登录日志 - 向管理员发送一次电子邮件

时间:2017-03-14 12:07:08

标签: php pdo

所以我是一个泡菜..

我已经创建了可以正常工作的类,但是,如果用户一直按下登录信息,那么它将会一遍又一遍地发送电子邮件。我要么把它放在错误的地方,要么我需要添加一些其他东西,我有点迷失。

这是我的代码:

public function login($username, $password)
    {
        if (!empty($username) || !empty($password))
        {
            $ip = $_SERVER['REMOTE_ADDR'];
            $stmt = $this->run("SELECT * FROM `users` WHERE `username` = ?");
            $stmt->execute([$username]);

            $row = $stmt->fetch(PDO::FETCH_ASSOC);

            $blocked = $this->run("SELECT count(*) FROM `failedLogins` WHERE `ipAddress` = ?");
            $blocked->execute([$ip]);
            $re = $blocked->fetchColumn();


            $ipBlock = $this->run("SELECT * FROM `blockedIPS` WHERE `ip` = ?");
            $ipBlock->execute([$ip]);

            if ($re <= 6) {
                if ($ipBlock->rowCount() == 0)
                {
                    if ($stmt->rowCount() > 0) {
                        if (password_verify($password, $row['password'])) {
                            $_SESSION['user_session'] = $row['userid'];

                            $stmt = $this->run("UPDATE `users` SET `loginCount` = `loginCount` + 1, `loginIP` = ? WHERE `username` = ?");
                            $stmt->execute([$ip, $username]);

                            $add = $this->run("INSERT INTO `loginLog` (`username`,`ipAddress`, `date`) VALUES (?,?, NOW())");
                            $add->execute([$username, $ip]);
                            $this->redirect('home');

                        } else {
                            $stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`,`reason`) VALUES (?,?,?,NOW(),'Incorrect Password')");
                            $stmt->execute([$username, $password, $ip]);

                            echo Common::warning('The password you have entered is incorrect');
                        }
                    } else {
                        $stmt = $this->run("INSERT INTO `failedLogins`(`username`,`password`,`ipAddress`,`when`, `reason`) VALUES (?,?,?,NOW(), 'Username guess, possible brute force')");
                        $stmt->execute([$username, $password, $ip]);
                        echo Common::error('This username doesn\'t exist.');
                    }
                } else {
                    Common::emailAdmin("The following IP address has now been blocked from logging in: $ip");
                    echo Common::error('Your IP address has been blocked from accessing our website.');
                }
            } else {
                $stmt = $this->run("INSERT INTO `blockedIPS`(`ip`,`date`) VALUES (?,NOW())");
                $stmt->execute([$ip]);

                echo Common::error('You have tried to log in too many times incorrectly. Your account has now been frozen.');
            }
        } else {
            echo Common::warning('Please fill in both fields.');
        }
    }

我有可能把它放错了地方,但第二双眼睛瞥了一眼并告诉我,我搞砸了哪里会很棒!

1 个答案:

答案 0 :(得分:1)

我会删除代码的import requests LIST_ITEMS_URL = 'http://www.solicitador.org/vendas/consultas/ListaBens.jsp' r = requests.post(LIST_ITEMS_URL, data = { 'iddistrito': 13, 'idconcelho': 6, 'tipo_bem':1, 'pageOri': 'PesquisaAvancada.jsp' }, headers = { 'Content-Type' : 'application/x-www-form-urlencoded', 'Content-Length' : '111', 'Cookie' : 'JSESSIONID=0002K67DUGhI4ioO6eE3oCeKYSQ:-G1B89M', 'Upgrade-Insecure-Requests' : '1' } ) print r.content 部分:

else

将电子邮件行移至您更新else { Common::emailAdmin("The following IP address has now been blocked from logging in: $ip"); echo Common::error('Your IP address has been blocked from accessing our website.'); } 的{​​{1}},例如:

else

由于这是您实际阻止IP的地方,因此它会在此阶段发送电子邮件。

此外,您实际上并未阻止blockedIPS再次尝试登录,您应该确保阻止这些IP登录,无论尝试失败。

E.g。

blockedIPS
相关问题
最新问题