Jump to content

LockDate

Xtremer360

By Xtremer360
in PHP Coding Help

 Share

Recommended Posts

Xtremer360 Advanced Member

Xtremer360

Posted
Posted

I'm having issues with the lockDate if statement. For some reason its never doing the steps when it meets the condition of the if statement. And I know its still within 10 minutes of the lockDate.

 

<?php

session_start();

// Include the database page
require ('../inc/dbconfig.php');
require ('../inc/global_functions.php');

//Login submitted
if (isset($_POST['submit'])) { 

// Not already logged in
    if(!isset($_SESSION['user_data'])) { 
    
        // Errors defined as not being any
        $errors = false;
        
        // Assign variable values if there is values
        if((empty($_POST['username'])) || (trim($_POST['username'])=="") || ($_POST['username'] == NULL) || (!isset($_POST['username']))){$errors = true;}
        if((empty($_POST['password'])) || (trim($_POST['password'])=="") || ($_POST['password'] == NULL) || (!isset($_POST['password']))){$errors = true;}
        
        // Error checking, report errors if any
	if ($errors) {

            // Not all fields were entered error
            $message = "You must enter values for the username and password!";
        
            $output = array('errorsExist' => $errors, 'message' => $message);
            
	} else {
      
            // No errors reported 
            // Escape post data
            $username = mysqli_real_escape_string($dbc,$_POST['username']);
            
            // Query the database for user info with username
            $query = "SELECT * FROM manager_users WHERE username = '".$username."'";
            $result = mysqli_query($dbc,$query);
            
            // Count number of returned results from query
            if (mysqli_num_rows($result) > 0) {
                
                // Fetch returned data from result set
                $row = mysqli_fetch_array($result);
                
            	$statusID = $row['statusID'];
        		$userID = $row['userID'];
        		$firstName = $row['firstName'];
        		$lastName = $row['lastName'];
        		$passwordDB = $row['password'];
        		$passwordDB2 = $row['password2'];
                
                if ($statusID == 1) {
                    
                    // User was not verified error
                    $errors = true;
                    $message = "Sorry you must verify your email address before logging in. Didn't get the verification email? Don't worry we can <a href=\"javascript:void(0);\" id=\"resendVerification\">resend it</a>!";
                    
                    $output = array('errorsExist' => $errors, 'message' => $message);
                    
                } else if ($statusID == 3) {
                    
                    // User is suspended error
                    $errors = true;
                    $message = "Your account has been suspended. If you would like to contest this action <a href=\"javascript:void(0);\" id=\"contestSuspension\">click here</a>!";
                    
                    $output = array('errorsExist' => $errors, 'message' => $message);
                    
                } else if ($statusID == 4) {
                    
                    // User is pending deletion error
                    $errors = true;
                    $message = "Your account is currently deleted, would you like to reactivate it? <a href=\"javascript:void(0);\" id=\"undeleteAccount\">Yes, Reactivate</a>!";
                    
                    $output = array('errorsExist' => $errors, 'message' => $message);
                    
                } else {
                    
                    // User is registered and verified
                    
                    $query = "SELECT * FROM manager_users_hacking WHERE userID = '".$userID."'";
                    $result = mysqli_query($dbc,$query);
                    $row = mysqli_fetch_array($result);
                    
                    $lockDate = $row['lockDate'];
                    
                    // Find out if user is locked out of their account
                    if (($lockDate != "0000-00-00 00:00:00") && strtotime($lockDate) < time()) { 
                        
                        $currentDateTime = time();
                        $lockDate = strtotime($lockDate);
                        $diff = $currentDateTime - $lockDate;
                        
                        // Take minutes and perform tasks
                        if ($diff >= 600) {
                            
                            // Calculate time remaining
                            $timeRemaining = 10 - $minutes;
                        
                            // Account locked error
                            $errors = true;
                            $message = "Your account is currently locked, we appologize for the inconvienence. You must wait " .$timeRemaining." minutes before you can log in again!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);
                            
                        } else {
                            
                            // Clear the lock
                            $query = "UPDATE manager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
                            $result = mysqli_query($dbc,$query);
                            
                        } 
                        
                    } else {
                        
                        // Escape post data
                        $password = mysqli_real_escape_string($dbc,$_POST['password']);
                        
                        // Assign hashed password to variable
                        $regenFromPostPW = reGenPassHash($password, $passwordDB2);
                        
                        // Comparing the database password with the posted password
                        if ($passwordDB == $regenFromPostPW) {
                            
                            $query2 = "UPDATE manager_users_logins SET numberOfLogins = numberOfLogins + 1, lastOnline = CURRENT_TIMESTAMP WHERE userID = '".$userID."'";
                            $result2 = mysqli_query($dbc,$query2);
                            
                            // Assign user data into an array
                            $loggedinUserDataArray = array('userID' => $userID, 'name' => $firstName . " " . $lastName);
                            
                            // Assign user data array to new session
                            $_SESSION['user_data'] = $loggedinUserDataArray;
                            
                            // See if the remember me checkbox was checked
                            if (isset($_POST['remember'])) {
                                
                                // Sets an expiration time for the cookie
                                $myExpiration = time()+60*60*24*100;
                                
                                // Sets the cookie for the username
                                setcookie("username", $username, $myExiration, "/");
                                
