|
PHP - Limiting Failed Login Attempts
I've got a somewhat simple problem I think.. I'm working on a uni practical, and one of the checkpoints is to limit the number of incorrect login attempts to 2. I know I could do this very easily with session variables, however on the practical sheet, it says that we're not allowed to modify any of the partially implemented code.
So I was wondering, what other ways are there to track the number of incorrect logins? If it comes to it, I will just use session variables, as it's pretty much the most sensible way I'd imagine.. but would like to know of any other possible ways.. Cheers Denno Similar TutorialsI wish to lockout the user for (3) minutes if they get (4) wrong username/password attempts in (5) minutes.
Is this typically tied to a single IP using $_SERVER['REMOTE_ADDR']?
Is it a good ideal to also check for a given username but from any IP? I might be wrong, but I assume the value in $_SERVER['REMOTE_ADDR'] is under the user's control.
Obviously, a session wouldn't be ideal as the associated cookie is under the user's control. Do I need to use the database or is there a better way?
Any thoughts or advise would be appreciated.
I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to. e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username? What's the best choice? Just too many attempts for a username? Or also use the ip address? And should I store the attempts in the session, or the DB? hope you all had a good Christmas/New Year. Hey! I am trying to get a database table of users but am running into the error: Warning: file_get_contents(http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=user_nodes&user=68583) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 in get_user_from_parameter(nabble:utilities.naml:890) - <n.get_user_from_parameter.as_user_page.do/> - public v in C:\xampp\htdocs\website4js\stanford\loadUsernames.php on line 32 I have looked it up and it may be a security thing...The urls I am getting are http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=user_nodes&user=68583 but the error adds an nodes& part that screws it up. Any way around this? Code: [Select] <?PHP $maxPage = 0; $mainPage = "http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=app_people&node=136"; $mainContent = file_get_contents($mainPage); $pattern = "/(?<=\"Page )\d\d+/"; preg_match_all($pattern, $mainContent, $pageNumb); //find the max page for($i=0;$i<sizeof($pageNumb[0]);$i++) { if($pageNumb[0][$i] > $maxPage) { $maxPage = $pageNumb[0][$i]; } } //echo('Max page is: '.$maxPage.'\n'); //Get an array of all the pages $pages = array(); for($i=1;$i<$maxPage;$i++) { $pages[$i] = "http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=app_people&node=136&i=".($i*20); } //print_r($userPages); //Get personal page urls and add to MySQL mysql_connect("localhost" , "root") or die("Cant connect"); mysql_select_db("protegeusers") or die("Cant find database"); foreach($pages as $url) { $urlContents = file_get_contents($url); $pattern = "/http:\/\/protege-ontology-editor-knowledge-acquisition-system\.136\.n4\.nabble\.com\/template\/NamlServlet\.jtp\?macro=.+;user=\d+/"; preg_match_all($pattern, $urlContents, $personalPage); foreach($personalPage as $user) { for($i=0; $i<sizeof($user);$i++) { [color=green]$userContents = file_get_contents($user[$i]);[/color] $pattern1 = "/user\/SendEmail\.jtp\?type=user.+;user=\d+/"; $pattern2 = "/(?<=\">Send Email to ).+(?=<)/"; preg_match_all($pattern1, $userContents, $userEmail); preg_match_all($pattern2, $userContents, $username); [color=green]print_r($username); print_r($email);[/color] //$query = "INSERT INTO users (username, userurl) values ('$userName','$userUrl')"; //mysql_query($query); } } } ?> I am trying to figure how to code around this. I have a DOM scraper function that pulls urls from my database, opens the page, scrapes the data, and then moves onto the next URL to scrape. my issue is that if the page fails to load the script bombs and I have to restart it again. Trying to figure out how if the Code: [Select] $html->find('div[class="itemHeader address"]') as $div fails to open the page it just skips the DOM inspection. Here is my error... Failed to open stream: HTTP Request failed. Here is where I am at with my script.... Code: [Select] mysql_select_db("scraped") or die(mysql_error()); $result = mysql_query("SELECT PKEY, URL, HASSCRAPED, SHOULDSCRAPE FROM CRAWLED WHERE SHOULDSCRAPE ='1' AND HASSCRAPED = '0'") or die(mysql_error()); while($row = mysql_fetch_array( $result )) { mysql_query("UPDATE CRAWLED SET