I want to make little timer on my registration, per user. So basically I want to make it when someone makes the account, they are put on timer for lets say 5 minutes before registering again (same user).
I've tried the below, but it doesn't seem to be working:
$now = date('Y-m-d H:i:s');
if ($stmt->num_rows > 0) {
exit('user already exists');
} else {
$expire = date('Y-m-d H:i:s',+30);
if($now>$expire) {
create new acc
} else {
exit('You need to wait.');
}
Just add "+ 5 min to expire" docs: https://www.php.net/manual/de/function.strtotime.php
$now = date('Y-m-d H:i:s');
if ($stmt->num_rows > 0) {
exit('user already exists');
} else {
$expire = date('Y-m-d H:i:s', "+ 5 minutes");
if($now>$expire) {
create new acc
} else {
exit('You need to wait.');
}
You can basically use this code it will work
this code snippet will not work. Both variables, $now and $expire, are defined on the same flow.
On time of evaluation, the expression $now>$expire is never true.
You need store the state for the lock. One way to achieve this is a cookie that carries the date of last registration attempt.
PseudoCode
if isRegistered(user): exit("Already signed up")
else if notSet(cookie['lastAttemptAt']) : proceedWithSignUp()
else if cookie['lastAttemptAt'].plus(5, Minutes) < now() : proceedWithSignUp()
else : exit("You need to wait")
in this case the function proceedWithSignUp needs to take care as well to set the cookie value of lastAttemptAt
Be aware, that this can be easily by passed, by either not accepting cookies at all or clearing the cookies.
Related
I'am trying to build a simple system to indicate weather the user is online or not. but I have one issue
when the user close the tap or the browser, the ajax code can't refresh the page that handles user track activity.
my php code that change the value to 0 if the user was inactive for 2 minutes
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 61)) {
$query = "UPDATE [ccc].[users] SET active = 0 WHERE ldap ='$ldap'";
sqlsrv_query($conn,$query);
}
jquery code to check every 5 seconds
$(document).ready(function () {
/*check existing users*/
function session_checking() {
$.post("../ajax-session.php", function (data) {
});
}
setInterval(session_checking, 5000);
});
How can I change the status to 0 if the user closed the browser ?
As far as I know, there is no way to notify the server when the user closes the tab/window.
Maybe you could create a task who constantly checks the activity of your users, inactivating them:
UPDATE users SET is_online = 0 WHERE is_online = 1 AND last_activity <= [WHAT YOU NEED]
Remember to create the proper indexes on your table, considering that you will run the above query frequently.
use setcookie for this
setcookie('newtest', 'newtest', 0);
Simply set a variable which has the session data at login process. So you may check whether user is active or not later. like:
$_SESSION["user"] = array(
"s_name" => "user1#email.com",
"login_time" => time()
);
if($_SESSION["user"]["login_time"] < time()+2*60){ unset($_SESSION["user"]); }
in application:
if(isset($_SESSION["user"])){ ... }
I'm trying to set up a notifications system that doesn't requiere cookies.
I'm using SQL to store my users's info, and they are then passed into $_SESSION['user_auth'] once they are logged in.
When a user logs in, I want to fetch the last time the user was online (for instance 05/05/2016 21:35:50) and then compare with the database if there's any more recent announcements, posterior to its "last time logged in".
Is this viable ?
How can I know the last time my user was browsing the website ? Do I need a new row in my 'users' table, if so, how to set this function up ?
Thanks for your suggestions
I've got a similar method I created and you can see the answer here
The basic idea is updating a lastActive column in the database and update this upon user login and set a session variable to the current time. Then at the top of each page is a function that checks a users activity. If the time between last login and current time is above 45minutes then the lastActive data in MySQL is updated.
You can use the following function to set and update the lastActive column and use your own methods for 'when' this function can be used.
function set_last_active($mysqli, $username) {
if ($stmt = $mysqli->prepare("UPDATE Users SET lastActive = Now() WHERE username = ?")) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->close();
}
}
This is what I use as a script at the top of each page:
<?php
include_once 'functions.php';
if(isset($_SESSION['username'], $_SESSION['user_id'], $_SESSION['lastActive'])) {
date_default_timezone_set("Europe/London");
$now = new DateTime();
$lastActive = $_SESSION['lastActive'];
$diff=$now->diff($lastActive);
$hours = $diff->format('%h');
$mins = $diff->format('%i');
$day = $diff->format('%d');
$month = $diff->format('%m');
$year = $diff->format('%y');
if($mins > 45 || $hours >= 1 || $day >= 1 || $month >= 1 || $year >= 1) {
$_SESSION['lastActive'] = $now;
set_last_active($mysqli, $_SESSION['username']);
}
}
What is the correct way to let the user verify the captcha after 4 unsuccessfully login attempts within the last 15 minutes. I have got everything running fine but not timestamp part of the query. To be more specific it can display captcha after 4 failed attempts when user try to log in 5th time or so on, irrespective of whether 15min or 30min have passed...
$query1 = "SELECT login_attempts from users WHERE email = '$email' AND last_login < NOW() - INTERVAL 15 MINUTE";
$result1 = mysqli_query($dbc, $query1) OR die(mysqli_error());
$row = mysqli_fetch_array($result1);
$fail = (int)$row['login_attempts'];
If my understanding is correct, You have to check if the 4th last unsuccessful login attempt is before 15 minutes.
For achieving this, you have to store the time-stamps of last four unsuccessful logins in the database.
Create a field called unsuccesful_login_timestamps as text or varchar with large size in your db. We will store the UNIX timestamps of last four unsuccessful logins in comma separated form in this field.
When a user attempts to login, implement the following logic
If username and password is valid, let user login (You can clear the unsuccesful_login_timestamps field if login is succesful if you want). Else, run the following code.
$last_login_string = {{ get unsuccesful_login_timestamps value for this user from database }}
$last_login_string = update_last_login($last_login_string);
$fourth_last_login = get_4th_last_login($last_login_string);
$time_difference = time() - $fourth_last_login;
{{Update unsuccesful_login_timestamps in db with $last_login_string}}
if($time_difference <900){
//show captcha
}else{
//no_need_for_captcha
}
//Method to update last 4 unsuccessful logins by removing
// the last one from the starting and append the latest time in the end
function update_last_login($last_login_string){
$time_array = array();
if(strlen($last_login_string) > 0){
$time_array = explode(",",$last_login_string);
$size = count($time_array);
if($size ==0){ //first attempt
$last_login_string = time();
}else if($size == 4){ //>=4th attempt
$time_array[4]=time();
array_shift($time_array);
$last_login_string = implode(",",$time_array);
}else{ // >0, but <4 attempts
$time_array[$size]=time();
$last_login_string = implode(",",$time_array);
}
return $last_login_string;
}else{
return time();
}
}
function get_4th_last_login($last_login_string){
$time_array = array();
$time_array = explode(",",$last_login_string);
if($size !=4){
$last_login_time time();
}else{
$last_login_time = $time_array[0];
}
return $last_login_time;
}
I'm not terribly familiar with MySQL myself, but DATE_SUB may work:
SELECT login_attempts from users WHERE email = '$email' AND last_login BETWEEN DATE_SUB(NOW(), INTERVAL 15 MINUTE) AND NOW()
https://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_date-add
EDIT: This answer is assuming that you are storing a timestamp (using time() or $_SERVER['REQUEST_TIME']) as the value of the last_login column in the users table.
What you can do is declare a $time variable using $_SERVER['REQUEST_TIME'] and do something like this:
$time = $_SERVER['REQUEST_TIME'] - 900; // Current time minus 900 seconds (15 minutes)
$query1 = "SELECT login_attempts from users WHERE email = '$email' AND last_login < $time";
If you want to change the time duration, just change the 900 to whatever value (in seconds) you want.
I'm stuck on this one.
It sounds quite easy what I'm trying to accomplish, still I can't get it to work...
I have several user stored in a database. They can visit a page after login. But each user has an end date. So if this day has passed, he won't be able to see the page anymore and will be redirected to another page. But there is a different date for each user.
When an user enter his credentials, a $_SESSION is created that stores his login name. I need the sql to get the date from the specific user using this $_SESSION value.
What I have so far:
$sql="SELECT * FROM $tbl_name WHERE licentiehouder=$naamLicentiehouder";
$naamLicentiehouder = $_SESSION['doorsturen'];
$result=mysql_query($sql);
$row = mysql_fetch_row($result);
$mydate = $row['vervaldatum'];
$curdate=strtotime("now");
if($curdate <= $mydate && $_SESSION['doorsturen'] == 'userONE') {
header("Location: userONE.php");
} else if ($curdate <= $mydate && $_SESSION['doorsturen'] == 'userTWO') {
header("Location: userTWO.php");
} else if($curdate > $mydate) {
header("Location: extend_license.php");
}
So again, every user has it's own license, which will expire on an exact date. This date is stored in the database. So if userONE's logging in, $_SESSION value is set to userONE. sql reads this values and gets only the row that's matching this value. If today (current date) is bigger than the date stored (so his license is expired), he will be redirected to a page to extend his license. If not, he will be able to see his personal page.
Hope anyone can help?!
Your variable $naamLicentiehouder is undefined at the time you run your query. Try:
$naamLicentiehouder = $_SESSION['doorsturen'];
$sql="SELECT * FROM $tbl_name WHERE licentiehouder='$naamLicentiehouder'";
Also mysql_query(), and the like, are depreciated. Use mysqli. I prefer the Object Oriented approach, since it saves a lot of repetitive typing.
To clarify, the Object Oriented approach, on a separate restricted page we'll call connect.php:
<?php
// reusable db() function can be called inside other functions
function db(){
return new mysqli('host', 'username', 'password', 'database');
}
?>
Now on your other page:
<?php
include_once 'restricted/connect.php'; $db = db();
if($db->connect_error)die("Connection Failure: {$db->connect_error}");
$naamLicentiehouder = $_SESSION['doorsturen']; // I would shorted this variable
if($result = $db->query("SELECT vervaldatum FROM your_table_name WHERE licentiehouder='$naamLicentiehouder'")){
if($result->num_rows > 0){
$row = $result->fetch_object(); $mydate = $row->vervaldatum;
$curdate = strtotime('now');
if($curdate <= $mydate && $naamLicentiehouder === 'userONE'){
header('LOCATION: userONE.php'); die;
}
elseif($curdate <= $mydate && $naamLicentiehouder === 'userTWO'){
header('LOCATION: userTWO.php'); die;
}
elseif($curdate > $mydate){
header('LOCATION: extend_license.php'); die;
}
else{
die('Date Issue.');
}
}
else{
die('No results were found.');
}
}
else{
die('Error :'.$db->error);
}
$result->free(); $db->close();
You seem to be getting a timestamp with $curdate=strtotime("now"); What you are getting from the database is likely (although I can't be sure) a date, not a timestamp. Use strtotime on it too:
$mydate = strtotime($row['vervaldatum']);
That should do it.
Okay, so my problem is this: when a user has 3 failed login attempts, he/she is supposed to be locked out of his account for an hour based on IP address. The IP address is stored into the table 'login_attempts' along with the fields 'attempts' and 'time'. Here is my code to pull the time and then I add an hour to it because that's when it's supposed to be when the user can try to log in again:
$user_time = new DateTime('20:04:18'); // example time pulled from the db
$add = new DateInterval('PT1H'); // +1 hour
$user->add($add); // should now be 21:04:18
Ok, so now here is the code for the current time. Again, I'm going to make up a time. It's going to be less than an hour so the user should still be LOCKED out:
$now = new DateTime('20:43:22');
if ($now->format('g:i a') < $user_time->format('g:i a')) {
$diff = $user_time->diff($now);
echo 'You still have ' . $diff->format('%i minutes') . ' until you can try again.';
}
else {
// reset login attempts, process login
For some reason this doesn't work properly. What am I doing wrong?
You better have a time field in your database table with int datatype and store the output of time() function for every login attempt. after the nth time unsuccessful attempts the user gets locked and initialize lockout. to check if the lockout time is over, simply compare the output of current time() function with the one stored after the third unsuccessful attempt.
$lockout = 3600;//if one hour
$query_result_for_last_attempt = "some query";
if((time()-$query_result_for_last_attempt) > $lockout){
header(site.php);
}else{
echo "you still need to wait";
}
of course there are beter fantacies you could do with the code!
I think your comparing of the dates is the problem. Try using getTimestamp() instead of format():
$now = new DateTime('20:43:22');
if ($now->getTimestamp() < $user_time->getTimestamp()) {
$diff = $user_time->diff($now);
echo 'You still have ' . $diff->format('%i minutes') . ' until you can try again.';
}
else {
// reset login attempts, process login