Xtremer360 Posted June 23, 2011 Author Share Posted June 23, 2011 Any ideas? Quote Link to comment Share on other sites More sharing options...
btherl Posted June 24, 2011 Share Posted June 24, 2011 Try printing out the variables before you check them in an "if" condition. Eg print out the value of $failedLogins before you check if it's equal to 5. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 24, 2011 Author Share Posted June 24, 2011 Okay so I did and the first time for the unsuccessful attempt is 0 so I'm thinking instead of doing + 1 or something but I thinking its just how I have stuff in places. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 24, 2011 Author Share Posted June 24, 2011 Any ideas? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted June 24, 2011 Share Posted June 24, 2011 Post the current revision of the code. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 24, 2011 Author Share Posted June 24, 2011 <?php session_start(); // Include the database page require ('../inc/dbconfig.php'); require ('../inc/global_functions.php'); //Login submitted if (isset($_POST['submit'])) { // Not already logged in if(!isset($_SESSION['user_data'])) { // Errors defined as not being any $errors = false; // Assign variable values if there is values if((empty($_POST['username'])) || (trim($_POST['username'])=="") || ($_POST['username'] == NULL) || (!isset($_POST['username']))){$errors = true;} if((empty($_POST['password'])) || (trim($_POST['password'])=="") || ($_POST['password'] == NULL) || (!isset($_POST['password']))){$errors = true;} // Error checking, report errors if any if ($errors) { // Not all fields were entered error $message = "You must enter values for the username and password!"; $output = array('errorsExist' => $errors, 'message' => $message); } else { // No errors reported // Escape post data $username = mysqli_real_escape_string($dbc,$_POST['username']); // Query the database for user info with username $query = "SELECT * FROM manager_users WHERE username = '".$username."'"; $result = mysqli_query($dbc,$query); // Count number of returned results from query if (mysqli_num_rows($result) > 0) { // Fetch returned data from result set $row = mysqli_fetch_array($result); $statusID = $row['statusID']; $userID = $row['userID']; $firstName = $row['firstName']; $lastName = $row['lastName']; $passwordDB = $row['password']; $passwordDB2 = $row['password2']; if ($statusID == 1) { // User was not verified error $errors = true; $message = "Sorry you must verify your email address before logging in. Didn't get the verification email? Don't worry we can <a href=\"javascript:void(0);\" id=\"resendVerification\">resend it</a>!"; $output = array('errorsExist' => $errors, 'message' => $message); } else if ($statusID == 3) { // User is suspended error $errors = true; $message = "Your account has been suspended. If you would like to contest this action <a href=\"javascript:void(0);\" id=\"contestSuspension\">click here</a>!"; $output = array('errorsExist' => $errors, 'message' => $message); } else if ($statusID == 4) { // User is pending deletion error $errors = true; $message = "Your account is currently deleted, would you like to reactivate it? <a href=\"javascript:void(0);\" id=\"undeleteAccount\">Yes, Reactivate</a>!"; $output = array('errorsExist' => $errors, 'message' => $message); } else { // User is registered and verified $query = "SELECT * FROM manager_users_hacking WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); $row = mysqli_fetch_array($result); $lockDate = $row['lockDate']; // Find out if user is locked out of their account if (($lockDate !== "0000-00-00 00:00:00") AND (strtotime($lockDate) <= time())) { $currentDateTime = time(); $minutes = floor(($currentDateTime-$lockDate) / 60); // Take minutes and perform tasks if ($lockDate > 0 && $minutes < 10) { // Calculate time remaining $timeRemaining = 10 - $minutes; // Account locked error $errors = true; $message = "Your account is currently locked, we appologize for the inconvienence. You must wait '" .$timeRemaining."' minutes before you can log in again!"; $output = array('errorsExist' => $errors, 'message' => $message); } else { // Clear the lock $query = "UPDATE manager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); } } else { // Escape post data $password = mysqli_real_escape_string($dbc,$_POST['password']); // Assign hashed password to variable $regenFromPostPW = reGenPassHash($password, $passwordDB2); // Comparing the database password with the posted password if ($passwordDB == $regenFromPostPW) { $query2 = "UPDATE manager_users_logins SET numberOfLogins = numberOfLogins + 1, lastOnline = CURRENT_TIMESTAMP WHERE userID = '".$userID."'"; $result2 = mysqli_query($dbc,$query2); // Assign user data into an array $loggedinUserDataArray = array('userID' => $userID, 'name' => $firstName . " " . $lastName); // Assign user data array to new session $_SESSION['user_data'] = $loggedinUserDataArray; // See if the remember me checkbox was checked if (isset($_POST['remember'])) { // Sets an expiration time for the cookie $myExpiration = time()+60*60*24*100; // Sets the cookie for the username setcookie("username", $username, $myExiration, "/"); } // Succesful login complete $errors = false; $message = "You have been logged in, please allow a moment while we load your account data!"; $output = array('errorsExist' => $errors, 'message' => $message); } else { // Login unsuccessful $query = "SELECT * FROM manager_users_hacking WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); $row = mysqli_fetch_array($result); $failedLogins = $row['failedLogins']; // Calculate how many chances the user has to login before account gets locked $chancesLeft = 4 - $failedLogins; echo $failedLogins; // Take failed logins and compare it if ($failedLogins == 5) { // Retrieve IP Address of user trying to hack into account $hackerIPAddress = $_SERVER['REMOTE_ADDR']; // Update database after account getting hacked and run query $query = "UPDATE manager_users_hacking SET lockDate = CURRENT_TIMESTAMP, hackerIPAddress = '".$hackerIPAddress."' WHERE userID = '".$userID."'"; $result = mysqli_query($dbc,$query); $query2 = "SELECT * FROM manager_users WHERE userID = '".$userID."'"; $result2 = mysqli_query($dbc,$query2); $row = mysqli_fetch_array($result2); $firstName = $row['firstName']; $lastName = $row['lastName']; // Email user new registration account $sender_email = "noreply@kansasoutlawwrestling.com"; $reply_to = "noreply@kansasoutlawwrestling.com"; $recipient_email = $email; $email_subject = "KOW Manager Account Locked"; $email_body = 'Hello '.$firstName.' '.$lastName.' You, or someone using your account at '.my_domain_name().', has attempted to hack into your account. If this is an error, ignore this email and you will be removed from our mailing list.<br /><br />Regards, '.my_domain_name().' Team'; mailSomeone($email, $sender_email, $email_subject, $email_body); // Account locked error $errors = true; $message = "Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login's! You must wait 10 minutes before you can login again!"; $output = array('errorsExist' => $errors, 'message' => $message); } else { $query3 = "UPDATE manager_users_hacking SET failedLogins = failedLogins + 1 WHERE userID = '".$userID."'"; $result3 = mysqli_query($dbc,$query3); // Invalid username and password error $errors = true; $message = "Invalid Username and Password combination! You have '" .$chancesLeft."' chances left to login succesfully or the account will be locked!"; $output = array('errorsExist' => $errors, 'message' => $message); } } } } } else { // User doesn't exist in database error $errors = true; $message = "Sorry we can't seem to find you in our system, please check your username and try again!"; $output = array('errorsExist' => true, 'message' => $messasge); } } } else { // User alread logged in and reported session exists $errors = true; $message = "Already logged in!"; $output = array('errorsExist' => true, 'message' => $message); } } //Output the result $output = json_encode($output); echo $output; ?> Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted June 25, 2011 Author Share Posted June 25, 2011 This is the very last part of my user system so I'm trying to get this corrected soon. Does that updated code help anyone see the issue? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.