我需要帮助来限制用户的登录尝试。这是我的代码。
$login = login($username, $password);
if($login === false) {
if(isset($_COOKIE['login'])){
if($_COOKIE['login'] < 3){
$attempts = $_COOKIE['login'] + 1;
setcookie('login', $attempts, time()+60*10); //set the cookie for 10 minutes with the number of attempts stored
$errors[] = 'That username/password combination is incorrect!';
} else{
echo 'You are banned for 10 minutes. Try again later';
}
} else {
setcookie('login', 1, time()+60*10); //set the cookie for 10 minutes with the initial value of 1
}
} else {
$_SESSION['user_id'] = $login;
header('Location: ../../home.php');
exit();
}
它看起来很适合我,但它就是行不通。即使在尝试 3 次登录后,用户仍然可以访问他/她的帐户。