Not clearing locked out user

[Xtremer360]

For some reason if the user has the user has 5 failed attempts at logging in and then they have to wait 10 minutes to try again well if they are able to login successfully its supposed to clear the locked out user and for some reason its not. Anyone see why it isn't?

 

 

<?php
// User is registered and verified
                    $query = "SELECT * FROM users_logins_attempts WHERE users_id = '".$users_id."'";
                    $result = mysqli_query($dbc,$query);
                    $row = mysqli_fetch_array($result);
                    
                    $lock_date = $row['lock_date'];

                    // Find out if user is locked out of their account
                    if (($lock_date != "0000-00-00 00:00:00") && strtotime($lock_date) >= time()) {
                        $locked = "yes";

                            // Account locked error
                            $errors = true;
                            $message = "Account is locked! Please try again later!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);
                            
				} else {
                            $locked = "no";
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query);
                            
                            // Account locked error
                            $errors = true;
                            $message = "Account is unlocked. You may now try to log in again!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);

				}
                            
                    if($locked == "yes"){
					/*hack around messy nested if statments*/    
                    } else {
                        
                        if ($lock_date != "0000-00-00 00:00:00") {
                            $locked = "yes";
    
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query);   
                                
    					} 
?>

[premiso]

I am not sure why you have that "hack" in there, it does not do anything new that your prior if statements did already.

 

<?php
				$query = "SELECT lock_date FROM users_logins_attempts WHERE users_id = '".$users_id."'";
                    $result = mysqli_query($dbc,$query)
                    $row = mysqli_fetch_array($result);
                    
                    $lock_date = $row['lock_date'];

                    // Find out if user is locked out of their account
                    /* I believe the 0000 etc will be caught by the empty, but if you are nulling it, it may just be null, and that could be your issue */
                    if (!empty($lock_date) && strtotime($lock_date) >= time()) {
                        $locked = true;/* User true / false makes it easier to work with */

                            // Account locked error
                            $errors = true; 
                            $message = "Account is locked! Please try again later!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);
                            
				} else {
                            $locked = false; /* User true / false makes it easier to work with */
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query) or trigger_error('Unable to unlock user, query failed: ' . mysqli_error($dbc));
                            
                            // Account locked error
                            $errors = true;
                            $message = "Account is unlocked. You may now try to log in again!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);

				}
                          
                          /* Why is this needed? The above two statements should take care of this.  
                    if(!$locked){
                        if ($lock_date != "0000-00-00 00:00:00") {
                            $locked = false;
    
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query);   
                                
    					} 
				}*/
?>

 

So I removed that, changed the $locked from being "yes"/"no" to true/false, easier to work with boolean values imo. Added an error trigger to the update query, which would make sure that is being checked. I added the empty check, I am not sure if this works properly with a 0'ed date, but that could be your problem if the field is nullable is that it is null'ed out and not just 0000's so that would alleviate that problem.

 

Let me know if it works or not.

[Xtremer360]

I'll probably do that BUT the problem sadly was the fact that I called my field in the query lockDate when in the db its called lock_date.