CRAWLED.HASSCRAPED = '1' WHERE CRAWLED.URL = '" . $row['URL'] . "'"); $html = file_get_html($row['URL']); foreach($html->find('div[class="itemHeader address"]') as $div) { foreach($div->find('a') as $element){ $CleanData = CleanData($element->innertext); if (strlen($CleanData[0]) > 5){ mysql_query("INSERT INTO SCRAPED (ADDR1, CITY, STATE, ZIP, URL, DATE) VALUES ('" . $CleanData[0] . "','" . $CleanData[1] . "','" . $CleanData[2] . "','" . $CleanData[3] . "','". $row['URL'] . "','". date( 'Y-m-d H:i:s ' ) ."')"); } } } $html->clear(); unset($html); unset($CleanData); } function CleanData($data) { $NewData = trim($data); $NewData = str_replace("<em>", "", $NewData); $AddrCityStateZip = explode("</em>",$NewData); $CityStateZip = explode(",",$AddrCityStateZip[1]); $StateZip = explode(' ',$CityStateZip[1]); $NewDataArray = array ($AddrCityStateZip[0], $CityStateZip[0], $StateZip[1], $StateZip[2]); return $NewDataArray; unset($NewData); unset($AddrCityStateZip); unset($CityStateZip); unset($StateZip); } mysql_close($link); echo 'Scraping has compleated without error'; (I'm putting this in PHP since it's not a question specific to MySQL or other DB stuff.)
I have a page that uses the GET id to find a product. GET variables are sanitized, and the SQL string is escaped even though it's expecting a number only. So the code seems safe to me. I'm getting some error_log results that appear to be hack attempts:
SELECT I wrote a small PHP with SQLite script which stores the IP with counter, it works fine with one problem, If I enter the correct password 4th time the counter becomes 4 and I get the error to enter my captcha. All the other times, 1-3 and 5 and above count it just works fine. What am I doing wrong with the logic.
Attaching the zip file with code.
https://drive.google...dit?usp=sharing
Hello I'm on the verge of damaging my computer, please help... The below is my first PHP script - it works about once every 20 attempts, sending the email message. I've tried moving the header bit around, so it's inside the if statement, but it is still only intermittently successful. For the sake of this PC, please help out Best Wishes <? function checkOK($field) { if (eregi("\r",$field) || eregi("\n",$field)){ die("Invalid Input!"); } } $select=$_POST['select']; checkOK($select); $name=$_POST['name']; checkOK($name); $email=$_POST['email']; checkOK($email); $confirmail=$_POST['confirmail']; checkOK($confirmail); $month=$_POST['month']; checkOK($month); $day=$_POST['day']; checkOK($day); $year=$_POST['year']; checkOK($year); $leaving=$_POST['leaving']; checkOK($leaving); $hour=$_POST['hour']; checkOK($hour); $minutes=$_POST['minutes']; checkOK($minutes); $ampm=$_POST['ampm']; checkOK($ampm); $going=$_POST['going']; checkOK($going); $flightnumber=$_POST['flightnumber']; checkOK($flightnumber); $pay=$_POST['pay']; checkOK($pay); $song=$_POST['song']; checkOK($song); $comments=$_POST['comments']; checkOK($comments); $to="beepbeepyeah@kabeoke.com"; $message="Message Type: $select\n\nName: $name\n\nEmail: $email\n\n$confirmail\n\nDate of Journey: $month, $day, $year\n\nLeaving From: $leaving\n\nDeparture Time: $hour:$minutes $ampm\n\nGoing to: $going\n\nFlight Number: $flightnumber\n\nPayment Method: $pay\n\nSong Requests: $song\n\nComments: $comments"; header('Location:http://www.kabeoke.com'); if(mail($to,"Slap it - booking/enquiry from Kabeoke.com!",$message,"From: $email\n")){ } else { echo "There was a problem sending the mail. Please check that you filled in the form correctly."; } ?> Hi everybody, I want to build a script that lets someone register with a simple form that logs all activity into a MySQL db. The thing is, I want to log all attempts to signup into the system even if they do not satisfy password strength, or the required fields criteria. In the following code, the string "email" isn't being used. The field named 'name' is what I'm using to collect the email, and the field named 'msg' is what I'm using to collect the password. I've gotten to the point where if they don't provide anything for either email or password, then it directs them to the same page and it asks them to re enter their information. but I can't seem to capture the attempt (so if they enter an email but not a pass, i still want to know what email they entered). I'm getting this error Parse error: syntax error, unexpected T_ELSE in /hermes/bosweb25c/b1454/ipg.domainname/nameofsite/contact_insert2.php on line 41 Line 41 corresponds to the line with the first "else{" I'm really not sure what to do, it seems straight forward when I think it through