1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
<?php
require_once 'function_db_operation.php';
function insert_login_log($user_name, $is_success)
{
$ip_address = $_SERVER['REMOTE_ADDR'];
$lb = new LoginBlock;
$fail_count = $lb->get_fail_count();
if ($is_success === false) {
$fail_count++;
}
$max_fail_count = $lb->get_max_fail_count();
$is_block = $fail_count >= $max_fail_count;
save(NULL, LoginBlock::TABLE_NAME, array(
'ip_address' => $ip_address,
'user_name' => $user_name,
'is_success' => $is_success === false ? '0' : '1',
'is_block' => $is_block ? '1' : '0',
));
}
function die_if_login_block()
{
$lb = new LoginBlock;
$lb->die_if_login_block();
}
class LoginBlock
{
const TABLE_NAME = 'login_log';
private $block_mins = 10;
private $max_fail_count = 5;
function __construct() {
$table_name = self::TABLE_NAME;
$sql = "
CREATE TABLE IF NOT EXISTS `{$table_name}` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`create_on` datetime NOT NULL,
`ip_address` varchar(500) COLLATE utf8_unicode_ci NOT NULL,
`user_name` varchar(500) COLLATE utf8_unicode_ci NULL,
`is_success` tinyint(1) NOT NULL,
`is_block` tinyint(1) NOT NULL,
PRIMARY KEY (`id`),
KEY `{$table_name}_ix_create_on` (`create_on`),
KEY `{$table_name}_ix_ip_address` (`ip_address`(333)),
KEY `{$table_name}_ix_is_block` (`is_block`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
";
execute_sql($sql);
}
function get_max_fail_count()
{
return $this->max_fail_count;
}
function get_fail_count()
{
$table_name = self::TABLE_NAME;
$block_mins = $this->block_mins;
$max_fail_count = $this->max_fail_count;
$ip_address = $_SERVER['REMOTE_ADDR'];
$time = time() - ($block_mins * 60); // before $block_mins
$after_datetime = date('Y-m-d H:i:s', $time);
$variables = array(
'ip_address', 'after_datetime',
);
foreach ($variables as $variable)
{
$html_variable = 'html_' . $variable;
$$html_variable = htmlspecialchars($$variable, ENT_QUOTES);
$mysql_variable = 'mysql_' . $variable;
$$mysql_variable = "'" . mysql_real_escape_string($$html_variable) . "'";
}
$sql = "SELECT *
FROM {$table_name}
WHERE ip_address = $mysql_ip_address AND create_on >= $mysql_after_datetime
ORDER BY create_on DESC
LIMIT $max_fail_count";
$login_logs = get_records($sql);
$fail_count = 0;
foreach ($login_logs as $login_log) {
if ($login_log['is_success'] == 1 || $login_log['is_block'] == 1) {
break;
} else {
$fail_count++;
}
}
return $fail_count;
}
function die_if_login_block()
{
$table_name = self::TABLE_NAME;
$block_mins = $this->block_mins;
$max_fail_count = $this->max_fail_count;
$ip_address = $_SERVER['REMOTE_ADDR'];
$time = time() - ($block_mins * 60); // before $block_mins
$after_datetime = date('Y-m-d H:i:s', $time);
$variables = array(
'ip_address', 'after_datetime',
);
foreach ($variables as $variable)
{
$html_variable = 'html_' . $variable;
$$html_variable = htmlspecialchars($$variable, ENT_QUOTES);
$mysql_variable = 'mysql_' . $variable;
$$mysql_variable = "'" . mysql_real_escape_string($$html_variable) . "'";
}
$sql = "SELECT
CASE
WHEN EXISTS(
SELECT * FROM {$table_name}
WHERE ip_address = $mysql_ip_address AND create_on >= $mysql_after_datetime AND is_block = 1
) THEN 1
ELSE 0
END AS is_block";
$result = get_record($sql);
$is_block = $result['is_block'] == 1;
if ($is_block) {
die("You login failure more than $max_fail_count times, please try again after $block_mins mins.");
}
}
}
|