                            }
                            
                            // Succesful login complete
                            $errors = false;
                            $message = "You have been logged in, please allow a moment while we load your account data!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);
                            
                        } else {
                            
                            // Login unsuccessful
                            $query = "UPDATE manager_users_hacking SET failedLogins = failedLogins + 1 WHERE userID = '".$userID."'";
                            $result = mysqli_query($dbc,$query);
                            
                            $query2 = "SELECT * FROM manager_users_hacking WHERE userID = '".$userID."'";
                            $result2 = mysqli_query($dbc,$query2);
                            $row = mysqli_fetch_array($result2);
                            $failedLogins = $row['failedLogins'];

                            // Take failed logins and compare it 
                            if ($failedLogins == 5) {
                                
                                // Retrieve IP Address of user trying to hack into account
                                $hackerIPAddress = $_SERVER['REMOTE_ADDR'];
                                
                                // Update database after account getting hacked and run query
                                $query = "UPDATE manager_users_hacking SET lockDate = CURRENT_TIMESTAMP, hackerIPAddress = '".$hackerIPAddress."' WHERE userID = '".$userID."'";
                                $result = mysqli_query($dbc,$query);
                                
                                $query2 = "SELECT * FROM manager_users WHERE userID = '".$userID."'";
                                $result2 = mysqli_query($dbc,$query2);
                                $row = mysqli_fetch_array($result2);
                                $firstName = $row['firstName'];
                                $lastName = $row['lastName'];
                                
                                // Email user new registration account
                                $sender_email = "noreply@kansasoutlawwrestling.com";
                                $reply_to = "noreply@kansasoutlawwrestling.com";
                                $recipient_email = $email; 
                                $email_subject = "KOW Manager Account Locked";
                        
                                $email_body = 'Hello '.$firstName.' '.$lastName.' You, or someone using your account at '.my_domain_name().', has attempted to hack into your account. If this is an error, ignore this email and you will be removed from our mailing list.<br /><br />Regards, '.my_domain_name().' Team';
                                
                                mailSomeone($email, $sender_email, $email_subject, $email_body);
                                
                                // Account locked error
                                $errors = true;
                                $message = "Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login's! You must wait 10 minutes before you can login again!";
                                
                                $output = array('errorsExist' => $errors, 'message' => $message);         
                            
                            } else {
                                
                                // Calculate how many chances the user has to login before account gets locked
                                $chancesLeft = 5 - $failedLogins;
                                
                                // Invalid username and password error 
                                $errors = true;
                                $message = "Invalid Username and Password combination! You have " .$chancesLeft." chances left to login succesfully or the account will be locked!";
                                
                                $output = array('errorsExist' => $errors, 'message' => $message); 
                                
                            }
                            
                        }
                
                    }
                    
                }

            } else {
               
               // User doesn't exist in database error
               $errors = true;
               $message = "Sorry we can't seem to find you in our system, please check your username and try again!";
               
               $output = array('errorsExist' => true, 'message' => $messasge); 
                
            }
           

        }
        
} else {

        // User alread logged in and reported session exists
        $errors = true;
        $message = "Already logged in!";
        
        $output = array('errorsExist' => true, 'message' => $message);
        
}
    
}

//Output the result
$output = json_encode($output);
echo $output;

?>

Link to comment
https://forums.phpfreaks.com/topic/240391-lockdate/
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

Firstly, when posting code, please post the relevant code. No one wants to search through lines and lines of code just to find the code you are talking about. Secondly, I assume the conditional you are having trouble with is the following

 

if (($lockDate != "0000-00-00 00:00:00") && strtotime($lockDate) < time()) {

 

Have you tried echoing $lockDate to see what it contains? Try echoing the actual value of $lockDate, and the value returned from the strtotime($lockDate) function call to make sure they have what you expect. then we can try debugging from there

Link to comment
https://forums.phpfreaks.com/topic/240391-lockdate/#findComment-1234770
Share on other sites
Xtremer360 Advanced Member

Xtremer360

Posted
  • Author
Posted

Okay so I noticed that I should have turned the sign the other direction in the if statement which is part of the problem the other is what would be the correct equation for finding out the variable timeRemaining.

 

 

 

$lockDate = $row['lockDate'];
                    
                    $currentDateTime = time();
                    
                    // Find out if user is locked out of their account
                    if (($lockDate != "0000-00-00 00:00:00") && strtotime($lockDate) < $currentDateTime) { 
                        
                        $lockDate = strtotime($lockDate);
                        $diff = $currentDateTime - $lockDate;
                        echo $diff;
                        
                        // Take minutes and perform tasks
                        if ($diff <= 600) {
                            
                            // Calculate time remaining
                            $timeRemaining = 10 - $diff;
                        
                            // Account locked error
                            $errors = true;
                            $message = "Your account is currently locked, we appologize for the inconvienence. You must wait " .$timeRemaining." minutes before you can log in again!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);
                            
                        } else {
                            
                            // Clear the lock
                          //  $query = "UPDATE manager_users_hacking SET lockDate = NULL, hackerIPAddress = NULL, failedLogins = 0 WHERE userID = '".$userID."'";
                            $result = mysqli_query($dbc,$query);
                            
                        } 
                        
                    }

Link to comment
https://forums.phpfreaks.com/topic/240391-lockdate/#findComment-1234784
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.