Jump to content

Recommended Posts

For some reason if the user has the user has 5 failed attempts at logging in and then they have to wait 10 minutes to try again well if they are able to login successfully its supposed to clear the locked out user and for some reason its not. Anyone see why it isn't?

 

 

<?php
// User is registered and verified
                    $query = "SELECT * FROM users_logins_attempts WHERE users_id = '".$users_id."'";
                    $result = mysqli_query($dbc,$query);
                    $row = mysqli_fetch_array($result);
                    
                    $lock_date = $row['lock_date'];

                    // Find out if user is locked out of their account
                    if (($lock_date != "0000-00-00 00:00:00") && strtotime($lock_date) >= time()) {
                        $locked = "yes";

                            // Account locked error
                            $errors = true;
                            $message = "Account is locked! Please try again later!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);
                            
				} else {
                            $locked = "no";
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query);
                            
                            // Account locked error
                            $errors = true;
                            $message = "Account is unlocked. You may now try to log in again!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);

				}
                            
                    if($locked == "yes"){
					/*hack around messy nested if statments*/    
                    } else {
                        
                        if ($lock_date != "0000-00-00 00:00:00") {
                            $locked = "yes";
    
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query);   
                                
    					} 
?>

Link to comment
https://forums.phpfreaks.com/topic/246564-not-clearing-locked-out-user/
Share on other sites

I am not sure why you have that "hack" in there, it does not do anything new that your prior if statements did already.

 

<?php
				$query = "SELECT lock_date FROM users_logins_attempts WHERE users_id = '".$users_id."'";
                    $result = mysqli_query($dbc,$query)
                    $row = mysqli_fetch_array($result);
                    
                    $lock_date = $row['lock_date'];

                    // Find out if user is locked out of their account
                    /* I believe the 0000 etc will be caught by the empty, but if you are nulling it, it may just be null, and that could be your issue */
                    if (!empty($lock_date) && strtotime($lock_date) >= time()) {
                        $locked = true;/* User true / false makes it easier to work with */

                            // Account locked error
                            $errors = true; 
                            $message = "Account is locked! Please try again later!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);
                            
				} else {
                            $locked = false; /* User true / false makes it easier to work with */
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query) or trigger_error('Unable to unlock user, query failed: ' . mysqli_error($dbc));
                            
                            // Account locked error
                            $errors = true;
                            $message = "Account is unlocked. You may now try to log in again!";
                            
                            $output = array('errorsExist' => $errors, 'message' => $message);

				}
                          
                          /* Why is this needed? The above two statements should take care of this.  
                    if(!$locked){
                        if ($lock_date != "0000-00-00 00:00:00") {
                            $locked = false;
    
                            // Clear the lock
                            $query = "UPDATE users_logins_attempts SET lockDate = NULL, ip_address = NULL, failed_logins = 0 WHERE users_id = '".$users_id."'";
                            $result = mysqli_query($dbc,$query);   
                                
    					} 
				}*/
?>

 

So I removed that, changed the $locked from being "yes"/"no" to true/false, easier to work with boolean values imo. Added an error trigger to the update query, which would make sure that is being checked. I added the empty check, I am not sure if this works properly with a 0'ed date, but that could be your problem if the field is nullable is that it is null'ed out and not just 0000's so that would alleviate that problem.

 

Let me know if it works or not.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.