in my head. If pass or email field is empty, enter it into the db, and then send them back to the beginning, if pass or email field not empty, continue in script. Code: [Select] <?php define('DB_NAME', 'dbname'); define('DB_USER', 'phpchick'); define('DB_PASS', 'password'); define('DB_HOST', 'localhost'); // contact to database $connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('Error , check your server connection.'); mysql_select_db(DB_NAME); //Get data in local variable $v_name=$_POST['name']; $v_email=$_POST['email']; $v_msg=$_POST['msg']; // check for null values if ($v_name=="" or $v_msg=="") $query="insert into contact(name,email,msg) values('$v_name','$v_email','$v_msg')"; mysql_query($query) or die(mysql_error()); echo " <head> <link rel=\"stylesheet\" type=\"text/css\" href=\"http://site.com/signup.css\"></head> <h2>Free Registration</h2> <form action=\"contact_insert2.php\" method=\"POST\" id=\"insert\"> <table> <tr> <td >Email</td> <td ><input type=\"text\" size=40 name=\"name\"></td> </tr> <tr> <td >Password</td> <td ><input type=\"password\" size=40 name=\"msg\" ></td> </tr> You must enter an email and password. <tr> <td colspan=2 id=\"sub\"><input type=\"submit\" name=\"submit\" value=\"submit\" ></td> </tr> </Table> </form>"; else{ if (strcspn($_REQUEST['msg'], '0123456789') == strlen($_REQUEST['msg'])) echo "true"; else{ $query="insert into contact(name,email,msg) values('$v_name','$v_email','$v_msg')"; mysql_query($query) or die(mysql_error()); echo "Your message has been received"; } } ?> Hello, I have a problem with writing a function that will display the number of attempts to communicate with the host that have not been answered, if the host starts responding again, the table should display, for example 0. The website addresses are taken from the MySQL database. The next column should display the time from which the communication with the host was lost and if it responds, it should display, e.g. OK. Please, give me some hints how to write it. Thanks in advance. Edited October 12, 2019 by xyz91I am wanting to create a basic product listing page for a product category called "Belts". My latest attempt was this, but I got an error: PHP Code: Code: [Select] $query = "select * from products"; $result = mysql_query($query); while($row=mysql_fetch_assoc($result)) { print ".$row['name'] where category = 'Belts'.$row['colour'] where category = 'Belts'"; } Quote PHP Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING This is what my MySQL table looks like: http://i54.tinypic.com/2j1si8w.png I image what I am trying to do will print "Somename Black, ProductName2 Brown"? I'm not really interested in styling at the moment, I just want to see the PHP-MySQL work at the most basic level. I am unsure what the error cosde means. Can anyone see a fault in my code? OMG! Crafting well thought out business logic is such a PITA sometimes! I am working on an ecommerce site that sells subscriptions, books, gear, etc. Similar to a lot of online newspapers, I have a "Subscribe" button in my website mast where people can buy a subscription. After clicking on that button, the user is first presented with different subscription offers (e.g. sliver, gold, platinum), and then I have a one-page checkout form where they create an account - kind of important for an online subscription! - and they pay with a credit card. Easy! Trying to be a nice guy, I decided to add the ability to choose a subscription from my online store as well. (Presumably you want to offer as many ways for people to buy things from you as possible, right?) Well here is the issue I just discovered... What happens if a person is browsing through my product catalog, and they add multiple subscriptions to their shopping cart? Of course I would welcome the extra $$$, but I just realized that would break how people create their accounts and pay, because above I assume that ONE person, buys ONE subscription and pays for it in ONE transaction. So my questions is, "Would it be a mortal sin to limit people to buying only ONE subscription at a time if they do so while in my online store?" I would hope that people would get that, but as we know, users do some crazy stuff!! In fairness, if you went to buy a subscription at the Wall Street Journal or any other large newspaper/magazine, you would be forced to do one subscription per transaction. I am just wondering what happens if someone goes on a shopping spree in my online store, buys several books, some t-shirts, and decides he/she also wants to buy 5 subscriptions on the spot. Thoughts?
