所以我是一个泡菜..
我已经创建了可以正常工作的类,但是,如果用户一直按下登录信息,那么它将会一遍又一遍地发送电子邮件。我要么把它放在错误的地方,要么我需要添加一些其他东西,我有点迷失。
这是我的代码:
public function login($username, $password)
{
if (!empty($username) || !empty($password))
{
$ip = $_SERVER['REMOTE_ADDR'];
$stmt = $this->run("SELECT * FROM `users` WHERE `username` = ?");
$stmt->execute([$username]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$blocked = $this->run("SELECT count(*) FROM `failedLogins` WHERE `ipAddress` = ?");
$blocked->execute([$ip]);
$re = $blocked->fetchColumn();
$ipBlock = $this->run("SELECT * FROM `blockedIPS` WHERE `ip` = ?");
$ipBlock->execute([$ip]);
if ($re <= 6) {
if ($ipBlock->rowCount() == 0)
{
if ($stmt->rowCount() > 0) {
if (password_verify($password, $row['password'])) {
$_SESSION['user_session'] = $row['userid'];
$stmt = $this->run("UPDATE `users` SET `loginCount` = `loginCount` + 1, `loginIP` = ? WHERE `username` = ?");
$stmt->execute([$ip, $username]);
$add = $this->run("INSERT INTO `loginLog` (`username`,`ipAddress`, `date`) VALUES (?,?, NOW())");
$add->execute([$username, $ip]);
$this->redirect('home');
} else {
$stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`,`reason`) VALUES (?,?,?,NOW(),'Incorrect Password')");
$stmt->execute([$username, $password, $ip]);
echo Common::warning('The password you have entered is incorrect');
}
} else {
$stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`, `reason`) VALUES (?,?,?,NOW(), 'Username guess, possible brute force')");
$stmt->execute([$username, $password, $ip]);
echo Common::error('This username doesn\'t exist.');
}
} else {
Common::emailAdmin("The following IP address has now been blocked from logging in: $ip");
echo Common::error('Your IP address has been blocked from accessing our website.');
}
} else {
$stmt = $this->run("INSERT INTO `blockedIPS`(`ip`,`date`) VALUES (?,NOW())");
$stmt->execute([$ip]);
echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.');
}
} else {
echo Common::warning('Please fill in both fields.');
}
}
我有可能把它放错了地方,但第二双眼睛瞥了一眼并告诉我,我搞砸了哪里会很棒!
答案 0 :(得分:1)
我会删除代码的import requests
LIST_ITEMS_URL = 'http://www.solicitador.org/vendas/consultas/ListaBens.jsp'
r = requests.post(LIST_ITEMS_URL,
data = {
'iddistrito': 13,
'idconcelho': 6,
'tipo_bem':1,
'pageOri': 'PesquisaAvancada.jsp'
}, headers = {
'Content-Type' : 'application/x-www-form-urlencoded',
'Content-Length' : '111',
'Cookie' : 'JSESSIONID=0002K67DUGhI4ioO6eE3oCeKYSQ:-G1B89M',
'Upgrade-Insecure-Requests' : '1'
}
)
print r.content
部分:
else
将电子邮件行移至您更新else {
Common::emailAdmin("The following IP address has now been blocked from logging in: $ip");
echo Common::error('Your IP address has been blocked from accessing our website.');
}
的{{1}},例如:
else
由于这是您实际阻止IP的地方,因此它会在此阶段发送电子邮件。
此外,您实际上并未阻止blockedIPS再次尝试登录,您应该确保阻止这些IP登录,无论尝试失败。
E.g。
blockedIPS