user7654321 Posted October 20, 2019 Share Posted October 20, 2019 ----------------------------------------------------------this code---------------------------------------------------------------------- <?php if($login_incorrect){ if(isset($_COOKIE['login'])){ if($_COOKIE['login'] < 3){ $attempts = $_COOKIE['login'] + 1; setcookie('login', $attempts, time()+60*10); //set the cookie for 10 minutes with the number of attempts stored } else{ echo 'You are banned for 10 minutes. Try again later'; } } else{ setcookie('login', 1, time()+60*10); //set the cookie for 10 minutes with the initial value of 1 } } ?> ----------------------------------------------------in here---------------------------------------------------------------------------------- include('dbc.php'); if(isset($_POST['login'])) { $username=$_POST['username']; $password=$_POST['password']; if(empty($username) && empty($password)) { echo"<script>alert('please enter username and password')</script>"; } if(empty($username) || empty($password)) { echo"<script>alert('please enter username and password')</script>"; } $pass= hash('sha512', $password); $set="Lecturer"; $set2='Admin'; $sel="select * from $tb1 where username='$username' and password='$pass'"; $result=mysqli_query($con,$sel); $row=mysqli_fetch_array($result); if($row['username']== $username && $row['password']== $pass && $row['usertype']==$set) { $_SESSION["username"] = $_POST["username"]; $_SESSION['last_login_timestamp'] = time(); $_SESSION['username'] = $username; header('location:userhome.php'); } elseif ($row['username']== $username && $row['password']== $pass && $row['usertype']==$set2) { $_SESSION["username"] = $_POST["username"]; $_SESSION['last_login_timestamp'] = time(); $_SESSION['username'] = $username; header('location:adminhome.php'); }} else {echo"<script>alert('not registered/approved')</script>";} ?> Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 20, 2019 Share Posted October 20, 2019 Is there a problem here? What's keeping you from a) formatting your script so it is readable and b) from doing it? Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted October 21, 2019 Share Posted October 21, 2019 Did you write the script? If not, you might want to look into an alternative solution. For example, user-supplied information like what comes from $_POST['username'] should not be placed directly into the query. You will want to use prepared statements to prevent someone from performing SQL Injection attacks. You should also look into a solution that uses password_hash() for hashing passwords. More information about hashing passwords can be found here:https://www.php.net/manual/en/faq.passwords.php Quote Link to comment Share on other sites More sharing options...
NotSunfighter Posted October 25, 2019 Share Posted October 25, 2019 What cyberRobot said and I'm not happy with the script the way it is because somewhere you need to be loading HTML for it to work and what I'm about to do does not take that into consideration: <?php if(isset($_POST['login'])){ if(isset($_COOKIE['login'])){ if($_COOKIE['login'] < 3){ $attempts = $_COOKIE['login'] + 1; setcookie('login', $attempts, time()+60*10); }else{ /* Please note this is an ECHO while your using echo"<script>alert()</script>"; below */ echo 'You are banned for 10 minutes. Try again later'; die; } }else{ setcookie('login', 1, time()+60*10); die; } /* I have include the rest of this so you have a formatted cody */ $username=$_POST['username']; $password=$_POST['password']; if(empty($username) && empty($password)){ echo"<script>alert('please enter username and password')</script>"; } if(empty($username) || empty($password)){ echo"<script>alert('please enter username and password')</script>"; } $pass= hash('sha512', $password); $set="Lecturer"; $set2='Admin'; $sel="select * from $tb1 where username='$username' and password='$pass'"; $result=mysqli_query($con,$sel); $row=mysqli_fetch_array($result); if($row['username']== $username && $row['password']== $pass && $row['usertype']==$set){ $_SESSION["username"] = $_POST["username"]; $_SESSION['last_login_timestamp'] = time(); $_SESSION['username'] = $username; header('location:userhome.php'); }elseif ($row['username']== $username && $row['password']== $pass && $row['usertype']==$set2){ $_SESSION["username"] = $_POST["username"]; $_SESSION['last_login_timestamp'] = time(); $_SESSION['username'] = $username; header('location:adminhome.php'); }else{ echo"<script>alert('not registered/approved')</script>"; } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.