<?phpif(isset($_POST['submit'])){ ///////////////////////DATABASE/////

1.  
2.  
3. <?php
4.  
5. if(isset($_POST['submit'])){
6. ///////////////////////DATABASE/////////////////////////////////
7. $servername = "localhost";
8. $username = "root";
9. $password = "";
10. $dbName="exc1";
11. // Create connection
12. $conn = new mysqli($servername, $username, $password,$dbName);
13.  
14. // Check connection
15. if (!$conn) {
16. die("Connection failed: " . mysqli_connect_error());
17. }
18.  
19. $dbUserInputName=fnSanitizeUserInputString($_POST["input-UserName"]); /////////////////////// USERNAME INPUT////////////////////////////
20. $dbUserInputPassword=fnPasswordHash(fnSanitizeUserInputString($_POST["input-Password"]));
21. echo("<br>".$dbUserInputPassword);
22. ////////////////// PASSWORD INPUT//////////////////////
23. fnCompareLogin($dbUserInputName,$dbUserInputPassword,$conn);
24. }
25. else{
26. fnPrintHtml();
27. }
28.  
29.  
30. function fnPasswordHash($input){
31. $peper="best project ever!";
32. $hash= password_hash($input.$peper,PASSWORD_DEFAULT);
33. return $hash;
34. }
35.  
36.  
37. function fnBlockCount($username,$conn){// count wrong attempts and insert time to database after 3rd time
38. $sql="SELECT blockCounter, timeBlock FROM users WHERE username='$username'";
39. $result=$conn->query($sql);
40. while ($row = mysqli_fetch_object($result)) {
41. $result = $row->blockCounter;
42. if($result>=3){
43. $sql="UPDATE `users` SET `timeBlock`=NOW(), blockCounter=0 WHERE username='$username'";
44. $conn->query($sql);
45. return True;
46. }
47. else{
48. return False;
49. }
50. }
51. }
52.  
53. function fnCheckTime($usernameee,$conn){// check if its 5 minutes after the block time
54. $now = date("Y-m-d H:i:s");
55. $sql1="SELECT * FROM users WHERE username='$usernameee'";
56. $result1=$conn->query($sql1);
57.  
58. while ($row = mysqli_fetch_object($result1)) {
59. $result = $row->timeBlock;
60. $dResult = explode(":", $result);
61. $pointer=true;
62.  
63. $dResult[1]=$dResult[1]+5;
64. $dResult=join(":",$dResult);
65. if($dResult>=$now){
66. $pointer=False;
67. }
68. else{
69. $pointer=True;
70. }
71. return $pointer;
72.  
73. }
74. }
75.  
76. function fnCompareLogin($inputUsername,$inputPassword,$conn){
77. $isBlocked=fnCheckTime($inputUsername,$conn);
78. if($isBlocked==False){
79. echo("blocked");
80. fnPrintHtml();
81. }
82. else{
83. $blocker=fnBlockCount($inputUsername,$conn);
84. if($blocker){
85. echo("blocked");
86. fnPrintHtml();
87. }
88. else{
89.  
90. $sql="SELECT * FROM users WHERE username='$inputUsername' and password='$inputPassword'";
91. $result=$conn->query($sql);
92. $result=$result->num_rows;
93. if($result==0){
94. $sql="UPDATE `users` SET `blockCounter`=blockCounter+1,`timeBlock`=timeBlock WHERE username='$inputUsername'";
95. $conn->query($sql);
96. echo("incorrect credentials");
97. fnPrintHtml();
98. }
99. elseif ($result==1){
100. echo("correct credentials");
101. }
102. else{
103. echo("error");
104. }
105. }
106. }
107. }
108.  
109. function fnSanitizeUserInputString($input){
110.  
111. $newstr = filter_var($input, FILTER_SANITIZE_STRING);
112. return $newstr;
113.  
114. }
115. function fnPrintHtml(){
116. echo('<form action="" method="POST">
117. <label for="input-UserName">Username:</label>
118. <input id="input-UserName" name="input-UserName" type="text" value="test1">
119. <label for="input-Password">Password:</label>
120. <input id="input-Password" name="input-Password" type="password" value="tes1">
121. <input name="submit" value="Send" type="submit">
122. </form>');
123.  
124. }
125.  
126. ?>