Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function login($check_username,$check_password)
- {
- //make vars safe from SQL injection
- $check_username = mysql_real_escape_string($check_username);
- $check_password = md5($check_password);
- $check_password = mysql_real_escape_string($check_password);
- //grab user from database
- $result = mysql_query("SELECT * FROM `users` WHERE `username`='".$check_username."'") or die(mysql_error());
- $row = mysql_fetch_array( $result );
- $user_id = $row['user_id'];
- $user_password = $row['password'];
- $user_login_attempts = $row['login_attempts'];
- $user_login_time = $row['login_time'];
- $time_diff = timeDifference($user_login_time);
- //check username exists
- if ($user_id != null) {
- //check user is allowed to login
- if (time() >= $user_login_time) {
- //check user gave the correct password
- if ($check_password === $user_password) {
- //user has passed all the amazing protections/tests, let them login!
- $_SESSION['logged_in'] = true;
- $_SESSION['user_id'] = $user_id;
- //reset login attempts and login time
- $user_login_attempts = 0;
- $user_login_time = 0;
- } else {
- //incorrect password
- //increase login attempts by 1
- $user_login_attempts++;
- //determine if user needs to wait b4 logging in again
- if ($user_login_attempts < 3) {
- $user_login_time = 0;
- echo "Sorry, you have entered an incorrect password. Please try again.";
- } else {
- //add five minutes wait per extra failed login attempt
- $user_login_time = time() + (($user_login_attempts - 2) * 5 * 60);
- $time_diff = timeDifference($user_login_time);
- echo "Sorry, you have entered an incorrect password. Due to too many failed attempts, please try again in ".$time_diff.".";
- }
- }
- //update login attempts/time
- $result = mysql_query("UPDATE `users` SET `login_attempts`='".$user_login_attempts."' WHERE `user_id`='".$user_id."'") or die(mysql_error());
- $result = mysql_query("UPDATE `users` SET `login_time`='".$user_login_time."' WHERE `user_id`='".$user_id."'") or die(mysql_error());
- } else {
- //user must wait b4 reattempting to login
- echo "Sorry, you may not login for ".$time_diff." due to too many failed attempts. Please try again in ".$time_diff.".";
- }
- } else {
- //user doesn't exist, try again
- echo "Sorry, but that username does not exist. Please try again.";
- }
- }
- //!function login($check_username,$check_password)
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement