每次我尝试提交我的登录表单时,都需要25秒才能提交,但我仍然永远不会停止通过该表单。我想知道是否有某些东西我在某处丢失了。我想知道它是否有某些东西会在某处返回。有什么想法吗?
不平
public function form_is_valid()
{
/* Set validation rules for post data */
$this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
$this->form_validation->set_rules('remember', 'Remember Me', 'trim|xss_clean|integer');
/* Form validation passed */
return $this->form_validation->run();
}
public function is_user_locked($user_data)
{
if ($user_data->lock_date !== '0000-00-00 00:00:00')
{
/* User is locked out */
if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
{
/* User is still locked out */
return TRUE;
}
else
{
/* User is no longer locked out */
return FALSE;
}
}
}
public function check_user_status($user_data)
{
/* Match user status */
switch ($user_data->user_status_id)
{
case 1:
$this->output('Sorry you must verify your account before logging in!', 'Account Unverified', 'Error');
break;
case 3:
$this->output('Your account has been suspended!', 'Account Suspended', 'Error');
break;
case 4:
$this->output('Your account has been suspended!', 'Account Banned', 'Error');
break;
case 5:
$this->output('Your account has been deleted!', 'Account Deleted', 'Error');
break;
default:
return;
}
}
public function output($message, $title, $status = 'Success')
{
switch ($status)
{
case 'Error':
array('status' => 'Error');
break;
case 'Notice':
array('status' => 'Notice');
break;
case 'Success':
array('status' => 'Success');
break;
}
echo json_encode($status, $title, $message);
}
public function start_user_session()
{
/* Start session with user id and clear previous failed login attempts */
$this->session->set_userdata('uid', $user_data->user_id);
$this->session->unset_userdata('failed_logins');
$this->users_model->insert_session($user_data->user_id, gmdate('Y-m-d H:i:s', time()));
return;
}
public function submit($post_username = NULL, $post_password = NULL)
{
if (!$this->form_is_valid())
{
echo 'test';
die();
$this->output('The form did not validate successfully!', 'Form Not Validated', 'Error');
}
/* Post values from login form */
$post_username = $this->input->post('username');
$post_password = $this->input->post('password');
/* Test to see value of posted login form */
//echo '<pre>';
//var_dump($post_username);
//var_dump($post_password);
//echo '</pre>';
//die();
/* Get user data from post username value */
$user_data = $this->users_model->get_by('username', $post_username);
/* Test to see value of $user_data */
//echo '<pre>';
//var_dump($user_data);
//echo '</pre>';
//die();
if (count($user_data) == 0)
{
/* User was not found in database */
$this->output('The user was not found in the database!', 'User Not Found', 'Error');
}
/* User was found in database */
if ($this->is_user_locked($user_data->lock_date))
{
/* User is locked from logging in from too many failed attempts */
$this->output('This user account is currently locked!', 'Account Locked', 'Error');
}
else
{
/* User can be unlocked and form be resubmitted */
$this->users_model->unlock_user($user_data->user_id);
$this->submit($post_username, $post_password);
return FALSE;
}
/* User is unlocked from logging in */
if ($user_data->user_status_id != 2)
{
/* User has a status that is not allowed to proceed */
$this->user_status_message($user_data->user_status_id);
}
/* User is registered and validated */
$regenerated_post_password = $this->genfunc->reGenPassHash($post_password, $user_data->password_hash);
$failed_logins = $this->session->userdata('failed_logins');
if ($regenerated_post_password !== $user_data->password)
{
/* Password from login from does not match user stored password */
if ($failed_logins == 0)
{
/* First time user has not entered username and password successfully */
$this->session->set_userdata('failed_logins', 1);
$this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
$this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
}
/* User has atleast one failed login attempt for the current session */
if ($failed_logins !== 4)
{
/* User has a few more chances to get password right */
$failed_logins++;
$this->session->set_userdata('failed_logins', $failed_logins);
$this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
$this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
}
$this->users_model->lock_out_user($user_data->user_id, gmdate('Y-m-d H:i:s', time()+(60*15)));
//$this->functions_model->send_email('maximum_failed_login_attempts_exceeded', $user_data->email_address, $user_data)
$this->output('Your account is currently locked, we apologize for the inconvienence. You must wait 15 minutes before you can log in again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>', 'Account Locked', 'Error');
}
/* Password from login form matches user stored password and user may login */
$this->output('Successful login! Sending you to the dashboard!', 'Login Sucessful', 'Success');
}
更新:这是完全有效的原始提交功能但是我的帖子的原因是因为我在尝试压扁它时遇到了问题。
FLATTENED
public function submit($post_username = NULL, $post_password = NULL)
{
/* Set variable defaults */
$output_status = 'Notice';
$output_title = 'Not Processed';
$output_message = 'The request was unprocessed!';
/* Number of error flags */
$flags = 0;
/* Set validation rules for post data */
$this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
$this->form_validation->set_rules('remember', 'Remember Me', 'trim|xss_clean|integer');
if ($this->form_validation->run() == TRUE)
{
/* Form validation passed */
/* Post values from login form */
$post_username = $this->input->post('username');
$post_password = $this->input->post('password');
/* Test to see value of posted login form */
//echo '<pre>';
//var_dump($post_username);
//var_dump($post_password);
//echo '</pre>';
//die();
/* Get user data from post username value */
$user_data = $this->users_model->get_by('username', $post_username);
/* Test to see value of $user_data */
//echo '<pre>';
//var_dump($user_data);
//echo '</pre>';
//die();
if (count($user_data) > 0)
{
/* User was found in database */
if ($user_data->lock_date !== '0000-00-00 00:00:00')
{
/* User is locked out */
if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
{
/* User is still locked out */
$output_status = 'Error';
$output_title = 'Account Locked';
$output_message = 'This user account is currently locked!';
$flags++;
}
else
{
/* User can be unlocked and form be resubmitted */
$this->users_model->unlock_user($user_data->user_id);
$this->submit($post_username, $post_password);
return FALSE;
}
}
if ($flags == 0)
{
/* User is not locked out and no error messages reported */
/* Match user status */
switch ($user_data->user_status_id)
{
case 1:
$output_status = 'Error';
$output_title = 'Account Unverified';
$output_message = 'Sorry you must verify your account before logging in!';
$flags++;
break;
case 3:
$output_status = 'Error';
$output_title = 'Account Suspended';
$output_message = 'Your account has been suspended!';
$flags++;
break;
case 4:
$output_status = 'Error';
$output_title = 'Account Banned';
$output_message = 'Your account has been banned!';
$flags++;
break;
case 5:
$output_status = 'Error';
$output_title = 'Account Deleted';
$output_message = 'Your account has been deleted!';
$flags++;
break;
}
if ($flags == 0)
{
/* User is registered and validated and no error messages reported */
$regenerated_post_password = $this->genfunc->reGenPassHash($post_password, $user_data->password_hash);
$failed_logins = $this->session->userdata('failed_logins');
if ($regenerated_post_password == $user_data->password)
{
/* Password from login form matches user stored password */
/* Start session with user id and clear previous failed login attempts */
$this->session->set_userdata('uid', $user_data->user_id);
$this->session->unset_userdata('failed_logins');
$this->users_model->insert_session($user_data->user_id, gmdate('Y-m-d H:i:s', time()));
$output_status = 'Success';
$output_title = 'Login Success';
$output_message = 'Successful login! Sending you to the dashboard';
}
else
{
/* Password from login from does not match user stored password */
if ($failed_logins > 0)
{
/* User has atleast one failed login attempt for the current session */
if ($failed_logins == 4)
{
$this->users_model->lock_out_user($user_data->user_id, gmdate('Y-m-d H:i:s', time()+(60*15)));
//$this->functions_model->send_email('maximum_failed_login_attempts_exceeded', $user_data->email_address, $user_data)
$output_status = 'Error';
$output_title = 'Account Locked';
$output_message = 'Your account is currently locked, we apologize for the inconvienence. You must wait 15 minutes before you can log in again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>';
}
else
{
/* User has a few more chances to get password right */
$failed_logins++;
$this->session->set_userdata('failed_logins', $failed_logins);
$output_status = 'Error';
$output_title = 'Incorrect Login Credentials';
$output_message = 'Incorrect username and password credentials!';
}
}
else
{
/* First time user has not entered username and password successfully */
$this->session->set_userdata('failed_logins', 1);
$output_status = 'Error';
$output_title = 'Incorrect Login Credentials';
$output_message = 'Incorrect username and password credentials!';
}
$this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
}
}
}
}
else
{
/* User was not found in database */
$output_status = 'Error';
$output_title = 'User Not Found';
$output_message = 'The user was not found in the database!';
}
}
else
{
/* Form validation failed */
$output_status = 'Error';
$output_title = 'Form Not Validated';
$output_message = 'The form did not validate successfully!';
}
$output_array = array('output_status' => $output_status, 'output_title' => $output_title, 'output_message' => $output_message);
echo json_encode($output_array);
}
答案 0 :(得分:1)
首先,您没有加载form_validation库。我想你是自动加载的。调试代码非常混乱。如果您在4次尝试中提供正确的用户名和密码,您应该得到正确的结果。我对你的数据库一无所知,所以我希望你的模型没有做错任何事。在is_userdata_locked函数中,您没有提到如果日期为'0000-00-00 00:00:00
public function is_user_locked($user_data)
{
if ($user_data->lock_date !== '0000-00-00 00:00:00')
{
/* User is locked out */
if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
{
/* User is still locked out */
return TRUE;
}
else
{
/* User is no longer locked out */
return FALSE;
}
return true; /*maybe false, considering your logic*/
}
}
你说你没有看到任何输出。在output function中您使用json_encode,但提供3个参数。它不需要3个参数。你应该把它变成一个数组。我认为没有理由在那里使用switch。
public function output($message, $title, $status = 'Success')
{
$stat = array('status' => $status,
'message' => $message,
'title' => $title
);
echo json_encode($stat);
}
在你的submit function, when user is not found, you are still going to next segment for checking is_user_locked()`中。如果找不到用户,您应该重新填充表单。我添加了一个die() -
if (count($user_data) == 0)
{
/* User was not found in database */
$this->output('The user was not found in the database!', 'User Not Found', 'Error');
die(); /*Add die to stop executing the rest of the code.*/
}
接下来是解锁用户后调用submit function的块。 form_validation仅适用于post数据,因此当您使用参数调用该函数时,它不会获取post数据。表单验证将始终运行false,您将进行无限循环。这是你的主要问题。我不明白为什么你要重新提交。您解锁用户,然后对用户进行身份验证。
if ($this->is_user_locked($user_data->lock_date))
{
/* User is locked from logging in from too many failed attempts */
$this->output('This user account is currently locked!', 'Account Locked', 'Error');
die(); /*No need to execute rest of the script as user is locked*/
}
else
{
/* User can be unlocked and form be resubmitted */
$this->users_model->unlock_user($user_data->user_id);
}
我会说,你的if else代码块非常混乱。我建议重新考虑你的逻辑。您可能会因所有if else条件而迷失方向。如果是这种情况,您可以尝试一个简单的流程图。它可以帮助您缓解问题。
最后一件事,检查您的ERROR REPORTING是否已启用。你应该至少得到json_encode错误。
<强>更新
这是一个可以帮助你的psudo提交功能
function submit(){
if (invalid form){ /*form_is_valid function*/
output invalid_form_error;
return;
}
if( user not exist ){
output invalid_user_error;
return;
}
if( inappropriate user_status){ /*check_user_status() function*/
output user_status_error;
return;
}
if(is_user_locked){ /*is_user_locked() function. My opinion if lock time is over, unlock user here*/
output user_is_locked_error;
return;
}
if( password not match){
set/increase session variable failed attempt;
if failed attempt is more than 4 lock user
output incorrect_password_error/lock_login_error;
return
}
set session variables; /* start_user_session() function */
output success_message;
return;
}
您必须小心地使用适当的消息从提交函数中正确返回,因为这是基于ajax的应用程序。这样您就不需要任何其他条件,这将使您的生活更轻松。你的所有功能似乎都没问题,但你必须清除你的逻辑。