/var/www/hkosl.com/kelvin/webadmin/function_login_block.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

<?php
header('X-UA-Compatible: IE=edge,chrome=1');
require_once 'function_db_operation.php';
function insert_login_log($user_name$is_success)
{
    $ip_address $_SERVER['REMOTE_ADDR'];
    $lb = new LoginBlock;
    $fail_count $lb->get_fail_count();
    if ($is_success === false) {
        $fail_count++;
    }
    $max_fail_count $lb->get_max_fail_count();
    $is_block $fail_count >= $max_fail_count;
    save(NULL'sys_login_log', array(
        'ip_address' => $ip_address,
        'user_name' => $user_name,
        'is_success' => $is_success === false '0' '1',
        'is_block' => $is_block '1' '0',
    ));
}

function die_if_login_block()
{
    $lb = new LoginBlock;
    $lb->die_if_login_block();
}

class LoginBlock
{
    private $block_mins 10;
    private $max_fail_count 5;
    
    function get_max_fail_count()
    {
        return $this->max_fail_count;
    }
    
    function get_fail_count()
    {
        $block_mins $this->block_mins;
        $max_fail_count $this->max_fail_count;

        $ip_address $_SERVER['REMOTE_ADDR'];
        $time time() - ($block_mins 60); // before $block_mins
        $after_datetime date('Y-m-d H:i:s'$time);

        $variables = array(
            'ip_address''after_datetime',
        );
        foreach ($variables as $variable)
        {
            $html_variable 'html_' $variable;
            $$html_variable htmlspecialchars($$variableENT_QUOTES);
            $mysql_variable 'mysql_' $variable;
            $$mysql_variable "'" mysql_real_escape_string($$html_variable) . "'";
        }

        $sql "SELECT *
            FROM sys_login_log
            WHERE ip_address = $mysql_ip_address AND create_on >= $mysql_after_datetime
            ORDER BY create_on DESC
            LIMIT $max_fail_count";
        $login_logs get_records($sql);
        $fail_count 0;
        foreach ($login_logs as $login_log) {
            if ($login_log['is_success'] == || $login_log['is_block'] == 1) {
                break;
            } else {
                $fail_count++;
            }
        }
        return $fail_count;
    }

    function die_if_login_block()
    {
        $block_mins $this->block_mins;
        $max_fail_count $this->max_fail_count;

        $ip_address $_SERVER['REMOTE_ADDR'];
        $time time() - ($block_mins 60); // before $block_mins
        $after_datetime date('Y-m-d H:i:s'$time);

        $variables = array(
            'ip_address''after_datetime',
        );
        foreach ($variables as $variable)
        {
            $html_variable 'html_' $variable;
            $$html_variable htmlspecialchars($$variableENT_QUOTES);
            $mysql_variable 'mysql_' $variable;
            $$mysql_variable "'" mysql_real_escape_string($$html_variable) . "'";
        }

        $sql "SELECT
            CASE
                WHEN EXISTS(
                    SELECT * FROM sys_login_log
                    WHERE ip_address = $mysql_ip_address AND create_on >= $mysql_after_datetime AND is_block = 1
                ) THEN 1
                ELSE 0
            END AS is_block";
        $result get_record($sql);
        $is_block $result['is_block'] == 1;

        if ($is_block) {
            die("You login failure more than $max_fail_count times, please try again after $block_mins mins.");
        }
    }
}