当前位置: 首页>>代码示例>>PHP>>正文


PHP checkbrute函数代码示例

本文整理汇总了PHP中checkbrute函数的典型用法代码示例。如果您正苦于以下问题:PHP checkbrute函数的具体用法?PHP checkbrute怎么用?PHP checkbrute使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了checkbrute函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: login

function login($email, $password, $mysqli)
{
    if ($stmt = $mysqli->prepare("SELECT id, username, password, salt \n        FROM members\n       WHERE email = ?\n        LIMIT 1")) {
        $stmt->bind_param('s', $email);
        // Bind "$email" to parameter.
        $stmt->execute();
        // Execute the prepared query.
        $stmt->store_result();
        $stmt->bind_result($user_id, $username, $db_password);
        $stmt->fetch();
        // hash the password with the unique salt.
        //$password = hash('sha512', $password);
        if ($stmt->num_rows == 1) {
            if (checkbrute($user_id, $mysqli) == true) {
                return false;
            } else {
                if ($db_password == $password) {
                    return true;
                } else {
                    // Password is not correct
                    // Log attempts
                    $now = time();
                    $mysqli->query("INSERT INTO login_attempts(user_id, time)\n                                    VALUES ('{$user_id}', '{$now}')");
                    return false;
                }
            }
        } else {
            return false;
        }
    }
}
开发者ID:jstsumguy,项目名称:Timesheet,代码行数:31,代码来源:functions.php

示例2: login

function login($email, $password, $mysqli)
{
    if ($stmt = $mysqli->prepare("SELECT idusuario, usuario, contra, salt, tipo FROM usuarios_tb WHERE correo = ? OR usuario = ?")) {
        $stmt->bind_param('ss', $email, $email);
        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($user_id, $username, $db_password, $salt, $tipo);
        $stmt->fetch();
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) {
            if (checkbrute($user_id, $mysqli) == true) {
                return false;
            } else {
                if ($db_password == $password) {
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['tipo'] = $tipo;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    // Login successful.
                    return true;
                } else {
                    $now = time();
                    $mysqli->query("INSERT INTO intentos(idusuario, hora)\n                                    VALUES ('{$user_id}', '{$now}')");
                    return false;
                }
            }
        } else {
            return false;
        }
    }
}
开发者ID:renatomartinez96,项目名称:Blink,代码行数:34,代码来源:funciones.php

示例3: login

function login($password, $mysqli)
{
    if (!($queryRes = $mysqli->query('SELECT * FROM password;'))) {
        exit;
    }
    $row = $queryRes->fetch_assoc();
    // Fetch the next row in an associative array where the keys are column names
    $hash = $row['hash'];
    if (checkbrute($mysqli)) {
        // Account is locked and login is forbidden
        return array('success' => false, 'isLocked' => true);
    } else {
        if (password_verify($password, $hash)) {
            // Password is correct
            $user_browser = $_SERVER['HTTP_USER_AGENT'];
            $_SESSION['login_string'] = hash('sha512', $user_browser);
            return array('success' => true, 'isLocked' => false);
        } else {
            // Password is not correct
            $now = time();
            $mysqli->query('INSERT INTO login_attempts(time)
                                VALUES (' . $now . ');');
            return array('success' => false, 'isLocked' => false);
        }
    }
}
开发者ID:pelican2014,项目名称:CVWO-Assignment-1,代码行数:26,代码来源:db.php

示例4: login

function login($username, $password, $mysqli)
{
    if ($stmt = $mysqli->prepare("SELECT userID, username, password FROM users WHERE username = ? LIMIT 1")) {
        $stmt->bind_param('s', $username);
        //bind $username as string(s)
        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($userID, $username, $correct);
        $stmt->fetch();
        //retrieve bound variables and assign to bind
        $password = password_hash($password, PASSWORD_DEFAULT);
        if ($stmt->num_rows == 1) {
            if (checkbrute($userID, $mysqli) == false) {
                if (password_verify($password, $hash)) {
                    //XSS protection - hide id, hash login_string
                    $userID = preg_replace("/[^0-9]+/", "", $userID);
                    $_SESSION['userID'] = $userID;
                    $username = preg_replace("/[a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    return true;
                }
                //wrong password
            } else {
                //record failed attempt
                $now = time();
                $mysqli->query("INSERT INTO logins(userFK, time) VALUES ('{$userID}', '{$now}')");
            }
        }
        //user doesn't exist
    }
    //syntactical error
    return false;
}
开发者ID:Afrodeity,项目名称:Gymnest,代码行数:33,代码来源:functions.php

