|
|
Posted by Sascha Affolter on 03/19/06 19:05
Hi,
I make a login system with an function to filtre the hacker. When a user login with a wrong Password or USERNAME he have 5 logins to make this.
whats my problem?
[php]<?php
include("include/config.php");
$fehler = "";
$time = time();
$ip = $_SERVER['REMOTE_ADDR'];
$query = "SELECT time,enters FROM loginhack WHERE ip = '$ip'";
$sql = mysql_query($query) or die(mysql_error());
$ds = mysql_fetch_object($sql);
if($ds->enters < 5){
$canlogin = TRUE;
}else{
if(isset($ds->enters) AND $ds->time > $time){
$query = "UPDATE loginhack SET time = '0', enters = '0' WHERE ip = '$ip'";
mysql_query($query);
$canlogin = TRUE;
}
}
if($canlogin == TRUE){
if(isset($_COOKIE['login_sid'])){
$cookiedata = explode('|',$_COOKIE['login_sid']);
$query = "SELECT passwort FROM Login WHERE nickname = '$cookiedata[1]'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
if($ds->passwort == $cookiedata[2]){
$fehler = "Bereits drinnen!!!";
}
}else{
if(empty($loginnickname) || empty($loginpasswort)){
$fehler = "Bitte geben Sie PW und Nick an!";
}else{
$loginnickname = mysql_escape_string($_POST['nickname']);
$loginpasswort = mysql_escape_string($_POST['passwort']);
$query = "SELECT nickname,passwort,aktiviert FROM Login WHERE nickname = '$loginnickname'";
$sql = mysql_query($query) or die(mysql_error());
$ds = mysql_fetch_object($sql);
$loginpasswortmd = md5($loginpasswort);
$query = "SELECT passwort FROM Login WHERE nickname = '$loginnickname'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
if($ds->passwort !== $loginpasswortmd){
$query = "SELECT time,enters FROM loginhack WHERE ip = '$ip'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
if(!isset($ds->enters)){
$query = "INSERT INTO loginhack SET ip = '$ip', enters = '1'";
$sql = mysql_query($query) or die(mysql_error());
$newenter = "1";
}else{
if($ds->enters == "5"){
if($ds->time < $time){
$query = "UPDATE loginhack SET time = '0', enters = '1' WHERE ip = '$ip'";
mysql_query($query) or die(mysql_error());
$newenter = 1;
}
}else{
if($ds->enters == "4"){
$endtime = $time+60*15;
$query = "UPDATE loginhack SET time = '$endtime', enters = '5' WHERE ip = '$ip'";
mysql_query($query);
$newenter = 5;
}else{
if($ds->enters < 4){
$enters = $ds->enters;
$newenter = $enters+1;
$query = "UPDATE loginhack SET enters = '$newenter' WHERE ip = '$ip'";
mysql_query($query) or die(mysql_error());
}
}
}
}
if(isset($newenter)){
$newenter = 5 - $newenter;
$fehler = "Sie haben ein falsches PW angegeben oder den falschen NICK! Sie haben noch ".$newenter." Login Versuche!";
}else{
$FORMATED_TIME = $ds->time;
$count = date("m-d-Y H:i",$FORMATED_TIME);
$fehler = "Sie sind noch bis ".$count." gesperrt!!";
}
}else{
if($ds->aktiviert == "1"){
$fehler = "Sie sind noch nicht aktiviert!";
}else{
if($fehler == "" AND $fehlerhack == ""){
$cookievalue = $loginnickname.' | '.md5($loginpasswort);
setcookie("login_sid", $cookievalue, time()+60*60*24*30);
define(membersite,true);
$date = date("Y-m-d");
$time = date("H:i:s");
$ip = $_SERVER['REMOTE_ADDR'];
$query = "UPDATE Login SET ip = '$ip', lastlogin = '$date $time' WHERE nickname = '$loginnickname'";
mysql_query($query) or die(mysql_error());
print 'Sie werden weitergeleitet... <meta http-equiv="refresh"content="0;URL=http://'.$url.'/index.php?action=login">';
}else{
print 'Sie werden weitergeleitet... <meta http-equiv="refresh"content="0;URL=http://'.$url.'/index.php?fehler='.$fehler.'">';
}
}
}
}
}
}else{
$query = "SELECT time FROM loginhack WHERE ip = '$ip'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
$FORMATED_TIME = $ds->time;
$count = date("m-d-Y H:i",$FORMATED_TIME);
$fehler = "Sie sind noch bis ".$count." gesperrt!!";
print 'Sie werden weitergeleitet... <meta http-equiv="refresh"content="0;URL=http://'.$url.'/index.php?fehler=!'.$fehler.'">';
}
?>[/php]
When i run this, it prinbt nothing and make nothing :(
Navigation:
[Reply to this message]
|