All geek questions in one place

Session temporary variables in PHP? I try to block people for unsuccessful logins

I'm having trouble finding what I'm looking for. I believe it is better to ask here, so I can also find out what is the best practice or method for what I'm trying.

I want to make a script lock that prevents people from trying to log in too many times to prevent a password crack. I have one that creates a popup that creates a slight delay, but to prevent spamming and JavaScript disabled, I want a more persistent way to prevent login attempts too many times. I thought session variables would be better for this, but I have no idea how its "time" is.

Can anyone help? I am using PHP and JavaScript (with jQuery).

+3
source share
4 answers

First of all, do not block the account, if someone gets into the cap, offer her reCaptcha .

$_SESSION , cookie. - /, cookie $_SESSION. . , , ip, timestamp. timestamp . - ,

select count(ip) from brute_force_protection where DATE_SUB(NOW(),INTERVAL 1 DAY)>=timestamp and ip='".$_SERVER['remote_addr']."'

, 3, ip. mysql_real_escape_string() remote_addr, apache TCP-, , ( extract()).

EDIT:
ip- , . - -, , .

+3

, , .

.

create table failedlogins (
    id INT NOT NULL auto_increment,
    user_id INT NOT NULL,
    time_tried DATETIME NOT NULL,
    primary key(id),
    index(user_id));

. , , "loginLocked ($ user)"; - x ( x - , x). , 3 5 :

function loginLocked($user) {
    $query = "SELECT count(fl.id) FROM failedlogins fl 
                 JOIN user u ON fl.user_id = u.id
                 WHERE time_tried < DATE_SUB(NOW(), INTERVAL 5 MINUTE) AND u.username = '" . mysql_real_escape_string($user) . "'";

    $res = mysql_query($query) or trigger_error("Failed Login Query failed: " . mysql_error();

    $attempts = mysql_result($res, 0, 0);

    return ($res < 3);
}

.. / , . , .

EDIT:

SQL , , , , .

where, , .

:. , Locked (re) Captcha .

+1

, , ( Rich Adams), ( , , )

0

, - . cookie, cookie , , , -, script, .

, : , , lastAttempt, , . , , , .

0

Source: https://habr.com/ru/post/1757165/

More articles:


All Articles