示例5: login

function login($email, $password, $mysqli)
{
    if ($stmt = $mysqli->prepare("SELECT id, username, password, salt \n        FROM members\n       WHERE email = ?\n        LIMIT 1")) {
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($user_id, $username, $db_password, $salt);
        $stmt->fetch();
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) {
            if (checkbrute($user_id, $mysqli) == true) {
                return false;
            } else {
                if ($db_password == $password) {
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    return true;
                } else {
                    $now = time();
                    $mysqli->query("INSERT INTO login_attempts(user_id, time)\n                                    VALUES ('{$user_id}', '{$now}')");
                    return false;
                }
            }
        } else {
            return false;
        }
    }
}
开发者ID:BoBrebel,项目名称:YD.tn,代码行数:32,代码来源:functions.php

示例6: login

function login($email, $password, $mysqli)
{
    //echo "l2333333";
    // Using prepared statements means that SQL injection is not possible.
    if ($stmt = $mysqli->prepare("SELECT id, firstname, lastname, username,role, password, salt \n        FROM `members`\n       WHERE `email` = ?\n        LIMIT 1")) {
        $stmt->bind_param('s', $email);
        // Bind "$email" to parameter.
        $stmt->execute();
        // Execute the prepared query.
        $stmt->store_result();
        // get variables from result.
        $stmt->bind_result($user_id, $firstname, $lastname, $username, $role, $db_password, $salt);
        $stmt->fetch();
        //echo $role;
        // hash the password with the unique salt.
        $password = hash('sha512', $password . $salt);
        //var_dump($password);
        //var_dump($db_password);
        if ($stmt->num_rows == 1) {
            // If the user exists we check if the account is locked
            // from too many login attempts
            if (checkbrute($user_id, $mysqli) == true) {
                // Account is locked
                // Send an email to user saying their account is locked
                return false;
            } else {
                // Check if the password in the database matches
                // the password the user submitted.
                if ($db_password == $password) {
                    // Password is correct!
                    // Get the user-agent string of the user.
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // XSS protection as we might print this value
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    // XSS protection as we might print this value
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['firstname'] = $firstname;
                    $_SESSION['lastname'] = $lastname;
                    $_SESSION['role'] = $role;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    // Login successful.
                    return true;
                } else {
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();
                    $mysqli->query("INSERT INTO login_attempts(user_id, time)\n                                    VALUES ('{$user_id}', '{$now}')");
                    return false;
                }
            }
        } else {
            // No user exists.
            //echo "<script type='text/javascript'>alert(1111111);</script>";
            return false;
        }
    }
}
开发者ID:epolixa,项目名称:cs546,代码行数:59,代码来源:functions.php

示例7: login

function login($email, $password, $mysqli)
{
    // Using prepared statements means that SQL injection is not possible.
    if ($stmt = $mysqli->prepare("SELECT id, username, password, salt \n\t\t\t\t  FROM members \n                                  WHERE email = ? LIMIT 1")) {
        $stmt->bind_param('s', $email);
        // Bind "$email" to parameter.
        $stmt->execute();
        // Execute the prepared query.
        $stmt->store_result();
        // get variables from result.
        $stmt->bind_result($user_id, $username, $db_password, $salt);
        $stmt->fetch();
        // hash the password with the unique salt.
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) {
            // If the user exists we check if the account is locked
            // from too many login attempts
            if (checkbrute($user_id, $mysqli) == true) {
                // Account is locked
                // Send an email to user saying their account is locked
                return false;
            } else {
                // Check if the password in the database matches
                // the password the user submitted.
                if ($db_password == $password) {
                    // Password is correct!
                    // Get the user-agent string of the user.
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // XSS protection as we might print this value
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    // XSS protection as we might print this value
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    // Login successful.
                    return true;
                } else {
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();
                    if (!$mysqli->query("INSERT INTO login_attempts(user_id, time) \n                                    VALUES ('{$user_id}', '{$now}')")) {
                        header("Location: error.php?err=Database error: login_attempts");
                        exit;
                    }
                    return false;
                }
            }
        } else {
            // No user exists.
            return false;
        }
    } else {
        // Could not create a prepared statement
        header("Location: error.php?err=Database error: cannot prepare statement");
        exit;
    }
}
开发者ID:admonkey,项目名称:phpSecureLogin,代码行数:58,代码来源:functions.php

