Advertisement
Guest User

Untitled

a guest
Sep 25th, 2017
86
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.48 KB | None | 0 0
  1. $stmtB = $con->prepare("SELECT id_user,username,password,logindatetime, CASE WHEN logindatetime BETWEEN DATE_SUB( NOW() , INTERVAL 2 MINUTE ) AND NOW() THEN '1' ELSE '0' END as logueado FROM users where username=? OR email=? AND active=? LIMIT 1");
  2.  
  3. $stmtB->bind_param("ssi",$username,$username,$active);
  4.  
  5. <?php
  6. session_start();
  7. if (isset($_POST)) {
  8. $message= $username = $password = $usernameBD = $passwordDB = NULL;
  9. $captcha = true;
  10.  
  11. $logueado = false;
  12.  
  13. $attemptsIP = 8;
  14.  
  15. $attemptsU = 5;
  16.  
  17. if(isset($_POST) && isset($_POST["vcode"]) && $_POST["vcode"]!=$_SESSION["vcode"]) {
  18. $captcha = false;
  19. $message = "Written characters do not match the verification word. Try again.";
  20. }else{
  21. unset($_SESSION['id_user']);
  22. }
  23.  
  24. $addres = $_SERVER['REMOTE_ADDR'];
  25.  
  26.  
  27. require_once'app/php/config.ini.php';
  28.  
  29. $stmtA = $con->prepare("SELECT attempts FROM failed_attempt WHERE ip=? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");
  30.  
  31. $stmtA->bind_param("s",$addres);
  32. $stmtA->execute();
  33. $stmtA->store_result();
  34. $check_result = $stmtA->num_rows;
  35. if ($stmtA->num_rows===1) {
  36. $stmtA->bind_result($failed_login_attempt);
  37. $stmtA->fetch();
  38. $stmtA->close();
  39. } else {
  40. $stmtA->close();
  41. $failed_login_attempt=0;
  42. }
  43.  
  44. if(count($_POST)>0 && $captcha == true) {
  45. $username = $_POST["username"] ?: '';
  46. $password = $_POST["password"] ?: '';
  47.  
  48. $stmtB = $con->prepare("SELECT id_user,username,password,logindatetime, CASE WHEN logindatetime BETWEEN DATE_SUB( NOW() , INTERVAL 2 MINUTE ) AND NOW() THEN '1' ELSE '0' END as logueado FROM users where username=? OR email=? AND active=? LIMIT 1");
  49. $stmtB->bind_param("ssi",$username,$username,$active);
  50. $active=1;
  51. $stmtB->execute();
  52. $stmtB->store_result();
  53. if ($stmtB->num_rows===1) {
  54. $stmtB->bind_result($id_userBD,$usernameBD,$passwordDB,$logindatetime,$activeBD);
  55. if ($stmtB->fetch()){
  56. if (password_verify($password, $passwordDB)) {
  57. $check_password = true;
  58. } else {
  59. $check_password = false;
  60. }
  61. } $stmtB->close();
  62. } else {
  63. $stmtB->close();
  64. $check_password = false;
  65. }
  66.  
  67. if($check_result===0){
  68. $stmtC = $con->prepare("INSERT INTO failed_attempt (ip,attempts,datetime) VALUES (?, ?, NOW())");
  69. $stmtC->bind_param("si",$addres,$attempts);
  70.  
  71. $attempts = 1;
  72. //$datetime = date('Y-m-d H:i:s', time());
  73. $stmtC->execute();
  74. $stmtC->close();
  75.  
  76. } else {
  77.  
  78. if($failed_login_attempt<$attemptsIP){
  79. $accountant = $failed_login_attempt + 1;
  80. $stmtD = $con->prepare("UPDATE failed_attempt SET attempts=?, datetime=NOW() WHERE ip = ?");
  81. $stmtD->bind_param("is",$accountant,$addres);
  82. //$datetime = date('Y-m-d H:i:s', time());
  83. $stmtD->execute();
  84. $stmtD->close();
  85. }
  86. }
  87.  
