0

每次我尝试提交我的登录表单时,都需要 25 秒才能提交,但我仍然没有停止它。我想知道我是否在某处遗漏了什么。我想知道它是否像某些返回某处或某事。有任何想法吗?

不压扁

public function form_is_valid()
{
    /* Set validation rules for post data */
    $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('remember', 'Remember Me', 'trim|xss_clean|integer');

    /* Form validation passed */
    return $this->form_validation->run();
}

public function is_user_locked($user_data)
{
    if ($user_data->lock_date !== '0000-00-00 00:00:00')
    {
        /* User is locked out */

        if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
        {
            /* User is still locked out */
            return TRUE;
        }
        else
        {
            /* User is no longer locked out */
            return FALSE;
        }

    }
}

public function check_user_status($user_data)
{
    /* Match user status */
    switch ($user_data->user_status_id) 
    {
        case 1:
            $this->output('Sorry you must verify your account before logging in!', 'Account Unverified', 'Error');
            break;
        case 3:
            $this->output('Your account has been suspended!', 'Account Suspended', 'Error');
            break;
        case 4:
            $this->output('Your account has been suspended!', 'Account Banned', 'Error');
            break;
        case 5:
            $this->output('Your account has been deleted!', 'Account Deleted', 'Error');
            break;
        default:
            return;
    }
}

public function output($message, $title, $status = 'Success') 
{
    switch ($status)
    {
        case 'Error':
            array('status' => 'Error');
            break;
        case 'Notice':
            array('status' => 'Notice');
            break;
        case 'Success':
            array('status' => 'Success');
            break;
    }
    echo json_encode($status, $title, $message);
}

public function start_user_session()
{
    /* Start session with user id and clear previous failed login attempts */
    $this->session->set_userdata('uid', $user_data->user_id);
    $this->session->unset_userdata('failed_logins');
    $this->users_model->insert_session($user_data->user_id, gmdate('Y-m-d H:i:s', time()));
    return;
}

public function submit($post_username = NULL, $post_password = NULL) 
{   
    if (!$this->form_is_valid())
    {   
        echo 'test';
        die();
        $this->output('The form did not validate successfully!', 'Form Not Validated', 'Error');
    }   

    /* Post values from login form */
    $post_username = $this->input->post('username');
    $post_password = $this->input->post('password');

    /* Test to see value of posted login form */
    //echo '<pre>';
    //var_dump($post_username);
    //var_dump($post_password);
    //echo '</pre>';
    //die();

    /* Get user data from post username value */
    $user_data = $this->users_model->get_by('username', $post_username);

    /* Test to see value of $user_data */
    //echo '<pre>';
    //var_dump($user_data);
    //echo '</pre>';
    //die();

    if (count($user_data) == 0)
    {
        /* User was not found in database */
        $this->output('The user was not found in the database!', 'User Not Found', 'Error');
    }

    /* User was found in database */

    if ($this->is_user_locked($user_data->lock_date))
    {
        /* User is locked from logging in from too many failed attempts */
        $this->output('This user account is currently locked!', 'Account Locked', 'Error');    
    }
    else
    {
         /* User can be unlocked and form be resubmitted */
         $this->users_model->unlock_user($user_data->user_id);
         $this->submit($post_username, $post_password);
         return FALSE;
    }

    /* User is unlocked from logging in */

    if ($user_data->user_status_id != 2)
    {
        /* User has a status that is not allowed to proceed */
        $this->user_status_message($user_data->user_status_id);
    }                   

    /* User is registered and validated */                      

    $regenerated_post_password = $this->genfunc->reGenPassHash($post_password, $user_data->password_hash);

    $failed_logins = $this->session->userdata('failed_logins');

    if ($regenerated_post_password !== $user_data->password)
    {
        /* Password from login from does not match user stored password */

        if ($failed_logins == 0)
        {
            /* First time user has not entered username and password successfully */
            $this->session->set_userdata('failed_logins', 1);
            $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
            $this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
        }

        /* User has atleast one failed login attempt for the current session */

        if ($failed_logins !== 4)
        {      
            /* User has a few more chances to get password right */
            $failed_logins++;
            $this->session->set_userdata('failed_logins', $failed_logins);
            $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
            $this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
        }

        $this->users_model->lock_out_user($user_data->user_id, gmdate('Y-m-d H:i:s', time()+(60*15)));
        //$this->functions_model->send_email('maximum_failed_login_attempts_exceeded', $user_data->email_address, $user_data)
        $this->output('Your account is currently locked, we apologize for the inconvienence. You must wait 15 minutes before you can log in again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>', 'Account Locked', 'Error');            