示例8: login

function login($user, $password)
{
    $mysqli = conectabd(BD_PRINCIPAL);
    // Usando definições pré-estabelecidas significa que a injeção de SQL (um tipo de ataque) não é possível.
    if ($stmt = $mysqli->prepare("SELECT codigo, uid, senha, salt, status FROM usuario WHERE uid = ? LIMIT 1")) {
        $stmt->bind_param('s', $user);
        // Relaciona  "$email" ao parâmetro.
        $stmt->execute();
        // Executa a tarefa estabelecida.
        $stmt->store_result();
        // obtém variáveis a partir dos resultados.
        $stmt->bind_result($user_id, $username, $db_password, $salt, $status);
        $stmt->fetch();
        // faz o hash da senha com um salt excusivo.
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) {
            // Caso o usuário exista, conferimos se a conta está bloqueada
            // devido ao limite de tentativas de login ter sido ultrapassado
            if (checkbrute($user_id) == true) {
                // A conta está bloqueada
                // Envia um email ao usuário informando que a conta está bloqueada
                $_SESSION['login-error'] = 'A conta deste usuário está bloqueada temporáriamente';
                return false;
            } else {
                // Verifica se a senha confere com o que consta no banco de dados
                // a senha do usuário é enviada.
                if ($db_password == $password && $status === 'ativo') {
                    // A senha está correta!
                    // Obtém o string usuário-agente do usuário.
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // proteção XSS conforme imprimimos este valor
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    // proteção XSS conforme imprimimos este valor
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    // Login concluído com sucesso.
                    return true;
                } else {
                    // A senha não está correta
                    // Registramos essa tentativa no banco de dados
                    $_SESSION['login-error'] = 'Senha inválida ou usuário está inativo!';
                    $now = time();
                    $ip = $_SERVER['REMOTE_ADDR'];
                    $mysqli->query("INSERT INTO login_tentativa(user_id, time, ip) VALUES ('{$user_id}', '{$now}', '{$ip}')");
                    return false;
                }
            }
        } else {
            // Tal usuário não existe.
            $_SESSION['login-error'] = 'Usuário inválido!';
            return false;
        }
    }
}
开发者ID:anderfilth,项目名称:Painel-Workapp,代码行数:56,代码来源:functions.php

示例9: login

function login($email, $user_password, $conn)
{
    // define local variables
    $success = TRUE;
    // query db using email
    $sql = "SELECT id, username, password, salt FROM Users WHERE email = '" . $email . "' LIMIT 1";
    $result = $conn->query($sql);
    // check to see if user info was found in the db
    if ($result->num_rows > 0) {
        // get user info
        $row = $result->fetch_assoc();
        // define and assign local variables to store data from db
        $userId = $row['id'];
        $username = $row['username'];
        $dbPassword = $row['password'];
        $salt = $row['salt'];
        // hash the password with the unique salt.
        $password = hash('sha512', $user_password . $salt);
        // a user was found, so now check to see if the user
        // has tried to login too many times
        if (checkbrute($userId, $conn) == true) {
            // user tried to login too many times ergo the account is locked
            // send an email to user saying their account is locked
            $GLOBALS['errorMsg'] .= '<p class="error">Too many login attempts.</p>';
            $success = FALSE;
        } else {
            // check if the password in the database matches
            // the password the user submitted.
            if ($dbPassword == $password) {
                // password is correct!
                // get the user-agent string of the user.
                $userBrowser = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT');
                // XSS protection as we might print this value
                $userId = preg_replace("/[^0-9]+/", "", $userId);
                // set the session user_id based on the userId from the database
                $_SESSION['user_id'] = $userId;
                // XSS protection as we might print this value
                $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                // set the session username
                $_SESSION['username'] = $username;
                // set the session login_string for the given user
                $_SESSION['login_string'] = hash('sha512', $password . $userBrowser);
            } else {
                // password is not correct
                // record this attempt in the database
                $conn->query("INSERT INTO LoginAttempts(userId) VALUES ('{$userId}')");
                $GLOBALS['errorMsg'] .= '<p class="error">Incorrect Username/Password combination.</p>';
                $success = FALSE;
            }
        }
    } else {
        // No user info exists in the database
        $success = FALSE;
    }
    return $success;
}
开发者ID:hippy-runner,项目名称:HireMeHigh,代码行数:56,代码来源:functions.php