  88. if ($username==$usernameBD && $check_password == true && $logindatetime!=NULL && $activeBD==1) {
  89. $logueado = true;
  90. } else {
  91. $attempU = 0;
  92.  
  93. if($usernameBD!= null && $usernameBD!=''){
  94.  
  95. $id_user = $id_userBD;
  96.  
  97. $stmtE = $con->prepare("SELECT attempts FROM failed_login WHERE id_user =? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 15 MINUTE ) AND NOW() ");
  98. $stmtE->bind_param("i",$id_user);
  99. $stmtE->execute();
  100. $stmtE->store_result();
  101. $queryResult = $stmtE->num_rows;
  102.  
  103. if ($queryResult===0) {
  104. $stmtF = $con->prepare("INSERT INTO failed_login (id_user, attempts, ip, datetime) VALUES (?, ?, ?, NOW())");
  105. $stmtF->bind_param("iis",$id_user,$attempts,$addres);
  106. $attempts=1;
  107. $stmtF->execute();
  108. $stmtF->close();
  109. } else {
  110. $stmtE->bind_result($attempU_BD);
  111. $stmtE->fetch();
  112.  
  113. $attempU = $attempU_BD+1;
  114.  
  115. if ($attempU_BD<$attemptsU) {
  116. $stmtG = $con->prepare("UPDATE failed_login SET attempts=?, ip = ?, datetime=NOW() where id_user =?");
  117. $stmtG->bind_param("isi",$attempU,$addres,$id_user);
  118. $stmtG->execute();
  119. $stmtG->close();
  120. }
  121.  
  122. } $stmtE->close();
  123. }
  124. }
  125.  
  126. if (empty($username) || empty($password)) {
  127. $message = "You need to enter a username and password";
  128. } elseif($failed_login_attempt>=$attemptsIP){
  129. $message = "'IP' blocked for 1 day";
  130. } elseif($logueado){
  131. $message = "'User' is already logged in.";
  132. } elseif($attempU>=$attemptsU){
  133. $message = "'User' blocked for 15 minutes";
  134. } elseif ($username != $usernameBD) {
  135. $message = "The 'User' you entered does not match.";
  136. } elseif ($check_password == false) {
  137. $message = "Your entered 'Password' does not match.";
  138. } else {
  139. $_SESSION["id_user"] = $id_userBD;
  140. }
  141. if(isset($_SESSION["id_user"])) {
  142. echo '<script>window.location="index.php"</script>';
  143. }
  144. }
  145. }
  146. ?>
  147. <?php include 'themes/template/header.php'; ?>
  148. <div id="login" class="center">
  149. <div class="container">
  150. <div class="access">
  151. <h2>ENTER HERE.</h2>
  152. <h1><?php if($message!="") { echo $message; } ?></h1>
  153. <form name="frmUser" action="#" method="post">
  154. <input class="form-one" type="text" name="username" placeholder="Email">
  155. <input class="form-one" type="password" name="password" placeholder="Password">
  156. <?php if (isset($failed_login_attempt) && $failed_login_attempt >= 3) { ?>
  157. <br><img src="image.php" id="phoca-captcha"/>
  158. <input name="vcode" type="text" placeholder="Codigo captcha">
  159. <?php } ?>
  160. <ul class="recovery">
  161. <li>
  162. <input class="checkbox-one" type="checkbox" id="brand1" value="">
  163. <label for="brand1"><span></span>Remember me</label>
  164. <a href="#" class="TransitionEffects">Forgot your password?</a>
  165. </li>
  166. </ul>
  167. <div class="wrapper">
  168. <input class="btnAccess" type="submit" id="button-login" value="LOG IN">
  169. <p class="MaTopForty letter-spacing-one">Register New Account <span>→</span> <a class="subscribe" href="#"> ¡Subscribe!</a></p>
  170. <div class="clear"></div>
  171. </div>
  172. </form>
  173. </div>
  174. </div>
  175. </div>
  176. <?php include 'themes/template/footer.php'; ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement