记录三次失败的登录尝试

时间:2015-11-25 04:56:55

标签: php

我需要一个用于记录登录尝试的脚本:如果用户尝试使用错误的密码登录3次,则脚本会提醒用户以其他方式登录。

我试过这种方式,但它没有用。我该怎么做才能做到这一点?还将赞赏对代码实现的解释。

public function log($usrname, $password, $type) {

    try {
        $stmt = $this->db->prepare("SELECT * FROM $table WHERE username=:username and password =:password and type=:type");
        $stmt->execute(array(':username' => $usrname, ':password' => $password, ':type' => $type));
        $userRow = $stmt->fetch(PDO::FETCH_ASSOC);
        if ($stmt->rowCount()== 1) {
            echo "loged in";
            } else if($stmt->rowCount == 0){
                $ec = 0;

                $error = ++$ec;
                if(count($error)== 3){
                    echo "you provide wrong username and password 3 times";
                }
            }
        }
    } catch (PDOException $e) {
        $e->getMessage();
    }
}

2 个答案:

答案 0 :(得分:2)

您应该在数据库表中有一个'attempt'字段,每次使用错误的密码登录时,只需将计数更新到表字段中,您就可以在错误条件下检查尝试计数。如果登录成功,只需将尝试计数重置为0.

我在这里提供代码逻辑。但我没有测试它。使用这个逻辑。

但我建议您检查用户名已在您的表中注册

 public function log($usrname, $password, $type) {

        try {

            $stmt0 = $this->db->prepare("SELECT username FROM $table WHERE username=:username");                
            $stmt0->execute(array(':username' => $usrname);
            if ($stmt0->rowCount()== 1) {

                  $stmt = $this->db->prepare("SELECT * FROM $table WHERE username=:username and password =:password and type=:type");
                  $stmt->execute(array(':username' => $usrname, ':password' => $password, ':type' => $type));
                  $userRow = $stmt->fetch(PDO::FETCH_ASSOC);
                  if ($stmt->rowCount()== 1) {
                      echo "loged in";
                      // UPDATE THE attempt field to 0 here
                       $stmt2 = $this->db->prepare("UPDATE $table SET attempt=:attepmt WHERE username=:username");
                       $stmt2->execute(array(':username' => $usrname, ':attempt' => 0));

                  }else if($stmt->rowCount == 0){                    
                           // select the attempt field and check this is 3
                          $stmt3 = $this->db->prepare("SELECT attempt FROM $table WHERE username=:username");
                          $stmt3->execute(array(':username' => $usrname));
                          $obj= $stmt3->fetch(PDO::FETCH_OBJ);
                          if($obj->attempt==3){                           
                              echo "you provide wrong username and password 3 times";
                          }
                      $attempt = $obj->attempt+1;
                      $stmt4 = $this->db->prepare("UPDATE $table SET attempt=:attepmt WHERE username=:username");
                      $stmt4->execute(array(':username' => $usrname, ':attempt' => $attempt));


                  }


            }else{
              echo "Username  is not  found in table !";
            }
        } catch (PDOException $e) {
            $e->getMessage();
        }

}

答案 1 :(得分:1)

您可以使用$_SESSION来计算尝试次数。

public function log($usrname, $password, $type) {

    try {
        $stmt = $this->db->prepare("SELECT * FROM $table WHERE username=:username and password =:password and type=:type");
        $stmt->execute(array(':username' => $usrname, ':password' => $password, ':type' => $type));
        $userRow = $stmt->fetch(PDO::FETCH_ASSOC);
        if ($stmt->rowCount()== 1) {
            echo "loged in";
            } else if($stmt->rowCount == 0){
                if(isset($_SESSION['attempt']))
                 {
                   $_SESSION['attempt']=$_SESSION['attempt']+1;
                  }else {
                    $_SESSION['attempt']=1;
                  }
                $error = ++$ec;
                if($_SESSION['attempt']== 3){
                    echo "you provide wrong username and password 3 times";
                }
            }
        }
    } catch (PDOException $e) {
        $e->getMessage();
    }
}
相关问题
最新问题