示例10: login

function login($usuario, $password, $conexion)
{
    // Usar consultas preparadas previene de los ataques SQL injection.
    if ($stmt = $conexion->prepare("SELECT id, usuario, password\n    FROM clientes\nWHERE usuario = ?\nLIMIT 1")) {
        $stmt->bind_param('s', $usuario);
        $stmt->execute();
        $stmt->store_result();
        // recogemos el resultado de la consulta
        $stmt->bind_result($id, $usuario, $db_password);
        //password de la bd
        $stmt->fetch();
        // calculamos el sha512 del password
        if ($stmt->num_rows == 1) {
            // Si el usuario existe comprobamos que la cuenta no esté bloqueada
            // por haber hecho demasiados intentos.
            if (checkbrute($id, $conexion) == true) {
                //la veremos luego
                // La cuenta está bloqueada. Aquí escribir las acciones de aviso al usuario pertinentes:
                // enviar un correo
                $error = "Cuenta Bloqueada";
                echo $error;
                return false;
            } else {
                // Comprobar si el password de la bd coincide con la enviada por el usuario
                if ($db_password == $password) {
                    //las dos en sha512
                    // Password es correcto: Tomamos user-agent string del navegador del usuario
                    // por ejemplo Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // Esto es una protección contra ataques XSS
                    //elimina los caracteres que no son digitos
                    $user_id = preg_replace("/[^0-9]+/", "", $id);
                    $_SESSION['id'] = $id;
                    // Esto es una protección contra ataques XSS
                    //elimina los caracteres que no son digitos, ni letras, ni _,\,-
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $usuario);
                    $_SESSION['usuario'] = $username;
                    //para que nadie se haga pasar por nosotros, podía ser la IP del cliente.
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    // Éxito en la validación.
                    return true;
                } else {
                    // Password no es correcto. Registramos el intento
                    $now = time();
                    $conexion->query("INSERT INTO login_attempts(id, time)\nVALUES ('{$id}', '{$now}')");
                    return false;
                }
            }
        } else {
            // No existe el usuario
            return false;
        }
    }
}
开发者ID:Lybert,项目名称:CRUD,代码行数:54,代码来源:functions.php

示例11: login

function login($email, $password, $db)
{
    // Using prepared Statements means that SQL injection is not possible.
    if ($stmt = $db->prepare("SELECT id, user, passwordHash, salt FROM login WHERE email = ? LIMIT 1")) {
        $stmt->bind_param('s', $email);
        // Bind "$email" to parameter.
        $stmt->execute();
        // Execute the prepared query.
        $stmt->store_result();
        $stmt->bind_result($user_id, $username, $db_password, $salt);
        // get variables from result.
        $stmt->fetch();
        $password = hash('sha512', $password . $salt);
        // hash the password with the unique salt.
        //$_SESSION['currentHash'] = $password;
        if ($stmt->num_rows == 1) {
            // If the user exists
            // We check if the account is locked from too many login attempts
            if (checkbrute($user_id, $db) == true) {
                // Account is locked
                // Send an email to user saying their account is locked
                return false;
            } else {
                if ($db_password == $password) {
                    // Check if the password in the database matches the password the user submitted.
                    // Password is correct!
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // Get the user-agent string of the user.
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    // XSS protection as we might print this value
                    $_SESSION['user_id'] = $user_id;
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    // XSS protection as we might print this value
                    $_SESSION['username'] = $username;
                    $_SESSION['admin'] = 1;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    // Login successful.
                    $now = time();
                    $db->query("INSERT INTO userevents (userId, eventType, date, modifiedUser) VALUES ('{$user_id}', 'logged in', '{$now}', '{$user_id}')");
                    return true;
                } else {
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();
                    $db->query("INSERT INTO userevents (userId, eventType, date, modifiedUser) VALUES ('{$user_id}', 'password incorrect', '{$now}', '{$user_id}')");
                    return false;
                }
            }
        } else {
            // No user exists.
            return false;
        }
    }
}
开发者ID:soldeviFae,项目名称:newGrowth_site,代码行数:54,代码来源:startScript.php

