1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
<?php
header('X-UA-Compatible: IE=edge,chrome=1');
function insert_login_log($user_name, $is_success)
{
$lb = new LoginBlock;
$fail_count = $lb->get_fail_count();
if ($is_success === false) {
$fail_count++;
}
$max_fail_count = $lb->get_max_fail_count();
$is_block = $fail_count >= $max_fail_count;
$sql = "
INSERT INTO sys_login_log (
create_on, ip_address, user_name, is_success, is_block
) VALUES (
NOW(), :ip_address, :user_name, :is_success, :is_block
)";
$sql_param = array(
':ip_address' => $_SERVER['REMOTE_ADDR'],
':user_name' => $user_name,
':is_success' => $is_success === false ? '0' : '1',
':is_block' => $is_block ? '1' : '0',
);
$sth = Db::getDbh()->prepare($sql);
//echo $sth->getSQL( $sql_param ).HTML_EOL;
$sth->execute( $sql_param );
if( $error = $sth->getError($sql_param) ){
var_dump($error);
}
if($row = $sth->fetch()){
$loggin = 1;
return true;
}
}
function die_if_login_block()
{
$lb = new LoginBlock;
$lb->die_if_login_block();
}
class LoginBlock
{
private $block_mins = 10;
private $max_fail_count = 5;
function get_max_fail_count()
{
return $this->max_fail_count;
}
function get_fail_count()
{
$block_mins = $this->block_mins;
$max_fail_count = $this->max_fail_count;
$sql = "SELECT *
FROM sys_login_log
WHERE ip_address = :ip_address AND create_on >= :create_on
ORDER BY create_on DESC
LIMIT $max_fail_count";
$sql_param = array(
':ip_address' => $_SERVER['REMOTE_ADDR'],
':create_on' => date('Y-m-d H:i:s', time() - ($block_mins * 60)),// before $block_mins
);
$sth = Db::getDbh()->prepare($sql);
//echo $sth->getSQL( $sql_param ).HTML_EOL; //exit;
$sth->execute( $sql_param );
if( $error = $sth->getError($sql_param) ){
var_dump($error);
}
$login_logs = $sth->fetchAll(PDO::FETCH_ASSOC);
$fail_count = 0;
foreach ($login_logs as $login_log) {
if ($login_log['is_success'] == 1 || $login_log['is_block'] == 1) {
break;
} else {
$fail_count++;
}
}
return $fail_count;
}
function die_if_login_block()
{
$block_mins = $this->block_mins;
$max_fail_count = $this->max_fail_count;
$sql = "SELECT
CASE
WHEN EXISTS(
SELECT * FROM sys_login_log
WHERE ip_address = :ip_address
AND create_on >= :create_on
AND is_block = 1
) THEN 1
ELSE 0
END AS is_block";
$sql_param = array(
':ip_address' => $_SERVER['REMOTE_ADDR'],
':create_on' => date('Y-m-d H:i:s', time() - ($block_mins * 60)),// before $block_mins
);
$sth = Db::getDbh()->prepare($sql);
//echo $sth->getSQL( $sql_param ).HTML_EOL; //exit;
$sth->execute( $sql_param );
if( $error = $sth->getError($sql_param) ){
var_dump($error);
}
$result = $sth->fetch(PDO::FETCH_ASSOC);
$is_block = $result['is_block'] == 1;
if ($is_block) {
die("You login failure more than $max_fail_count times, please try again after $block_mins mins.");
}
}
}
|