登入次數超過5,就當機使用者blocked=1
<?php
if (!isset($_session['attemptscounter'])) {
$_session['attemptscounter'] = 0;
}
if ((isset($_post['usernameentryfield']) and $_post['usernameentryfield'] != '')) {
/* if not logged in */
$_session['attemptscounter']++;
// show login screen
if (!isset($_post['usernameentryfield']) or $_post['usernameentryfield'] == '') {
include('includes/login.php');
exit;
}
$auth_result = getuserinfo($_post['usernameentryfield'], $_post['password']);
// populate session variables with data base results
if (db_num_rows($auth_result) > 0) {
} else { // incorrect password
// 5 login attempts, show failed login screen
if (!isset($_session['attemptscounter'])) {
$_session['attemptscounter'] = 0;
} elseif ($_session['attemptscounter'] >= 5 and isset($_post['usernameentryfield'])) {
/*user blocked from future accesses until sysadmin releases */
$sql = "update www_users set blocked=1 where www_users.userid='{$_post['usernameentryfield']}'";
db_query($sql);
die(include('includes/failedlogin.php'));
}
die(include('includes/login.php'));
?>