如何解决清除锁定的帐户问题
| 问题恰好在帐户锁定后,然后在下一次失败的尝试中清除了锁定,换句话说,上面的两个变量不正确或if条件不正确,因为它应该等待10分钟,然后用户尝试并在10分钟后成功登录,然后将其解锁 意思清除了// Find out if user is locked out of their account
if (($lockDate !== \"0000-00-00 00:00:00\") AND (strtotime($lockDate) < time())) {
$currentDateTime = time();
$minutes = floor(($currentDateTime-$lockDate) / 60);
// Take minutes and perform tasks
if ($lockDate > 0 && $minutes < 10) {
// Calculate time remaining
$timeRemaining = 10 - $minutes;
// Account locked error
$errors = true;
$message = \"Your account is currently locked,we appologize for the inconvienence. You must wait \'\" .$timeRemaining.\"\' minutes before you can log in again!\";
$output = array(\'errorsExist\' => $errors,\'message\' => $message);
} else {
// Clear the lock
$query = \"UPDATE manager_users_hacking SET lockDate = NULL,hackerIPAddress = NULL,FailedLogins = 0 WHERE userID = \'\".$userID.\"\'\";
$result = MysqLi_query($dbc,$query);
}
}
解决方法
如果在检索用户记录时在数据库中进行了日期/时间比较会更好。
$sql = <<<EOL
SELECT userID,UNIX_TIMESTAMP(lockDate) as lockDatetimestamp
FROM manage_users
WHERE (userID = $userID) and
(lockDate IS NOT NULL) and
(lockoutDate <= DATE_SUB(now(),INTERVAL 10 MINUTE));
EOL;
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$row mysql_fetch_assoc($result);
$locktime = date(\'...some date format ...\',$row[\'lockDatetimestamp\'])
die(\"Your account is locked and reopens $locktime\");
}
... if you get here,the account\'s not locked ...
lockDate
hackerIPAddress
userID
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
