问题描述
|
问题恰好在帐户锁定后,然后在下一次失败的尝试中清除了锁定,换句话说,上面的两个变量不正确或if条件不正确,因为它应该等待10分钟,然后用户尝试并在10分钟后成功登录,然后将其解锁
意思清除了
// Find out if user is locked out of their account
if (($lockDate !== \"0000-00-00 00:00:00\") AND (strtotime($lockDate) < time())) {
$currentDateTime = time();
$minutes = floor(($currentDateTime-$lockDate) / 60);
// Take minutes and perform tasks
if ($lockDate > 0 && $minutes < 10) {
// Calculate time remaining
$timeRemaining = 10 - $minutes;
// Account locked error
$errors = true;
$message = \"Your account is currently locked,we appologize for the inconvienence. You must wait \'\" .$timeRemaining.\"\' minutes before you can log in again!\";
$output = array(\'errorsExist\' => $errors,\'message\' => $message);
} else {
// Clear the lock
$query = \"UPDATE manager_users_hacking SET lockDate = NULL,hackerIPAddress = NULL,FailedLogins = 0 WHERE userID = \'\".$userID.\"\'\";
$result = MysqLi_query($dbc,$query);
}
}
解决方法
如果在检索用户记录时在数据库中进行了日期/时间比较会更好。
$sql = <<<EOL
SELECT userID,UNIX_TIMESTAMP(lockDate) as lockDatetimestamp
FROM manage_users
WHERE (userID = $userID) and
(lockDate IS NOT NULL) and
(lockoutDate <= DATE_SUB(now(),INTERVAL 10 MINUTE));
EOL;
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$row mysql_fetch_assoc($result);
$locktime = date(\'...some date format ...\',$row[\'lockDatetimestamp\'])
die(\"Your account is locked and reopens $locktime\");
}
... if you get here,the account\'s not locked ...
, 我看不到您的代码有什么问题。只要字段lockDate
和hackerIPAddress
可以为空并且userID
是一个字符串,您的查询就可以使用。