API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 11th, 2017
129
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.07 KB | None | 0 0
raw download clone embed print report
  1. DELETE FROM login_attempts WHERE ip = '$ip'"
  2.  
  3. echo 'username: '.$username.' / DB: '.$UsernamaDB;
  4. echo 'password: '.$password.' / DB: '.$passwordDB;
  5.  
  6. <?php
  7. session_start();
  8. $message="";
  9. $captcha = true;
  10.  
  11. $con = @new mysqli('localhost', 'root', '', 'system');
  12.  
  13. if(count($_POST)>0 && isset($_POST["vcode"]) && $_POST["vcode"]!=$_SESSION["vcode"]) {
  14. $captcha = false;
  15. $message = "Los caracteres escritos no coinciden con la palabra de verificación. Inténtalo de nuevo.";
  16. }
  17.  
  18. $ip = $_SERVER['REMOTE_ADDR'];
  19.  
  20. //Bloqueamos la ip por un día
  21. $result = mysqli_query($con,"SELECT * FROM failed_login WHERE ip='$ip' AND date BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");
  22. $row = mysqli_fetch_assoc($result);
  23. //Obtenemos datos para comprar intentos y para resetear intentos por su ultimo fecha.
  24. $failed_login_attempt = mysqli_real_escape_string($con,$row['attempts']);
  25. //Liberamos memoria.
  26. mysqli_free_result($result);
  27.  
  28. if(count($_POST)>0 && $captcha == true) {
  29. $username = mysqli_real_escape_string($con, $_POST["username"]);
  30. $password = mysqli_real_escape_string($con, $_POST["password"]);
  31. $username = htmlentities($username);
  32. $password = htmlentities($password);
  33. $save_passw = sha1($password);
  34. $sql = "SELECT * fROM users where username='$username' AND password='$save_passw' AND active='1' ";
  35. $query = mysqli_query($con, $sql);
  36.  
  37. $rowU = mysqli_fetch_assoc($query);
  38. $UsernamaDB = mysqli_real_escape_string($con, $rowU["username"]);
  39. $passwordDB = mysqli_real_escape_string($con, $rowU["password"]);
  40.  
  41. if($failed_login_attempt <1) {
  42. //Si es su primer intento fallido, incluimos el primer registro en la BD
  43. $con->query("INSERT INTO failed_login (ip,attempts,date) VALUES ('$ip', 1, NOW())");
  44. } else {
  45. if($failed_login_attempt <2){
  46. //En caso de ya estar en la BD, sacamos el valor y agregamos +1
  47. $contador = $row['attempts'] + 1;
  48. $con->query("UPDATE failed_login SET attempts='$contador', date=NOW() WHERE ip = '$ip'");
  49. }
  50. }
  51.  
  52.  
  53. if (empty($_POST) === false) {
  54. $username = $_POST['username']; $password = $_POST['password'];
  55. if (empty($username) === true || empty($password) === true) {
  56. $message = "Es necesario introducir un nombre de usuario y contraseña";
  57. } elseif ($username != $UsernamaDB) {
  58. $message = "El 'Usuario' que has introducido no coincide. ";
  59. } elseif ($save_passw != $passwordDB) {
  60. $message = "Tu 'Contraseña' introducido no coincide. ";
  61. } elseif($save_passw == $passwordDB && $username == $UsernamaDB) {
  62. $_SESSION["id_user"];
  63. $con->query("DELETE FROM login_attempts WHERE ip = '$ip'");
  64. }
  65. }
  66. }
  67. if(isset($_SESSION["id_user"])) {
  68. header("Location:http://localhost/learncode/index.php");
  69. }
  70. ?>
  71. <?php include 'themes/template/header.php'; ?>
  72. <div id="login" class="center">
  73. <div class="container">
  74. <div class="access">
  75. <h2>ENTRE AQUÍ.</h2>
  76. <h1><?php if($message!="") { echo $message; } ?></h1>
  77. <form name="frmUser" action="#" method="post">
  78. <input class="form-one" type="text" name="username" placeholder="username">
  79. <input class="form-one" type="password" name="password" placeholder="Password">
  80. <?php if (isset($failed_login_attempt) && $failed_login_attempt >= 1) { ?>
  81. <br><img src="image.php" id="phoca-captcha"/>
  82. <input name="vcode" type="text" placeholder="Codigo captcha">
  83. <?php } ?>
  84. <ul class="recovery">
  85. <li>
  86. <input class="checkbox-one" type="checkbox" id="brand1" value="">
  87. <label for="brand1"><span></span>Recordarme</label>
  88. <a href="#" class="TransitionEffects">¿Olvidó su contraseña?</a>
  89. </li>
  90. </ul>
  91. <div class="wrapper">
  92. <input class="btnAccess" type="submit" id="button-login" value="INICIAR SESIÓN">
  93. <p class="MaTopForty letter-spacing-one">Registrar Nueva Cuenta <span>→</span> <a class="registeraa" href="#"> ¡Registro gratis!</a></p>
  94. <div class="clear"></div>
  95. </div>
  96. </form>
  97. </div>
  98. </div>
  99. </div>
  100.  
  101. if (empty($username) === true || empty($password) === true) {
  102. $message = "Es necesario introducir un nombre de usuario y contraseña";
  103. } elseif ($username != $UsernamaDB) {
  104. $message = "El 'Usuario' que has introducido no coincide. ";
  105. } elseif ($save_passw != $passwordDB) {
  106. $message = "Tu 'Contraseña' introducido no coincide. ";
  107. } elseif($save_passw == $passwordDB && $username == $usernamaDB){
  108. $_SESSION["id_user"] = 1; // lo que quieras poner en la variable
  109. $con->query("DELETE FROM login_attempts WHERE ip = '$ip'");
  110. }
  111.  
  112. $message = "El 'Usuario' que has introducido no coincide. ";
  113. echo 'username: '.$username.' / DB: '.$usernamaDB;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!