Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- id_fail_attempt ip attempts datetime
- id id_user attempts ip datetime
- <?php
- session_start();
- if (isset($_POST)) {
- $message= $username = $password = $usernameBD = $passwordDB = NULL;
- $captcha = true;
- //logged in user indicator
- $logueado = false;
- //Number of attempts allowed for IP
- $attemptsIP = 8;
- //Number of attempts allowed for User
- $attemptsU = 5;
- if(isset($_POST) && isset($_POST["vcode"]) && $_POST["vcode"]!=$_SESSION["vcode"]) {
- $captcha = false;
- $message = "Written characters do not match the verification word. Try again.";
- }else{
- unset($_SESSION['id_user']);
- }
- $addres = $_SERVER['REMOTE_ADDR'];
- //Conexión -> SQL
- require_once'app/php/config.ini.php';
- //We block the ip for one day
- $stmtA = $con->prepare("SELECT attempts FROM failed_attempt WHERE ip=? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");
- $stmtA->bind_param("s",$addres);
- $stmtA->execute();
- $stmtA->store_result();
- //Variable to know if there is record or not for insert or update.
- $check_result = $stmtA->num_rows;
- if ($stmtA->num_rows===1) {
- //if ($stmtA->num_rows>0) {
- //We obtain data to compare attempts and to reset attempts by its last date.
- $stmtA->bind_result($failed_login_attempt);
- $stmtA->fetch();
- $stmtA->close();
- } else {
- $stmtA->close();
- $failed_login_attempt=0;
- }
- if(count($_POST)>0 && $captcha == true) {
- $username = $_POST["username"] ?: '';
- $password = $_POST["password"] ?: '';
- //Search for user - HOME
- $stmtB = $con->prepare("SELECT id_user,username,password,logindatetime, CASE WHEN logindatetime BETWEEN DATE_SUB( NOW() , INTERVAL 2 MINUTE ) AND NOW() THEN '1' ELSE '0' END as logueado FROM users where username=? AND active=? LIMIT 1");
- $stmtB->bind_param("si",$username,$active);
- $active=1;
- $stmtB->execute();
- $stmtB->store_result();
- if ($stmtB->num_rows===1) {
- $stmtB->bind_result($id_userBD,$usernameBD,$passwordDB,$logindatetime,$activeBD);
- if ($stmtB->fetch()){
- if (password_verify($password, $passwordDB)) {
- $check_password = true;
- } else {
- $check_password = false;
- }
- } $stmtB->close();
- } else {
- $stmtB->close();
- $check_password = false;
- }
- //Search for user - END
- //logs login attempts according to IP - HOME
- if($check_result===0){
- //If it is your first failed attempt, we include the first record in the BD
- $stmtC = $con->prepare("INSERT INTO failed_attempt (ip,attempts,datetime) VALUES (?, ?, NOW())");
- $stmtC->bind_param("si",$addres,$attempts);
- $attempts = 1;
- //$datetime = date('Y-m-d H:i:s', time());
- $stmtC->execute();
- $stmtC->close();
- } else {
- // update the number of attempts faild
- if($failed_login_attempt<$attemptsIP){
- $accountant = $failed_login_attempt + 1;
- $stmtD = $con->prepare("UPDATE failed_attempt SET attempts=?, datetime=NOW() WHERE ip = ?");
- $stmtD->bind_param("is",$accountant,$addres);
- //$datetime = date('Y-m-d H:i:s', time());
- $stmtD->execute();
- $stmtD->close();
- }
- }
- //registre attemptes of login by IP - END
- //VALIDATE DOUBLE LOGUEO
- if ($username==$usernameBD && $check_password == true && $logindatetime!=NULL && $activeBD==1) {
- $logueado = true;
- } else {
- //registre attemptes by user - HOME
- $attempU = 0;
- if($usernameBD!= null && $usernameBD!=''){
- $id_user = $id_userBD;
- $stmtE = $con->prepare("SELECT attempts FROM failed_login WHERE id_user =? AND datetime BETWEEN DATE_SUB( NOW() , INTERVAL 15 MINUTE ) AND NOW() ");
- $stmtE->bind_param("i",$id_user);
- $stmtE->execute();
- $stmtE->store_result();
- $queryResult = $stmtE->num_rows;
- if ($queryResult===0) {
- $stmtF = $con->prepare("INSERT INTO failed_login (id_user, attempts, ip, datetime) VALUES (?, ?, ?, NOW())");
- $stmtF->bind_param("iis",$id_user,$attempts,$addres);
- $attempts=1;
- $stmtF->execute();
- $stmtF->close();
- } else {
- $stmtE->bind_result($attempU_BD);
- $stmtE->fetch();
- $attempU = $attempU_BD+1;
- if ($attempU_BD<$attemptsU) {
- $stmtG = $con->prepare("UPDATE failed_login SET attempts=?, ip = ?, datetime=NOW() where id_user =?");
- $stmtG->bind_param("isi",$attempU,$addres,$id_user);
- $stmtG->execute();
- $stmtG->close();
- }
- } $stmtE->close();
- }
- //registre attempts faild by user - END
- }
- //validate user and password - HOME
- if (empty($username) || empty($password)) {
- $message = "You need to enter a username and password";
- } elseif($failed_login_attempt>=$attemptsIP){
- $message = "'IP' blocked for 1 day";
- } elseif($logueado){
- $message = "'User' is already logged in.";
- } elseif($attempU>=$attemptsU){
- $message = "'User' blocked for 15 minutes";
- } elseif ($username != $usernameBD ) {
- $message = "The 'User' you entered does not match.";
- } elseif ($check_password == false) {
- $message = "Your entered 'Password' does not match.";
- } else {
- $_SESSION["id_user"] = $id_userBD;
- //$con->query("DELETE FROM failed_attempt WHERE ip = '$addres'");
- //$con->query("DELETE FROM failed_login WHERE id_user ='$id_user'");
- }
- //validate user and password - END
- if(isset($_SESSION["id_user"])) {
- //echo '<script>window.location="index.php"</script>';
- header('location:index.php');exit;
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement