0

好的,所以我的问题是:当用户有 3 次失败的登录尝试时,他/她应该根据 IP 地址被锁定在他的帐户之外一个小时。IP 地址与字段“attempts”和“time”一起存储在表“login_attempts”中。这是我的代码来拉时间,然后我添加了一个小时,因为那是用户可以尝试再次登录的时间:

$user_time = new DateTime('20:04:18');    // example time pulled from the db
$add = new DateInterval('PT1H');          // +1 hour
$user->add($add);                         // should now be 21:04:18

好的,现在这里是当前时间的代码。再说一次,我要补个时间。这将不到一个小时,因此用户仍应被锁定:

$now = new DateTime('20:43:22');
if ($now->format('g:i a') < $user_time->format('g:i a')) {
         $diff = $user_time->diff($now);
         echo 'You still have ' . $diff->format('%i minutes') . ' until you can try again.';
}
 else {
        // reset login attempts, process login

由于某种原因,这不能正常工作。我究竟做错了什么?

4

2 回答 2

0

我认为您比较日期是问题所在。尝试使用 getTimestamp() 而不是 format():

$now = new DateTime('20:43:22');
if ($now->getTimestamp() < $user_time->getTimestamp()) {
         $diff = $user_time->diff($now);
         echo 'You still have ' . $diff->format('%i minutes') . ' until you can try again.';
}
 else {
        // reset login attempts, process login
于 2013-02-24T19:25:06.733 回答
0

You better have a time field in your database table with int datatype and store the output of time() function for every login attempt. after the nth time unsuccessful attempts the user gets locked and initialize lockout. to check if the lockout time is over, simply compare the output of current time() function with the one stored after the third unsuccessful attempt.

$lockout = 3600;//if one hour
$query_result_for_last_attempt = "some query";
if((time()-$query_result_for_last_attempt) > $lockout){
header(site.php);
}else{
echo "you still need to wait";
}

of course there are beter fantacies you could do with the code!

于 2013-02-21T04:10:39.240 回答