    } 

    /* Password from login form matches user stored password and user may login */

    $this->output('Successful login! Sending you to the dashboard!', 'Login Sucessful', 'Success');
}

更新:这是完全有效的原始提交功能,但是我发布帖子的原因是因为我在尝试将其展平时遇到了问题。

扁平化

public function submit($post_username = NULL, $post_password = NULL)
{
    /* Set variable defaults */
    $output_status = 'Notice';
    $output_title = 'Not Processed';
    $output_message = 'The request was unprocessed!';

    /* Number of error flags */
    $flags = 0;

    /* Set validation rules for post data */
    $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('remember', 'Remember Me', 'trim|xss_clean|integer');

    if ($this->form_validation->run() == TRUE)
    {
        /* Form validation passed */

        /* Post values from login form */
        $post_username = $this->input->post('username');
        $post_password = $this->input->post('password');

        /* Test to see value of posted login form */
        //echo '<pre>';
        //var_dump($post_username);
        //var_dump($post_password);
        //echo '</pre>';
        //die();

        /* Get user data from post username value */
        $user_data = $this->users_model->get_by('username', $post_username);

        /* Test to see value of $user_data */
        //echo '<pre>';
        //var_dump($user_data);
        //echo '</pre>';
        //die();

        if (count($user_data) > 0)
        {
            /* User was found in database */

            if ($user_data->lock_date !== '0000-00-00 00:00:00')
            {
                /* User is locked out */

                if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
                {
                    /* User is still locked out */
                    $output_status = 'Error';
                    $output_title = 'Account Locked';
                    $output_message = 'This user account is currently locked!';
                    $flags++;
                }
                else
                {
                    /* User can be unlocked and form be resubmitted */
                    $this->users_model->unlock_user($user_data->user_id);
                    $this->submit($post_username, $post_password);
                    return FALSE;
                }

            }

            if ($flags == 0)
            {
                /* User is not locked out and no error messages reported */

                /* Match user status */
                switch ($user_data->user_status_id) 
                {
                    case 1:
                        $output_status = 'Error';
                        $output_title = 'Account Unverified';
                        $output_message = 'Sorry you must verify your account before logging in!';
                        $flags++;
                        break;
                    case 3:
                        $output_status = 'Error';
                        $output_title = 'Account Suspended';
                        $output_message = 'Your account has been suspended!';
                        $flags++;
                        break;
                    case 4:
                        $output_status = 'Error';
                        $output_title = 'Account Banned';
                        $output_message = 'Your account has been banned!';
                        $flags++;
                        break;
                    case 5:
                        $output_status = 'Error';
                        $output_title = 'Account Deleted';
                        $output_message = 'Your account has been deleted!';
                        $flags++;
                        break;
                }

                if ($flags == 0)
                {
                    /* User is registered and validated and no error messages reported */                   
                    $regenerated_post_password = $this->genfunc->reGenPassHash($post_password, $user_data->password_hash);

                    $failed_logins = $this->session->userdata('failed_logins');

                    if ($regenerated_post_password == $user_data->password)
                    {
                        /* Password from login form matches user stored password */

                        /* Start session with user id and clear previous failed login attempts */
                        $this->session->set_userdata('uid', $user_data->user_id);
                        $this->session->unset_userdata('failed_logins');
                        $this->users_model->insert_session($user_data->user_id, gmdate('Y-m-d H:i:s', time()));
                        $output_status = 'Success';
                        $output_title = 'Login Success';
                        $output_message = 'Successful login! Sending you to the dashboard';
                    }
                    else
                    {
                        /* Password from login from does not match user stored password */
                        if ($failed_logins > 0)
                        {
                            /* User has atleast one failed login attempt for the current session */
                            if ($failed_logins == 4)
                            {      
                                $this->users_model->lock_out_user($user_data->user_id, gmdate('Y-m-d H:i:s', time()+(60*15)));
                                //$this->functions_model->send_email('maximum_failed_login_attempts_exceeded', $user_data->email_address, $user_data)
                                $output_status = 'Error';
                                $output_title = 'Account Locked';
                                $output_message = 'Your account is currently locked, we apologize for the inconvienence. You must wait 15 minutes before you can log in again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>';
                            }
                            else
                            {
                                /* User has a few more chances to get password right */
                                $failed_logins++;
                                $this->session->set_userdata('failed_logins', $failed_logins);
                                $output_status = 'Error';
                                $output_title = 'Incorrect Login Credentials';
                                $output_message = 'Incorrect username and password credentials!';
                            }
                        }
                        else
                        {
                            /* First time user has not entered username and password successfully */
                            $this->session->set_userdata('failed_logins', 1);
                            $output_status = 'Error';
                            $output_title = 'Incorrect Login Credentials';
                            $output_message = 'Incorrect username and password credentials!';
                        }