Hi, I am wondering if it is possible to monitor how long someone is on a website for and to limit them for example: 30 minutes. An example of this would be one of those Tv Online websites which allow you to only watch 30 minutes of video time. If you try refreshing the page it will still not allow you. My question is, Is it an ip check which does this? Sorry If it such a broad topic. Nick Im not sure f this is the right spot for this or not but... I have a website that has a content box that has a fixed height and width. How would i make it so after the box is full it puts a link to read more at the bottom of it? Also images may be used as well. Its also for a wordpress blog Following on from the excellent help in the thread at http://www.phpfreaks.com/forums/php-coding-help/using-a-generated-row-number-in-another-query I have another question regarding the League Standings that are generated there. I want to have another version that limits the records to the last 5 games for each team. Just using 'LIMIT 5' would return the first five teams and all their records but I want it to retrieve all of the teams and each teams last five records (games). The easy way would be to restrict a the dates but as games get postponed and moved using WHERE with a specific date would not guarantee the same number of games for each team. There is the possibility that this could be done via the query but I have not come across anything in some quite extensive searching (although, once again, I do not know if I am using the right search terms!) so I assume PHP would, once again be the saviour! Thanks in advance for any suggestions. Steve
function wsProcessClientMessage($clientID, $opcode, &$data, $dataLength) {
global $wsClients;
// check opcodes
if ($opcode == WS_OPCODE_PING) {
// received ping message
return wsSendClientMessage($clientID, WS_OPCODE_PONG, $data);
}
elseif ($opcode == WS_OPCODE_PONG) {
// received pong message (it's valid if the server did not send a ping request for this pong message)
if ($wsClients[$clientID][4] !== false) {
$wsClients[$clientID][4] = false;
}
}
elseif ($opcode == WS_OPCODE_CLOSE) {
// received close message
if (substr($data, 1, 1) !== false) {
$array = unpack('na', substr($data, 0, 2));
$status = $array['a'];
}
else {
$status = false;
}
if ($wsClients[$clientID][2] == WS_READY_STATE_CLOSING) {
// the server already sent a close frame to the client, this is the client's close frame reply
// (no need to send another close frame to the client)
$wsClients[$clientID][2] = WS_READY_STATE_CLOSED;
}
else {
// the server has not already sent a close frame to the client, send one now
wsSendClientClose($clientID, WS_STATUS_NORMAL_CLOSE);
}
wsRemoveClient($clientID);
}
elseif ($opcode == WS_OPCODE_TEXT || $opcode == WS_OPCODE_BINARY) {
// received text or binary message
if (function_exists('wsOnMessage')) wsOnMessage($clientID, $data, $dataLength, $opcode == WS_OPCODE_BINARY);
}
else {
// unknown opcode
return false;
}
return true;
}
