login.php
Gesponsorde koppelingen
PHP script bestanden
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<?php
ini_set('display_errors', 1); // 0 = uit, 1 = aan
error_reporting(E_ALL);
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['username']) && trim($_POST['username']) != '' &&
isset($_POST['password']) && trim($_POST['password']) != '')
{
try
{
//initialisatie
$maxAttempts = 3; //pogingen binnen aantal minuten (zie volgende)
$attemptsTime = 5; //tijd waarin pogingen gedaan mogen worden (in minuten, wil je dat in seconden e.d. met je de query aanpassen)
//vul hier je eigen databasegegevens in, verbinding maken met database
$db = new PDO('mysql:host=localhost;dbname=dbtable', 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//ophalen gebruikersinformatie, testen of wachtwoord en gebruikersnaam overeenkomen
$checkUsers =
"SELECT
user_id
FROM
users
WHERE
username = :username
AND
password = :password";
$userStmt = $db->prepare($checkUsers);
$userStmt->execute(array(
':username' => $_POST['username'],
':password' => hash('sha256', $_POST['username'] . $_POST['password'])
));
$user = $userStmt->fetchAll();
//ophalen inlogpogingen, alleen laatste vijf minuten
$checkTries =
"SELECT
username
FROM
loginfail
WHERE
DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
AND
username = :username
GROUP BY
username, IP
HAVING
(COUNT(username) = :maxAttempts)";
$triesStmt = $db->prepare($checkTries);
$triesStmt->execute(array(
':username' => $_POST['username'],
':attemptsTime' => $attemptsTime,
':maxAttempts' => $maxAttempts
));
$tries = $triesStmt->fetchAll();
if (count($user) == 1 && count($tries) == 0)
{
$_SESSION['user'] = array('user_id' => $user[0]['user_id'], 'IP' => $_SERVER['REMOTE_ADDR']);
//pagina waar naartoe nadat er succesvol is ingelogd
header('Location: index.php');
die;
}
else
{
$insertTry =
"INSERT INTO
loginfail
(username,
IP,
dateAndTime)
VALUES
(:username,
:IP,
NOW())";
$insertStmt = $db->prepare($insertTry);
$insertStmt->execute(array(
':username' => $_POST['username'],
':IP' => $_SERVER['REMOTE_ADDR']
));
if(count($tries) > 0)
{
$message = 'You have too many times tried the wronge username/password. Please wait a few minutes to login';
}
else
{
$message = 'invalid username/password. Please try again';
}
}
}
catch (PDOException $e)
{
$message = $e->getMessage();
}
$db = NULL;
}
else
{
$message = 'please fill in all required information';
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>login</title>
</head>
<body>
<?php
if (isset($message))
{
echo $message;
}
?>
<form method="post" action="login.php">
<fieldset>
<legend>log in</legend>
<label for="username">username</label><br>
<input type="text" name="username"><br>
<label for="password">password</label><br>
<input type="password" name="password"><br>
<input type="submit" name="login" value="login">
</fieldset>
</form>
</body>
</html>
ini_set('display_errors', 1); // 0 = uit, 1 = aan
error_reporting(E_ALL);
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['username']) && trim($_POST['username']) != '' &&
isset($_POST['password']) && trim($_POST['password']) != '')
{
try
{
//initialisatie
$maxAttempts = 3; //pogingen binnen aantal minuten (zie volgende)
$attemptsTime = 5; //tijd waarin pogingen gedaan mogen worden (in minuten, wil je dat in seconden e.d. met je de query aanpassen)
//vul hier je eigen databasegegevens in, verbinding maken met database
$db = new PDO('mysql:host=localhost;dbname=dbtable', 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//ophalen gebruikersinformatie, testen of wachtwoord en gebruikersnaam overeenkomen
$checkUsers =
"SELECT
user_id
FROM
users
WHERE
username = :username
AND
password = :password";
$userStmt = $db->prepare($checkUsers);
$userStmt->execute(array(
':username' => $_POST['username'],
':password' => hash('sha256', $_POST['username'] . $_POST['password'])
));
$user = $userStmt->fetchAll();
//ophalen inlogpogingen, alleen laatste vijf minuten
$checkTries =
"SELECT
username
FROM
loginfail
WHERE
DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
AND
username = :username
GROUP BY
username, IP
HAVING
(COUNT(username) = :maxAttempts)";
$triesStmt = $db->prepare($checkTries);
$triesStmt->execute(array(
':username' => $_POST['username'],
':attemptsTime' => $attemptsTime,
':maxAttempts' => $maxAttempts
));
$tries = $triesStmt->fetchAll();
if (count($user) == 1 && count($tries) == 0)
{
$_SESSION['user'] = array('user_id' => $user[0]['user_id'], 'IP' => $_SERVER['REMOTE_ADDR']);
//pagina waar naartoe nadat er succesvol is ingelogd
header('Location: index.php');
die;
}
else
{
$insertTry =
"INSERT INTO
loginfail
(username,
IP,
dateAndTime)
VALUES
(:username,
:IP,
NOW())";
$insertStmt = $db->prepare($insertTry);
$insertStmt->execute(array(
':username' => $_POST['username'],
':IP' => $_SERVER['REMOTE_ADDR']
));
if(count($tries) > 0)
{
$message = 'You have too many times tried the wronge username/password. Please wait a few minutes to login';
}
else
{
$message = 'invalid username/password. Please try again';
}
}
}
catch (PDOException $e)
{
$message = $e->getMessage();
}
$db = NULL;
}
else
{
$message = 'please fill in all required information';
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>login</title>
</head>
<body>
<?php
if (isset($message))
{
echo $message;
}
?>
<form method="post" action="login.php">
<fieldset>
<legend>log in</legend>
<label for="username">username</label><br>
<input type="text" name="username"><br>
<label for="password">password</label><br>
<input type="password" name="password"><br>
<input type="submit" name="login" value="login">
</fieldset>
</form>
</body>
</html>