示例12: login

function login($email, $password, $mysqli)
{
    $errorr = "vacio";
    // Usar declaraciones preparadas significa que la inyección de SQL no será posible.
    if ($stmt = $mysqli->prepare("select user_id,user_name,user_password,salt from user where user_email= ?")) {
        $stmt->bind_param('s', $email);
        // Une “$email” al parámetro.
        $stmt->execute();
        // Ejecuta la consulta preparada.
        $stmt->store_result();
        // Obtiene las variables del resultado.
        $stmt->bind_result($user_id, $username, $db_password, $salt);
        $stmt->fetch();
        // Hace el hash de la contraseña con una sal única.
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) {
            // Si el usuario existe, revisa si la cuenta está bloqueada
            // por muchos intentos de conexión.
            if (checkbrute($user_id, $mysqli) == true) {
                // La cuenta está bloqueada.
                // Envía un correo electrónico al usuario que le informa que su cuenta está bloqueada.
                return false;
            } else {
                // Revisa que la contraseña en la base de datos coincida
                // con la contraseña que el usuario envió.
                if ($db_password == $password) {
                    // ¡La contraseña es correcta!
                    // Obtén el agente de usuario del usuario.
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    //  Protección XSS ya que podríamos imprimir este valor.
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    // Protección XSS ya que podríamos imprimir este valor.
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    // Inicio de sesión exitoso
                    actualizacionexion($mysqli, $user_id);
                    return true;
                } else {
                    // La contraseña no es correcta.
                    // Se graba este intento en la base de datos.
                    $now = time();
                    $mysqli->query("INSERT INTO login_attempts(user_id, time)\n                                    VALUES ('{$user_id}', '{$now}')");
                    return false;
                }
            }
        } else {
            // El usuario no existe.
            return false;
        }
    }
}
开发者ID:juliovalverde,项目名称:TFG,代码行数:53,代码来源:functions.php

示例13: login

function login($username, $password, $mysqli)
{
    // Using prepared statements means that SQL injection is not possible.
    if ($stmt = $mysqli->prepare("SELECT UserId, UserMail, UserPassword, UserSalt FROM ha_users WHERE UserName = ? LIMIT 1")) {
        $stmt->bind_param('s', $username);
        // Bind "$email" to parameter.
        $stmt->execute();
        // Execute the prepared query.
        $stmt->store_result();
        // get variables from result.
        $stmt->bind_result($user_id, $mail, $db_password, $salt);
        $stmt->fetch();
        // hash the password with the unique salt.
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) {
            // If the user exists we check if the account is locked
            // from too many login attempts
            if (checkbrute($user_id, $mysqli) == true) {
                // Account is locked
                header('HTTP/1.1 500 Account is locked!');
                return false;
            } else {
                // Check if the password in the database matches
                // the password the user submitted.
                if ($db_password == $password) {
                    // Password is correct!
                    // Get the user-agent string of the user.
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // XSS protection as we might print this value
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    setcookie("user_id", $user_id, time() + 10 * 365 * 24 * 60 * 60, "/");
                    // XSS protection as we might print this value
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    setcookie("username", $username, time() + 10 * 365 * 24 * 60 * 60, "/");
                    setcookie("login_string", hash('sha512', $password . $user_browser), time() + 10 * 365 * 24 * 60 * 60, "/");
                    // Login successful.
                    return true;
                } else {
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();
                    $mysqli->query("INSERT INTO ha_user_login(UserId, Date) VALUES ('" . $user_id . "', NOW())");
                    header('HTTP/1.1 500 Username/Password is not correct!');
                    return false;
                }
            }
        } else {
            // No user exists.
            header('HTTP/1.1 500 Username/Password is not correct!');
            return false;
        }
    }
}
开发者ID:crundberg,项目名称:cr-smart-home-webgui,代码行数:53,代码来源:responseLogin.php