Ok so here's my code first the ajax/javascript, secondly the php. Issue i'm having is that first it wasn't entering any data into my database then eventual through much troubleshooting I figured out that if I add more then 10 variables in my INSERT INTO query it wont work. Ten or less and it works perfect. I CAN NOT figure this out?! Note, at the bottom of the php script I have the script that I would like to work, commented out, and the script that is currently working, active. You can see it only has 10 working entries. Code: [Select] function entervehicle(){ var stk = document.getElementById("stk").value var my = document.getElementById("my").value var mak = document.getElementById("mak").value var mod = document.getElementById("mod").value var mil = document.getElementById("mil").value var pri = document.getElementById("pri").value var bst = document.getElementById("bst").value var len = document.getElementById("len").value var eng = document.getElementById("eng").value var dor = document.getElementById("dor").value var tra = document.getElementById("tra").value var gvw = document.getElementById("gvw").value var inc = document.getElementById("inc").value var exc = document.getElementById("exc").value var cfo = document.getElementById("cfo").value var titl = document.getElementById("titl").value var desc = document.getElementById("desc").value var vin = document.getElementById("vin").value var pic1 = document.getElementById("pic1").value var pic2 = document.getElementById("pic2").value var pic3 = document.getElementById("pic3").value var pic4 = document.getElementById("pic4").value var pic5 = document.getElementById("pic5").value var pic6 = document.getElementById("pic6").value var pic7 = document.getElementById("pic7").value var pic8 = document.getElementById("pic8").value var pic9 = document.getElementById("pic9").value var linksubmit ="../php/entervehicle.php?stk=" + stk +"&my=" + my +"&mak=" + mak +"&mod=" + mod +"&mil=" + mil +"&pri=" + pri +"&bst=" + bst +"&len=" + len +"&eng=" + eng +"&dor=" + dor +"&tra=" + tra +"&gvw=" + gvw +"&inc=" + inc +"&exc=" + exc +"&cfo=" + cfo +"&titl=" + titl +"&desc=" + desc +"&vin=" + vin +"&pic1=" + pic1 +"&pic2=" + pic2 +"&pic3=" + pic3 +"&pic4=" + pic4 +"&pic5=" + pic5 +"&pic6=" + pic6 +"&pic7=" + pic7 +"&pic8=" + pic8 +"&pic9=" + pic9 alert(linksubmit); var entrequest = getHTTPObject(); if(entrequest) { entrequest.open("GET",linksubmit,true); entrequest.onreadystatechange = function(){ entveh(entrequest); }; entrequest.send(null); } } function entveh(entrequest){ if(entrequest.readyState == 4){ if(entrequest.status == 200){ var myPHP = entrequest.responseText; document.getElementById("adminmain").innerHTML = myPHP; } } } <?php $stk = $_GET['stk']; $my = $_GET['my']; $mak = $_GET['mak']; $mod = $_GET['mod']; $mil = $_GET['mil']; $pri = $_GET['pri']; $bst = $_GET['bst']; $len = $_GET['len']; $eng = $_GET['eng']; $dor = $_GET['dor']; $tra = $_GET['tra']; $gvw = $_GET['gvw']; $inc = $_GET['inc']; $exc = $_GET['exc']; $cfo = $_GET['cfo']; $titl = $_GET['titl']; $desc = $_GET['desc']; $vin = $_GET['vin']; $pic1 = $_GET['pic1']; $pic2 = $_GET['pic2']; $pic3 = $_GET['pic3']; $pic4 = $_GET['pic4']; $pic5 = $_GET['pic5']; $pic6 = $_GET['pic6']; $pic7 = $_GET['pic7']; $pic8 = $_GET['pic8']; $pic9 = $_GET['pic9']; require("database.php"); $tresult = mysql_query("INSERT INTO automobile_stat (stock_number,model_year, make, model, miles, price, body_style, length, description, trans) VALUES ('$stk', '$my', '$mak', '$mod', '$mil', '$pri', '$bst', '$len', '$desc', '$tra')"); /*$tresult = mysql_query("INSERT INTO automobile_stat (stock_number, model_year, make, model, miles, price, body_style, length, description, engine, doors, trans, gvw, int_color, ext_color, car_fax_owner, title_desc, main_picture_src, vin) VALUES ('$stk', '$my', '$mak', '$mod', '$mil', '$pri', '$mpri', '$bst', '$len', '$desc', '$eng', '$dor', 'tra', '$gvw', '$inc', '$exc', '$cfo', '$titl', 'img', '$vin')");*/ /*$tresult=mysql_query("SELECT * FROM automobile_stat" ); $countrows = mysql_num_rows($tresult); while($row = mysql_fetch_array($tresult)){ echo $row[stock_number]; }*/ mysql_close($linkID); ?