一个登录的功能
来源:互联网 发布:免费流量软件 移动 编辑:程序博客网 时间:2024/06/05 19:23
一个登录,不仅仅是判断用户名密码正确与否,为了防止被他人攻击,还要注意加强安全性,此处是我做的一个较完整的登录
需实现的地方:
1.用户名密码正确
2.三次错误后该用户被锁
3.三次错误后,此ip的所有用户都不能登录
4.登录成功将错误次数,时间改变
5.登录成功后,页面若停留15分钟未动,则登录失效
login的代码例子如下:
function login() { $username = $this->input->post('username'); $password = md5(md5($username.$this->input->post('password'))); $loginip=$_SERVER['REMOTE_ADDR'];//获取URL地址 if ($username == "") { $this->load->view('login'); } else {/* $sql="select * from user b,(select userid ,if(verify_time is null,0,verify_time) as time from user) t where b.username=? AND b.password=? AND (b.admin=? or b.admin =?) AND t.time!=-1 and t.userid=b.userid"; */ $sql="select * from user where b.username=? AND b.password=? AND (b.admin=? or b.admin =?) AND b.verify_time!=-1 "; $row = $this->db->query($sql,array($username,$password,1,2))->row(); $sql = "select * from userb where b.username=? AND (b.admin=? or b.admin =?) AND b.verify_time!=-1 ;"; $re2 = $this->db->query($sql,array($username,1,2))->row(); $sql = "select * from user b where b.username=? AND (b.admin=? or b.admin =?) AND b.verify_time=-1;"; $re5 = $this->db->query($sql,array($username,1,2))->row(); $sql="select * from t_login_conf "; $pz=$this->db->query($sql)->row(); $sql = "select * from user b where b.verify_time!=-1 and b.userid=?;"; $re1=$this->db->query($sql,array($re2->userid))->row(); $times=$re1->login_error; $rebegintime=$re1->verify_time; // $nowtime = date('Y-m-d H:i:s',time()); $nowtime = time(); // $jtime=floor(((strtotime($nowtime)-strtotime($re1->verify_time))%86400/60)/60); $jtime=floor((($nowtime - ($re1->verify_time))%86400/60)/60); if($jtime > 12){ $sql="update user set login_error=?,login_ip=null,verify_time=? where userid=?"; $this->db->query($sql,array(0,time(),$re2->userid)); }else{ if($times > $pz->login_error_count){ if($nowtime >$rebegintime){ $sql="update user set login_error=?,login_ip=null,verify_time=? where userid=?"; $this->db->query($sql,array(0,time(),$re2->userid)); } } } $sql = "select * from user b where b.verify_time!=-1 and b.userid=?;"; $re4=$this->db->query($sql,array($re2->userid))->row(); $times=$re4->login_error; $re3=$this->db->query("select login_ip from t_webuser")->result(); $judgementip=0; foreach($re3 as $rr){ if(!empty($rr->login_ip)){ if($loginip==$rr->login_ip){//当前ip只要与被锁ip中一个相同,那么所有的用户在当前ip上就都不能登录 $judgementip=1; } } } if($judgementip==0){//ip未被锁 if($times <= $pz->login_error_count){//错误次数 if ($row) { $expiretime=time()+($pz->sessionlivetime)*60; $this->session->set_userdata('expiretime',$expiretime); $this->session->set_userdata ( 'admin_userdata', array( "userid" => $row->userid, "username" => $row->username, "admin" => $row->admin, "expiretime" => $expiretime, "sessionlivetime"=>$pz->sessionlivetime, "login_lock_time" =>$pz->login_lock_time ) ); $admin=$row->admin; if($admin==1){ $sql="update user set login_error=?,verify_time=? where userid=?"; $this->db->query($sql,array(0,time(),$row->userid)); $data = array( "userid" => $row->userid, "time" => $_SERVER['REQUEST_TIME'], "log" => $row->username ."登录成功", ); $this->db->insert('t_webscan_log', $data); echo '{"title":"","message":"","url":"/yoda/systemwelcome","target":"refresh"}'; }else{ echo '{"title":"","message":"","url":"/yoda/index","target":"refresh"}'; } } else { if($times < $pz->login_error_count){ $times++; }else{ $times=$pz->login_error_count; } if($times >= ($pz->login_error_count)){ $rebegintime = time()+($pz->login_lock_time)*60; $sql="update user set login_error=?,verify_time=?,login_ip=? where userid=?"; $this->db->query($sql,array($times,$rebegintime,$loginip,$re2->userid)); }else{ $sql="update user set login_error=?,verify_time=? where userid=?"; $this->db->query($sql,array($times,time(),$re2->userid)); } $ll=$this->db->query("select login_error from user where userid=?",array($re2->userid))->row(); if(empty($re5)){ if(empty($re2)){ echo '{"title":"登录失败","message":"用户名或者密码错误!","url":""}'; }else{ $message="密码错误,还有 ".(($pz->login_error_count)-($ll->login_error)) ." 次机会!"; echo '{"title":"登录失败","message":"'.$message.'","url":""}'; } }else{ echo '{"title":"登录失败","message":"该用户被锁!","url":""}'; } }//if }else{ $message=$pz->login_error_count ." 次机会已用完,请 ".$pz->login_lock_time ." 分钟后再登录!"; // $rebegintime = date("Y-m-d H:i:s",strtotime($re1->verify_time)+($pz->login_lock_time)*60); echo '{"title":"登录失败","message":"'.$message.'","url":""}'; }//times }else{ $message="当前ip已被锁,请 ".$pz->login_lock_time ." 分钟后再登录!"; echo '{"title":"登录失败","message":"'.$message.'","url":""}'; }//judgementip } }
0 0
- 一个登录的功能
- 一个简单的登录认证功能
- 如何测试一个页面的登录功能
- 超详细asp.net实现一个完整的登录功能
- 如何做一个用户登录的功能(来自cs…
- jsp+javaBean+servlet+mysql完整的实现一个登录功能
- PHP + Mysql 登录功能防止SQL注入的一个办法
- 登录功能的实现
- JAVA实现一个登录窗体功能
- 练习:利用迭代器写一个注册登录功能
- 使用ionic2开发一个登录功能
- Delphi登录功能的源代码
- 用户限制登录的功能
- 用户的退出登录功能
- springmvc的简单登录功能
- 自动登录功能的实现
- 站点登录功能的实现
- 模拟用户登录的功能
- Gradle编译Volley的Jar包及问题解决
- Servlet 实例hello world
- jQuery-easyUI的使用:combobox实现联动选择及自动搜索
- Andorid读写全局配置文件的方法
- SurfaceView绘制音乐柱形图
- 一个登录的功能
- Leetcode129: Combination Sum II
- 机器学习(十四)SVM总结
- eclipse导入Android项目报错的解决方法
- iwpriv
- sqlite3自增key设定(创建自增字段)
- 解决nginx + lua 上传文件问题
- extern用法详解(转)
- 三、HBase(V0.94.27)安装(完全分布式)