                        $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
                    }
                }
            }
        }
        else
        {
            /* User was not found in database */
            $output_status = 'Error';
            $output_title = 'User Not Found';
            $output_message = 'The user was not found in the database!';
        }
    }
    else
    {

        /* Form validation failed */
        $output_status = 'Error';
        $output_title = 'Form Not Validated';
        $output_message = 'The form did not validate successfully!';
    }

    $output_array = array('output_status' => $output_status, 'output_title' => $output_title, 'output_message' => $output_message);

    echo json_encode($output_array);
}
4

1 回答 1

1

首先,您没有加载form_validation库。我猜你是自动加载的。代码调试起来非常混乱。如果您在 4 次尝试中提供正确的用户名和密码,您应该会得到正确的结果。我不了解您的数据库,所以我希望您的模型没有做错任何事情。在您的is_userdata_locked功能中,您没有提到如果日期是'0000-00-00 00:00:00

public function is_user_locked($user_data)
{
if ($user_data->lock_date !== '0000-00-00 00:00:00')
{
    /* User is locked out */

    if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
    {
        /* User is still locked out */
        return TRUE;
    }
    else
    {
        /* User is no longer locked out */
        return FALSE;
    }
    return true; /*maybe false, considering your logic*/

}
}

你说你没有看到任何输出。在output function您使用json_encode,但给出 3 个参数。它不需要 3 个参数。你应该把它做成一个数组。我看不出有任何理由在switch那里使用。

public function output($message, $title, $status = 'Success') 
{
        $stat = array('status' => $status,
                'message' => $message,
                'title' => $title
            );

    echo json_encode($stat);
}

在您的submit function, when user is not found, you are still going to next segment for checkingis_user_locked()` 中。如果找不到用户,您应该重新填充表单。我添加了一个 die()-

if (count($user_data) == 0)
{
    /* User was not found in database */
    $this->output('The user was not found in the database!', 'User Not Found', 'Error');
    die(); /*Add die to stop executing the rest of the code.*/
}

接下来是您submit function在解锁后调用用户的块。form_validation 仅适用于发布数据,因此当您使用参数调用函数时,它不会获取发布数据。表单验证将始终运行为假,您将陷入无限循环。这是你的主要问题。我不明白你为什么必须重新提交。您解锁用户,然后验证用户。

if ($this->is_user_locked($user_data->lock_date))
{
    /* User is locked from logging in from too many failed attempts */
    $this->output('This user account is currently locked!', 'Account Locked', 'Error');
    die(); /*No need to execute rest of the script as user is locked*/
}
else
{
     /* User can be unlocked and form be resubmitted */
     $this->users_model->unlock_user($user_data->user_id);
}

我会说,您的if else代码块非常混乱。我建议重新考虑你的逻辑。您可能会因所有这些if else情况而迷失方向。如果是这种情况,您可以尝试一个简单的流程图。它会帮助你缓解你的问题。

最后一件事,检查您的错误报告是否打开。你至少应该得到 json_encode 错误。

更新:

这是一个应该可以帮助您的psudo提交功能

function submit(){
        if (invalid form){ /*form_is_valid function*/
             output invalid_form_error;
             return;
        }

        if( user not exist ){
             output invalid_user_error;
             return;
        }

        if( inappropriate user_status){ /*check_user_status() function*/
             output user_status_error;
             return;

        }

        if(is_user_locked){ /*is_user_locked() function. My opinion if lock time is over, unlock user here*/
             output user_is_locked_error;
             return;
        }

        if( password not match){
            set/increase session variable failed attempt;
            if failed attempt is more than 4 lock user
            output incorrect_password_error/lock_login_error;
            return
        }

        set session variables; /* start_user_session() function */
        output success_message;
        return;
    }

由于这是基于 ajax 的应用程序,因此您必须小心从提交函数中适当地返回适当的消息。这样您就不需要任何其他条件,这将使您的生活更轻松。你所有的功能似乎都很好,但你必须清除你的逻辑。

于 2013-05-27T06:37:40.153 回答