Xtremer360 Posted June 11, 2011 Share Posted June 11, 2011 I'm trying to figure out what is wrong with my else statement because I am purposely putting in the wrong password for testing of my if-else statements and its not giving me the wrong error message. It should be saying the chances left message but instead its saying the "Invalid Username and Password combination!" else { $numberOfAttempts = $_SESSION['numberOfAttempts']+1; if ($numberOfAttempts < 5) { $chancesLeft = 5 - $numberOfAttempts; $output = array('errorsExist' => true, 'message' => 'You have' .$chancesLeft.' to login succesfully or the account will be locked!'); } else { $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s!'); } $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination!'); } Quote Link to comment Share on other sites More sharing options...
fugix Posted June 11, 2011 Share Posted June 11, 2011 1. do you have session_start() at the top of your page 2. Have you tried to echo your session to confirm that the correct value is being stored. 3. I would set up my code as so else { $numberOfAttempts = $_SESSION['numberOfAttempts']+1; if ($numberOfAttempts < 5) { $chancesLeft = 5 - $numberOfAttempts; $output = array('errorsExist' => true, 'message' => 'You have' .$chancesLeft.' to login succesfully or the account will be locked!'); } else if($numberOfAttempts >= 5) { $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s!'); } else { $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination!'); } } Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 11, 2011 Author Share Posted June 11, 2011 I was stupid. After thinking about it I should have joined that last output message into the first one. Quote Link to comment Share on other sites More sharing options...
fugix Posted June 11, 2011 Share Posted June 11, 2011 I was stupid. After thinking about it I should have joined that last output message into the first one. true it would make much more sense to have it say invalid username or password, then give the number of attempts left Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 11, 2011 Author Share Posted June 11, 2011 Odd thing is with that else statement as after each time it only stays at 4 it doesn't decrease another one if there is ANOTHER unsuccesful login. Quote Link to comment Share on other sites More sharing options...
fugix Posted June 11, 2011 Share Posted June 11, 2011 because after your script is finished executing, your $_SESSION['numberofattempts'] value remains the same value, which I am assuming is 0, because you have not changed the value of the session, you simply stored it into a variable and added 1 it externally. insed of you else statement you will need to redefine the value of you session, e.g $_SESSION['numberOfAttempts'] = $_SESSION['numberOfAttempts']+1 Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 11, 2011 Author Share Posted June 11, 2011 I'm a little confused are you saying this: else { $_SESSION['numberOfAttempts'] = $_SESSION['numberOfAttempts']+1; $numberOfAttempts = $_SESSION['numberOfAttempts']+1; if ($numberOfAttempts < 5) { $chancesLeft = 5 - $numberOfAttempts; $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' to login succesfully or the account will be locked!'); } else { $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s!'); } } Quote Link to comment Share on other sites More sharing options...
fugix Posted June 11, 2011 Share Posted June 11, 2011 almost. else { $_SESSION['numberOfAttempts'] = $_SESSION['numberOfAttempts']+1; $numberOfAttempts = $_SESSION['numberOfAttempts']; //you already added one here if ($numberOfAttempts < 5) { $chancesLeft = 5 - $numberOfAttempts; $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' to login succesfully or the account will be locked!'); } else { $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s!'); } } Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 11, 2011 Author Share Posted June 11, 2011 Thank you. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 11, 2011 Author Share Posted June 11, 2011 I have one more thing to add onto that though. I'm trying to figure out some logic here if the user gets an account locked then should I keep updating the lockDate column each time and put in a new row into the hacking table of each time an account has gone pasted the 4 chances or how should I approach this? Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 11, 2011 Author Share Posted June 11, 2011 Forgot to update my code. else { $_SESSION['numberOfAttempts'] = $_SESSION['numberOfAttempts']+1; $numberOfAttempts = $_SESSION['numberOfAttempts']; if ($numberOfAttempts < 5) { $chancesLeft = 5 - $numberOfAttempts; $output = array('errorsExist' => true, 'message' => 'Invalid Username and Password combination! You have ' .$chancesLeft.' to login succesfully or the account will be locked!'); } else { $lockDate = date('Y-m-d H:i:s', time()); $hackerIPAddress = $_SERVER['REMOTE_ADDR']; $userID = $row['userID']; $query = "UPDATE manager_users SET lockDate = '".$lockDate."' WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); $query2 = "INSERT INTO manager_users_hacking (hackerIPAddress, userID, lockDate) VALUES ('".$hackerIPAddress."','".$userID."', '".$lockDate."')"; $result2 = mysqli_query($dbc,$query2); $output = array('errorsExist' => true, 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s!'); } } Quote Link to comment Share on other sites More sharing options...
fugix Posted June 11, 2011 Share Posted June 11, 2011 I have one more thing to add onto that though. I'm trying to figure out some logic here if the user gets an account locked then should I keep updating the lockDate column each time and put in a new row into the hacking table of each time an account has gone pasted the 4 chances or how should I approach this? this is really up to you, however, if you are storing the date that a user becomes locked from their account, i would not continually update the date if they try to gain access again. I would simply make the user aware of the time that they can gain access into their account again. I also would not keep track of the amount of times that the user has gone over 4 times. You want to make your site as user friendly as possibly. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 12, 2011 Author Share Posted June 12, 2011 With my current code that I have above how wold I only have it update that field on the fifth unsuccessful post. Quote Link to comment Share on other sites More sharing options...
fugix Posted June 12, 2011 Share Posted June 12, 2011 you could use an if statement to check for the value of you session if($_SESSION['numberOfAttempts'] == 4) { //update query } Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 12, 2011 Author Share Posted June 12, 2011 Dang I can't edit my post anyway what I want to do is: NEW CODE: http://pastebin.com/vFZwmJuc I'm trying to figure out what I need to do so that it can see if after the account gets locked if its at that 10 minute mark passed the lockDate if there is a lockDate other than the 0000-00-00 00:00:00 and then if is then turn the lockDate back to 0000-00-00 and resets the numberOfLogins. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 12, 2011 Author Share Posted June 12, 2011 Just wanted to inform everyone that I thought I'd declare a new variable of what the current dateTime is and compare it against the lockDate to see if there is a 10 minute difference and then if it is then Update the lockDate and update the numberOfAttempts variable. I can't find a function that can compare two timedates. Anyone have one? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.