Clearing a locked account issues
The problem is right after the account locks then on the next failed attempt it clears the lock so in other words the two variables above are not right or the if condition isn't right because its supposed to wait 10 minutes and after that user attempts and successfully logs in after that 10 minutes THEN it unlocks the account meaning clears it
// Find out if user is locked out of their account
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) < time())) {
$currentDateTime = time();
$minutes = floor(($currentDateTime-$lockDate) / 60);
// Take minutes and perform tasks
if ($lockDate > 0 && $minutes < 10) {
// Calculate time remaining
$timeRemaining = 10 - $minutes;
// Account locked error
$errors = true;
$message = "Your account is currently locked, we appologize for the inconvienence. You must wait '" .$timeRemaining."' minutes before you can log in again!";
$output = array('errorsExist' => $errors, 'message' => $message);
} else {
// Clear the lock
$query = "UPDATE m开发者_运维知识库anager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
}
}
It'd be better if you did the date/time comparisons in the database, at the time you retrieve the user record.
$sql = <<<EOL
SELECT userID, UNIX_TIMESTAMP(lockDate) as lockDatetimestamp
FROM manage_users
WHERE (userID = $userID) and
(lockDate IS NOT NULL) and
(lockoutDate <= DATE_SUB(now(), INTERVAL 10 MINUTE));
EOL;
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$row mysql_fetch_assoc($result);
$locktime = date('...some date format ...', $row['lockDatetimestamp'])
die("Your account is locked and reopens $locktime");
}
... if you get here, the account's not locked ...
I don't see anything wrong with your code. As long as the fields lockDate and hackerIPAddress are nullable and userID is a string, your query should work.
加载中,请稍侯......
精彩评论