示例14: performLogin

function performLogin($user, $password)
{
    if (!isset($user) || !isset($password)) {
        return "bad input";
    }
    $mysqli = new mysqli(DB_SERVER, DB_READER_USER, DB_READER_PASSWORD, SEC_DB_NAME);
    if ($mysqli->connect_errno) {
        echo $mysqli->connect_error;
        return "inteneral server error";
    }
    if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE username = ? LIMIT 1")) {
        $stmt->bind_param('s', $user);
        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($user_id, $username, $stored_password, $salt);
        $stmt->fetch();
        $password = hash('sha512', $password . $salt);
        //if not one result, some error occured
        if ($stmt->num_rows == 1) {
            //check to see for brute force attacks
            if (checkbrute($user_id, $mysqli)) {
                //account has been locked
                //notify of locked
                $mysqli_close($mysqli);
                return "Brute force, try again in 2 hours";
            } else {
                if ($stored_password === $password) {
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    $username = preg_replace("/[^a-zA-Z0-9_\\-]+/", "", $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
                    $mysqli->close();
                    return NULL;
                } else {
                    $mysqli->close();
                    $mysqli = new mysqli(DB_SERVER, DB_WRITER_USER, DB_WRITER_PASSWORD, SEC_DB_NAME);
                    if ($mysqli->connect_errno) {
                        echo $mysqli->connect_error;
                        return "inteneral server error";
                    }
                    $now = time();
                    $mysqli->query("INSERT INTO login_attempts(user_id, time)\n                                    VALUES ('{$user_id}', '{$now}')");
                    return "bad login";
                }
            }
        }
    }
    $mysqli->close();
    //no such user
    return "no such user";
}
开发者ID:minogb,项目名称:phploginscript,代码行数:53,代码来源:login.php

示例15: login

function login($username, $password, $db)
{
    // Using prepared Statements means that SQL injection is not possible.
    if ($stmt = $db->prepare("SELECT id, password, salt FROM users WHERE username = ? LIMIT 1")) {
        $stmt->bind_param('s', $username);
        // Bind "$username" to parameter.
        $stmt->execute();
        // Execute the prepared query.
        $stmt->store_result();
        $stmt->bind_result($user_id, $db_password, $salt);
        // get variables from result.
        $stmt->fetch();
        $password = hash('sha512', $password . $salt);
        // hash the password with the unique salt.
        if ($stmt->num_rows == 1) {
            // If the user exists
            // We check if the account is locked from too many login attempts
            if (checkbrute($user_id, $db) == true) {
                // Account is locked
                // Send an email to user saying their account is locked
                return false;
            } else {
                $ip_address = $_SERVER['REMOTE_ADDR'];
                // Get the IP address of the user.
                $user_agent = $_SERVER['HTTP_USER_AGENT'];
                // Get the user-agent string of the user.
                if ($db_password == $password) {
                    // Check if the password in the database matches the password the user submitted.
                    // Password is correct!
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    // XSS protection as we might print this value
                    $_SESSION['user_id'] = $user_id;
                    $username = preg_replace("/[^a-zA-Z0-9@._\\-]+/", "", $username);
                    // XSS protection as we might print this value
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', $password . $ip_address . $user_agent);
                    // Login successful.
                    return true;
                } else {
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();
                    $result = $db->query("INSERT INTO login_attempts (user_id, when, ip, user_agent) VALUES ('" . $user_id . "', '" . $now . "', '" . ip2long($ip_address) . "', '" . $user_agent . "')");
                    return false;
                }
            }
        } else {
            // No user exists.
            return false;
        }
    }
}
开发者ID:alexstrandberg,项目名称:Electronics-Power-Management-System,代码行数:52,代码来源:functions.php


注:本文中的checkbrute函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。