Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $message="";
- $captcha = true;
- $con = @new mysqli('localhost', 'root', '', 'system');
- if(count($_POST)>0 && isset($_POST["vcode"]) && $_POST["vcode"]!=$_SESSION["vcode"]) {
- $captcha = false;
- $message = "Los caracteres escritos no coinciden con la palabra de verificación. Inténtalo de nuevo.";
- }
- $ip = $_SERVER['REMOTE_ADDR'];
- //Bloqueamos la ip por un día
- $result = mysqli_query($con,"SELECT * FROM failed_login WHERE ip='$ip' AND date BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");
- $row = mysqli_fetch_assoc($result);
- //Obtenemos datos para comprar intentos y para resetear intentos por su ultimo fecha.
- $failed_login_attempt = mysqli_real_escape_string($con,$row['attempts']);
- //Liberamos memoria.
- mysqli_free_result($result);
- if(count($_POST)>0 && $captcha == true) {
- $username = mysqli_real_escape_string($con, $_POST["username"]);
- $password = mysqli_real_escape_string($con, $_POST["password"]);
- $username = htmlentities($username);
- $password = htmlentities($password);
- $save_passw = sha1($password);
- $sql = "SELECT * fROM users where username='$username' AND password='$save_passw' AND active='1' ";
- $query = mysqli_query($con, $sql);
- $rowU = mysqli_fetch_assoc($query);
- $UsernamaDB = mysqli_real_escape_string($con, $rowU["username"]);
- $passwordDB = mysqli_real_escape_string($con, $rowU["password"]);
- if($failed_login_attempt <1) {
- //Si es su primer intento fallido, incluimos el primer registro en la BD
- $con->query("INSERT INTO failed_login (ip,attempts,date) VALUES ('$ip', 1, NOW())");
- } else {
- if($failed_login_attempt <2){
- //En caso de ya estar en la BD, sacamos el valor y agregamos +1
- $contador = $row['attempts'] + 1;
- $con->query("UPDATE failed_login SET attempts='$contador', date=NOW() WHERE ip = '$ip'");
- }
- }
- if (empty($_POST) === false) {
- $username = $_POST['username']; $password = $_POST['password'];
- if (empty($username) === true || empty($password) === true) {
- $message = "Es necesario introducir un nombre de usuario y contraseña";
- } elseif ($username != $UsernamaDB) {
- $message = "El 'Usuario' que has introducido no coincide. ";
- } elseif ($save_passw != $passwordDB) {
- $message = "Tu 'Contraseña' introducido no coincide. ";
- }
- }
- }
- if(isset($_SESSION["id_user"])) {
- header("Location:index.php");
- }
- ?>
- <?php include 'themes/template/header.php'; ?>
- <div id="login" class="center">
- <div class="container">
- <div class="access">
- <h2>ENTRE AQUÍ.</h2>
- <h1><?php if($message!="") { echo $message; } ?></h1>
- <form name="frmUser" action="#" method="post">
- <input class="form-one" type="text" name="username" placeholder="username">
- <input class="form-one" type="password" name="password" placeholder="Password">
- <?php if (isset($failed_login_attempt) && $failed_login_attempt >= 1) { ?>
- <br><img src="image.php" id="phoca-captcha"/>
- <input name="vcode" type="text" placeholder="Codigo captcha">
- <?php } ?>
- <ul class="recovery">
- <li>
- <input class="checkbox-one" type="checkbox" id="brand1" value="">
- <label for="brand1"><span></span>Recordarme</label>
- <a href="#" class="TransitionEffects">¿Olvidó su contraseña?</a>
- </li>
- </ul>
- <div class="wrapper">
- <input class="btnAccess" type="submit" id="button-login" value="INICIAR SESIÓN">
- <p class="MaTopForty letter-spacing-one">Registrar Nueva Cuenta <span>→</span> <a class="registeraa" href="#"> ¡Registro gratis!</a></p>
- <div class="clear"></div>
- </div>
- </form>
- </div>
- </div>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement