问题就在帐户锁定后,然后在下一次尝试失败时清除锁定,换句话说,上面的两个变量不正确,或者如果条件不正确,因为它应该等待10分钟,然后用户尝试并在10分钟后成功登录,然后解锁帐户意思是清除
// Find out if user is locked out of their account
if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) < time())) {
$currentDateTime = time();
$minutes = floor(($currentDateTime-$lockDate) / 60);
// Take minutes and perform tasks
if ($lockDate > 0 && $minutes < 10) {
// Calculate time remaining
$timeRemaining = 10 - $minutes;
// Account locked error
$errors = true;
$message = "Your account is currently locked, we appologize for the inconvienence. You must wait '" .$timeRemaining."' minutes before you can log in again!";
$output = array('errorsExist' => $errors, 'message' => $message);
} else {
// Clear the lock
$query = "UPDATE manager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
}
}
最好在检索用户记录时在数据库中进行日期/时间比较。
$sql = <<<EOL
SELECT userID, UNIX_TIMESTAMP(lockDate) as lockDatetimestamp
FROM manage_users
WHERE (userID = $userID) and
(lockDate IS NOT NULL) and
(lockoutDate <= DATE_SUB(now(), INTERVAL 10 MINUTE));
EOL;
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$row mysql_fetch_assoc($result);
$locktime = date('...some date format ...', $row['lockDatetimestamp'])
die("Your account is locked and reopens $locktime");
}
... if you get here, the account's not locked ...
我认为您的代码没有任何错误。只要字段lockDate
和hackerIPAddress
可以为null,并且userID
是一个字符串,那么查询就可以工作。