> I have a database of 100 lines which have echoed onto the page so each line within the database is printed. I would like to limit it to ten. However, I have tried a whole range of different loops but none of them seek to work. Some of them print the database ten times so I have 1000 lines on the page. Can anyone advise the best method of limiting how many lines within a database are printed on the page? Hey there - I have been trying to limit the number of comments a user can make per day on my social network. Thanks to great help on here I am getting really close, however, there are some bugs that have me banging my head against the wall. I am able to limit, but now, its 1. not limiting PER day and limiting all around ( meaning: I can't make any comments at all today ) 2. it is limiting for EVERY user as opposed to limiting a specific user Here is the code I have: Code: [Select] if(isset($_POST['commentProfileSubmit'])) { if($_POST['ProfileComment'] == "" || $_POST['ProfileComment'] == "Tell the community what's on your mind...") { $valid = false; $error_msgs_comments[] = "Whoops! You forgot to write your airwave."; }else{ if($_POST['ProfileComment'] == "" || $_POST['ProfileComment'] == "Leave ".$prof->first_name." a comment here...") { $valid = false; $error_msgs_comments[] = "Whoops! You forgot to write your comment."; }else{ /* if the person signed in is NOT the profile */ $query = "SELECT * FROM `cysticUsers` WHERE `id` = '" . $prof->id . "'"; $request = mysql_query($query,$connection) or die(mysql_error()); $result = mysql_fetch_array($request); $max_post_per_day = 5; $Email = $result['Email']; $check_profi = $result['check_profi']; $check_reply = $result['check_reply']; if($prof->id != $auth->id && $check_profi == 'checked' && $max_post_per_day < 5) { $to = $Email; $subject = "$auth->first_name $auth->last_name commented on your profile on CysticLife"; $message = "$auth->first_name $auth->last_name commented on your profile on CysticLife: <br /><br />\"$body\"<br /><br /> <a href='http://www.cysticlife.org/Profile_build.php?id=" . $prof->id . "'>Click here to view</a><br /><br />Do LIFE,<br /> The CysticLife Team"; $from = "CysticLife <noreply@cysticlife.org>"; $headers = 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n"; $headers .= "From: $from"; mail($to, $subject, $message, $headers); } $query = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND `date` = CURDATE()"; $result = mysql_query($query, $connection); $post_count = mysql_result($result, 0); if($post_count >= $max_posts_per_day) { echo "You have reached the maximum number of posts for the day. Try again tomorrow"; } else { $comment = mysql_real_escape_string($_POST['ProfileComment']); $query = "INSERT INTO `CysticAirwaves` (`FromUserID`, `ToUserID`, `comment`, `status`, `statusCommentAirwave`, `date`, `time`) VALUES ('{$auth->id}', '{$prof->id}', '{$comment}', 'active', 'active', CURDATE(), CURTIME())"; mysql_query($query, $connection) or die(mysql_error()); } if($auth->id == $prof->id) { $just_inserted = mysql_insert_id(); $query = "UPDATE `CysticAirwaves` SET `status` = 'dead' WHERE `FromUserID` = '" . $auth->id . "' AND `ToUserID` = '" . $prof->id . "' AND `id` != '" . $just_inserted . "'"; $request = mysql_query($query,$connection); } } } } thanks so much in advanced |
|||||||