Okay, I am working on my website, and I am starting to implement a failed user logon lock feature, that will lock the user out by ip & name (right now just testing out the ip to make it work) after 5 consecutive logins within a 15 minute period. (right now not important really just want to get it to work
)
So anyways I am using Codeigniter for my frame work. The Problem, When I login 5 time purposely to get the function to kick in and work, It does to a point. It will add in the strikes upto 4 (not 5). Or if I set it to 5 in the database it says that I have waited the 15 mins and unbans me automatically.
So here is the trigger
PHP Code:
if($this->checkLockout($usr) == TRUE){
$this->addstrike(5,$usr);
$array = array('ip' => $this->input->ip_address());
$query = $this->db->get_where('lockout',$array);
$row = $query->row();
show_error("Sorry, ". $usr ." Your account has been locked out for<strong> 15 minutes</strong>. It will unlock at <strong>". date('h:m:s',$row->unban) ."</strong><br /> Continuing to try and login during the lockout will increase your ban time by 15 minutes. So PLEASE WAIT. <br /><br /><br /> Thank you The Admin Staff") ;
exit();
}
$query = $this->db->get_where('users',$array);
if($query->num_rows() !== 1){
$ne['username'] = $usr;
$nq = $this->db->get_where('users',$ne);
if($nq->num_rows() !== 1){
show_error("Sorry no user found");
}
else{
$dur = $this->db->get_where('lockout',array('ip'=>$this->input->ip_address()));
if($dur->num_rows() !== 1){
$strike = 0;
}
else{
$dur = $dur->row();
$strike = $dur->strike;
}
if(!$strike){
$strike = 1;
$this->addStrike($strike,$usr);
show_error("Sorry Username / Password combo doesn't match. You have<b> ". $strike ." Out of 5 </b> Login attempts left<br>Once you have reached the limit your ip & account will be banned for 15 minutes for succesive attempts to login");
}
elseif($strike >= 5){
// show_error("Sorry, ". $usr ." Your account has been locked out for 15 minutes.");
exit();
}
else{
$strike++;
$this->addStrike($strike,$usr);
show_error("Sorry ". $usr ." Username / Password combo doesn't match. You have<b> ". $strike ." Out of 5 </b> Login attempts left<br>Once you have reached the limit your ip & account will be banned for 15 minutes for succesive attempts to login"); }
}
And the function
PHP Code:
private function addStrike($count,$usr)
{
$ip = $this->input->ip_address();
$array = array('ip' => $ip );
$query = $this->db->get_where('lockout',$array);
if($query->num_rows() !== 1){
$insert = array(
// 'id' => '',
'ip' => $ip,
'user' => $usr,
'strike' => $count,
'last_activity' => time(),
'lockout' => 'no',
'unban' => strtotime("+900 seconds"), // 15 Mins to lift
);
$this->db->insert('lockout',$insert);
}
else{
$row = $query->row();
$strikeCT = $row->strike;
echo $count;
if($count <= 4){
$update = array(
'ip' => $ip,
'user' => $usr,
'strike' => $count,
'last_activity' => time(),
'lockout' => 'no',
'unban' => strtotime("+900 seconds"), // 15 Mins to lift
);
$this->db->where('ip',$ip);
$this->db->update('lockout',$update);
}
elseif($count >= 5){
echo "hi, i am in elseif on addstrike(); ";
$update = array(
'ip' => $ip,
'user' => $usr,
'strike' => $count,
'last_activity' => time(),
'lockout' => 'yes',
'unban' => strtotime("+900 seconds"), // 15 Mins to lift
);
$this->db->where('ip',$ip);
$this->db->update('lockout',$update);
}
}
/*
$lockout_data = array(
'ip' => $ip,
'user' => $usr,
'strike' => $count,
);
$this->session->set_userdata($lockout_data);
*/
}
And this is what I am getting form these functions
Code:
here 1st if
here 2nd if
Time to unban 08:12:27
time now 08:12:32here 3rd if
And it outputs my other output saying invaild password you now have x of 5 strikes. and what not. I guess what I am trying to figure out is HOW IN THE WORLD do I set the time + 15 mins? I tried
PHP Code:
time() + (15 * 60)
time() + (900)
strtotime("+15 minutes")
