json_encode("success");
}
else if ($get_user->status == 'Inactive')
{
echo json_encode("Your account is inactive. Contact our human resource department regarding this problem.");
}
}
else
{
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if($attempt == 3)
{
echo json_encode("Your account is locked");
$this->session->set_tempdata('penalty', true, 10);
$this->session->set_userdata('attempt', 0);
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
}
else
{
echo json_encode("Invalid Credentials");
}
}
}
注意:以上是我的登录功能.它工作正常(我对字段的验证,如果帐户存在,用户名和密码正确等).fetch-> tag-> row只能获取特定的行
问题:任何人都可以启发或指导我如何进行登录尝试吗?
我不认为你需要使用IP,如果你使用会话变量怎么办?
例如,打开登录页面时,sess var将设置为0,并且在每个错误上将其增加1.
另外,在验证用户并通过之前检查sess var是否小于或等于3,如果是,则给出他们需要等待的消息,如果不是,则处理登录.
现在,如果你想要的是在再次尝试之前实施5分钟的惩罚,你可以在session var中使用tempdata,如果temp数据设置为true,它仍然处于惩罚时间,如果没有,你可以处理登录.
你可以参考这里
public function login() {
if ($this->form_validation->run('login_validate') == FALSE) {
echo json_encode(validation_errors());
} else {
$email = $this->input->post('email');
$password = $this->input->post('password');
$where = array('email' => $email);
$get_user = $this->Crud_model->fetch_tag_row('*', 'users', $where);
if ($get_user) {
$check_password = $get_user->password;
if($this->session->tempdata('penalty')){
//Shows code that user is on a penalty
}else{
if (password_verify($password, $check_password)) {
if ($get_user->status == 'Active') {
$user_session = ['id' => $get_user->id, 'first_name' => $get_user->first_name, 'middle_name' => $get_user->middle_name, 'last_name' => $get_user->last_name, 'email' => $get_user->email,];
$this->session->set_userdata('logged_in', $user_session);
$session = $this->session->userdata('logged_in');
$this->session->user_id = $session['id'];
$this->session->email = $session['email'];
$this->session->fullname = $session['first_name'] . ' ' . $session['middle_name'] . ' ' . $session['last_name'];
echo json_encode("success");
} elseif ($get_user->status == 'Inactive') {
echo json_encode("Your account is inactive.");
}
} else {
$attempt = $this->session->userdata('attempt');
$attempt++;
$this->session->set_userdata('attempt', $attempt);
if ($attempt == 3) {
echo json_encode("Your account is locked");
$this->db->set('attempts', 'attempts+120', FALSE);
$this->db->where($where);
$this->db->update('users'); // gives UPDATE mytable SET field = field+1 WHERE id = 2
$attempt = 0;
//code for setting tempdata when reached maximun tries
$this->session->set_tempdata('penalty', true, 300); //set the name of the sess var to 'penalty, the value will be true and will expire within 5 minutes (expressed in sec.)
} else {
echo json_encode("Invalid Credentials");
}
}
}
} else {
echo json_encode("No account found");
}
}
}
希望它有效