Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $stmtB = $con->prepare("SELECT id_user,username,password,logindatetime, CASE WHEN logindatetime BETWEEN DATE_SUB( NOW() , INTERVAL 2 MINUTE ) AND NOW() THEN '1' ELSE '0' END as logueado FROM users where username=? OR email=? AND active=? LIMIT 1");
- $stmtB->bind_param("ssi",$username,$username,$active);
- <?php
- session_start();
- if (isset($_POST)) {
- $message= $username = $password = $usernameBD = $passwordDB = NULL;
- $captcha = true;
- $logueado = false;
- $attemptsIP = 8;
- $attemptsU = 5;
- if(isset($_POST) && isset($_POST["vcode"]) && $_POST["vcode"]!=$_SESSION["vcode"]) {
- $captcha = false;
- $message = "Written characters do not match the verification word. Try again.";
- }else{
- unset($_SESSION['id_user']);
- }
- $addres = $_SERVER['REMOTE_ADDR'];
- require_once'app/php/config.ini.php';
- $stmtA = $con->prepare("SELECT attempts FROM failed_attempt WHERE ip=? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");
- $stmtA->bind_param("s",$addres);
- $stmtA->execute();
- $stmtA->store_result();
- $check_result = $stmtA->num_rows;
- if ($stmtA->num_rows===1) {
- $stmtA->bind_result($failed_login_attempt);
- $stmtA->fetch();
- $stmtA->close();
- } else {
- $stmtA->close();
- $failed_login_attempt=0;
- }
- if(count($_POST)>0 && $captcha == true) {
- $username = $_POST["username"] ?: '';
- $password = $_POST["password"] ?: '';
- $stmtB = $con->prepare("SELECT id_user,username,password,logindatetime, CASE WHEN logindatetime BETWEEN DATE_SUB( NOW() , INTERVAL 2 MINUTE ) AND NOW() THEN '1' ELSE '0' END as logueado FROM users where username=? OR email=? AND active=? LIMIT 1");
- $stmtB->bind_param("ssi",$username,$username,$active);
- $active=1;
- $stmtB->execute();
- $stmtB->store_result();
- if ($stmtB->num_rows===1) {
- $stmtB->bind_result($id_userBD,$usernameBD,$passwordDB,$logindatetime,$activeBD);
- if ($stmtB->fetch()){
- if (password_verify($password, $passwordDB)) {
- $check_password = true;
- } else {
- $check_password = false;
- }
- } $stmtB->close();
- } else {
- $stmtB->close();
- $check_password = false;
- }
- if($check_result===0){
- $stmtC = $con->prepare("INSERT INTO failed_attempt (ip,attempts,datetime) VALUES (?, ?, NOW())");
- $stmtC->bind_param("si",$addres,$attempts);
- $attempts = 1;
- //$datetime = date('Y-m-d H:i:s', time());
- $stmtC->execute();
- $stmtC->close();
- } else {
- if($failed_login_attempt<$attemptsIP){
- $accountant = $failed_login_attempt + 1;
- $stmtD = $con->prepare("UPDATE failed_attempt SET attempts=?, datetime=NOW() WHERE ip = ?");
- $stmtD->bind_param("is",$accountant,$addres);
- //$datetime = date('Y-m-d H:i:s', time());
- $stmtD->execute();
- $stmtD->close();
- }
- }
- if ($username==$usernameBD && $check_password == true && $logindatetime!=NULL && $activeBD==1) {
- $logueado = true;
- } else {
- $attempU = 0;
- if($usernameBD!= null && $usernameBD!=''){
- $id_user = $id_userBD;
- $stmtE = $con->prepare("SELECT attempts FROM failed_login WHERE id_user =? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 15 MINUTE ) AND NOW() ");
- $stmtE->bind_param("i",$id_user);
- $stmtE->execute();
- $stmtE->store_result();
- $queryResult = $stmtE->num_rows;
- if ($queryResult===0) {
- $stmtF = $con->prepare("INSERT INTO failed_login (id_user, attempts, ip, datetime) VALUES (?, ?, ?, NOW())");
- $stmtF->bind_param("iis",$id_user,$attempts,$addres);
- $attempts=1;
- $stmtF->execute();
- $stmtF->close();
- } else {
- $stmtE->bind_result($attempU_BD);
- $stmtE->fetch();
- $attempU = $attempU_BD+1;
- if ($attempU_BD<$attemptsU) {
- $stmtG = $con->prepare("UPDATE failed_login SET attempts=?, ip = ?, datetime=NOW() where id_user =?");
- $stmtG->bind_param("isi",$attempU,$addres,$id_user);
- $stmtG->execute();
- $stmtG->close();
- }
- } $stmtE->close();
- }
- }
- if (empty($username) || empty($password)) {
- $message = "You need to enter a username and password";
- } elseif($failed_login_attempt>=$attemptsIP){
- $message = "'IP' blocked for 1 day";
- } elseif($logueado){
- $message = "'User' is already logged in.";
- } elseif($attempU>=$attemptsU){
- $message = "'User' blocked for 15 minutes";
- } elseif ($username != $usernameBD) {
- $message = "The 'User' you entered does not match.";
- } elseif ($check_password == false) {
- $message = "Your entered 'Password' does not match.";
- } else {
- $_SESSION["id_user"] = $id_userBD;
- }
- if(isset($_SESSION["id_user"])) {
- echo '<script>window.location="index.php"</script>';
- }
- }
- }
- ?>
- <?php include 'themes/template/header.php'; ?>
- <div id="login" class="center">
- <div class="container">
- <div class="access">
- <h2>ENTER HERE.</h2>
- <h1><?php if($message!="") { echo $message; } ?></h1>
- <form name="frmUser" action="#" method="post">
- <input class="form-one" type="text" name="username" placeholder="Email">
- <input class="form-one" type="password" name="password" placeholder="Password">
- <?php if (isset($failed_login_attempt) && $failed_login_attempt >= 3) { ?>
- <br><img src="image.php" id="phoca-captcha"/>
- <input name="vcode" type="text" placeholder="Codigo captcha">
- <?php } ?>
- <ul class="recovery">
- <li>
- <input class="checkbox-one" type="checkbox" id="brand1" value="">
- <label for="brand1"><span></span>Remember me</label>
- <a href="#" class="TransitionEffects">Forgot your password?</a>
- </li>
- </ul>
- <div class="wrapper">
- <input class="btnAccess" type="submit" id="button-login" value="LOG IN">
- <p class="MaTopForty letter-spacing-one">Register New Account <span>→</span> <a class="subscribe" href="#"> ¡Subscribe!</a></p>
- <div class="clear"></div>
- </div>
- </form>
- </div>
- </div>
- </div>
- <?php include 'themes/template/footer.php'; ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement