Postingan lainnya
Bagaimana cara block user setelah 3 gagal login?
dan bagaimana cara menerapkannya di kode ini
SQL
-- phpMyAdmin SQL Dump
-- version 4.5.1
-- http://www.phpmyadmin.net
--
-- Host: 127.0.0.1
-- Generation Time: Mar 11, 2017 at 07:07 PM
-- Server version: 10.1.13-MariaDB
-- PHP Version: 7.0.5
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: `cekula`
--
-- --------------------------------------------------------
--
-- Table structure for table `person`
--
CREATE TABLE `person` (
`id` int(11) NOT NULL,
`author` varchar(20) NOT NULL,
`nama` varchar(100) NOT NULL,
`alamat` text NOT NULL,
`gambar` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Dumping data for table `person`
--
INSERT INTO `person` (`id`, `author`, `nama`, `alamat`, `gambar`) VALUES
(13, 'fadhel', 'Hello World!', '<p>x</p>\r\n', ''),
(20, 'admin', 'Steve', '\r\nJobs</pre>\r\n', '4vjftl68udus.jpg'),
(21, 'fadhel', 'FADHEL', '<p><em>FADHEL</em></p>\r\n', '4yypfqdlvow8.jpg'),
(23, 'fadhel', 'KYGO', '<p>STAY</p>\r\n', ''),
(30, 'fadhel', 'let''s', '<p>go</p>\r\n', ''),
(44, 'fadhel', '<script>', '<p><script></p>\r\n', ''),
(45, 'fadhel', 'SECURE!', '<p>MANTAP</p>\r\n', '');
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE `users` (
`user_id` int(11) NOT NULL,
`username` varchar(20) NOT NULL,
`password` varchar(60) NOT NULL,
`count` int(11) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Dumping data for table `users`
--
INSERT INTO `users` (`user_id`, `username`, `password`, `count`) VALUES
(14, 'fadhel', '$2y$10$XHqHc1UQrO11gOjIaxukkOIj8S3cwpwd2GF5Lp2ajojQ5LcNhjHEu', 6),
(15, 'fadhel', '$2y$10$pu0j.ijdGY1oy994cd3k1epq0xOOuL04OSEVsGRLhrJWdQijrFK2G', 6),
(16, 'admin', '$2y$10$9grexkDmmAPATFZxtk5HZem.dIlY72RnCAyX1Bkw8LcNQtGRIDW8m', 6);
--
-- Indexes for dumped tables
--
--
-- Indexes for table `person`
--
ALTER TABLE `person`
ADD PRIMARY KEY (`id`);
--
-- Indexes for table `users`
--
ALTER TABLE `users`
ADD PRIMARY KEY (`user_id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `person`
--
ALTER TABLE `person`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=46;
--
-- AUTO_INCREMENT for table `users`
--
ALTER TABLE `users`
MODIFY `user_id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=17;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
Login.php
<?php
require_once 'template/header.php';
if(session::exists('username')){
header('location: profile.php');
}
$errors = array();
if ( input::get('submit')) {
//call validation
$validation = new validation();
// ngecek
$validation = $validation->check(array(
'username' => array( 'required' => true ),
'password' => array( 'required' => true )
));
//finish
if( $validation->passed() ){
if($user->cek_nama(input::get('username'))){
if( $user->login_user( input::get('username'), input::get('password') ) )
{
session::set('username', input::get('username'));
header('Location: profile.php');
}else{
$errors[] = "login FAIL";
$user->updatecount();
}
}else {
$errors[] = "namanya belum ada";
$user->updatecount();
}
}else{
$errors = $validation->errors();
}
}
?>
<div class="panel panel-default">
<div class="panel-heading">
<div class="panel-title"><h1>Login</h1></div>
</div>
<form action="login.php" method="post">
<div class="panel-body">
<tr>
<td><input type='text' name='username' class="form-control" placeholder="Username"></td>
</tr>
<div class="clearfix"></div><br />
<tr>
<td><input type='password' name='password' class='form-control' placeholder="Password"></td>
</tr>
<div class="clearfix"></div><br />
<tr>
<td><input type="submit" class="btn btn-large btn-success" name="submit" value="Login Sekarang"></td>
</tr>
<?php if(!empty($errors)){?>
<div id="errors">
<?php foreach ($errors as $error){ ?>
<li> <?php echo $error;?> </li>
<?php } ?>
</div>
<?php } ?>
</div>
</form>
</div>
<?php
include 'template/footer.php';
?>
user.php
<?php
class user extends db{
private $table = 'person';
private $pengguna = 'users';
public function __construct()
{
parent::__construct();
}
public function insert($pemakai,$fields = array())
{
//ambil kolom
$column = implode(",", array_keys($fields));
//ambil nilai
$valueArrays = array();
$i = 0;
foreach ($fields as $key=>$values) {
if( is_int($values) ){
$valueArrays[$i] = $this->escape($values) ;
}else{
$valueArrays[$i] = "" . $this->escape($values) . "";
$i++;}
}
$values = implode(",", $valueArrays);
$query = "INSERT INTO $pemakai ($column) VALUES ($values)";
return $this->run_query($query, 'have problem when you input data');
}
public function get_info( $pemakai,$column, $value)
{
if( !is_int($value) )
$value = "'" . $value . "'";
$query = "SELECT * FROM $pemakai WHERE $column = $value AND count != 3";
$result = $this->_db->prepare($query);
$result->execute();
while($row = $result->fetch(PDO::FETCH_ASSOC)) {
return $row;
}
}
public function run_query($query, $msg){
if($this->_db->query($query)) return true;
else die($msg);
}
public function escape($name){
return $this->_db->quote($name);
}
public function register_user($fields = array())
{
if( $this->insert($this->pengguna,$fields) ) return true;
else return false;
}
public function login_user($username , $password)
{
$data = $this->get_info($this->pengguna, 'username', $username);
if(password_verify(input::get('password'), $data['password']) )
return true;
else return false;
}
public function cek_nama($username)
{
$data = $this->get_info($this->pengguna, 'username', $username);
if(empty($data)) return false;
else return true;
}
public function filterinjection($value){
// Karakter yang sering digunakan untuk sqlInjection
$char = array ('-','/','\\',',','.','#',':',';','\'','"',"'",'[',']','{','}',')','(','|','`','~','!','@','%','$','^','&','*','=','?','+');
// Hilangkan karakter yang telah disebutkan di array $char
$cleanval = str_replace($char, '', trim($value));
return $cleanval;
}
public function read(){
$query = "SELECT * FROM $this->table";
$result = $this->_db->prepare($query);
$result->execute();
while($row = $result->fetch(PDO::FETCH_ASSOC))
$hasil[]=$row;
rsort($hasil);
return $hasil;
}
public function post( $value)
{
$value = "'" . $value . "'";
$query = "SELECT * FROM $this->table WHERE id=$value";
$result = $this->_db->prepare($query);
$result->execute();
while($row = $result->fetch(PDO::FETCH_ASSOC))
return $row;
}
public function cari( $value, $column, $column2)
{
$value = "'%" . $value . "%'";
$query = "SELECT * FROM $this->table WHERE $column LIKE $value OR $column2 LIKE $value";
$result = $this->_db->prepare($query);
$result->execute();
while($row = $result->fetch(PDO::FETCH_ASSOC))
$hasil[]=$row;
return $hasil;
}
public function input($fields = array()){
if( $this->insert($this->table,$fields) ) return true;
else return false;
}
public function delete($pemakai,$fields = array()){
//ambil kolom
$column = implode(",", array_keys($fields));
//ambil nilai
$valueArrays = array();
$i = 0;
foreach ($fields as $key=>$values) {
if( is_int($values) ){
$valueArrays[$i] = $values ;
}else{
$valueArrays[$i] = $this->escape($values);
$i++;}
}
$values = implode(",", $valueArrays);
$query = "DELETE FROM $pemakai WHERE $column=$values";
return $this->run_query($query, 'have problem when you delete data');
}
public function hapus($fields = array()){
if( $this->delete($this->table,$fields) ) return true;
else return false;
}
public function update($nama,$alamat,$gambar,$id,$author){
$query = "UPDATE $this->table SET nama='$nama', alamat='$alamat', gambar='$gambar',author='$author' WHERE id='$id'";
return $this->run_query($query, 'have problem when you delete data');
}
public function updatecount(){
$bancheck = "UPDATE $this->pengguna SET count = count+1";
return $this->run_query($bancheck, 'Salah input');
}
public function update2($id,$nama,$alamat,$author){
$query = "UPDATE $this->table SET nama='$nama', alamat='$alamat',author='$author' WHERE id='$id'";
$result = $this->_db->prepare($query);
$result->execute();
} function Paginate($values,$per_page){
$total_values = count($values);
if(abs((int) isset($_GET['page']))){
$current_page = abs((int) $_GET['page']);
}else{
$current_page = 1;
}
$counts = ceil($total_values / $per_page);
$param1 = ($current_page - 1) * $per_page;
$this->data = array_slice($values,$param1,$per_page);
for($x=1; $x<= $counts; $x++){
$numbers[] = $x;
}
return $numbers;
}
function fetchResult(){
$resultsValues = $this->data;
return $resultsValues;
}
/*Installer*/
//membuat database
public function createdatabase($konek2,$databases){
mysqli_query($konek2,"create database ".$databases."") or die('NAMA HOSTING,USERNAME DAN PASSWORD DI HOSTING HARUS BENAR');
echo "└ konek ke server... ✓<br/>";
echo "└ berhasil membuat database! ✓<br/>";}
//membuka database yang telah dibuat
public function opendatabase($konek2,$databases){
mysqli_select_db($konek2,$databases);
echo "└ database telah ditemukan... ✓<br/>";}
//membuat table user dengan user standar
public function createtable($konek2){
mysqli_query($konek2,"create table users(username varchar(30) primary key not null, password varchar(32) not null)");
echo "└ berhasil membuat table! ✓<br/>";}
}
?>
validation.php
<?php
class validation{
private $_passed = false,
$_errors = array();
public function check($items = array()){
foreach ($items as $item => $rules) {
foreach ($rules as $rule => $rule_value) {
switch ($rule) {
case 'required':
if( trim(input::get($item)) == false && $rule_value == true ) {
$this->addError(" $item wajib diisi ");
}
break;
case 'min':
if( strlen(input::get($item)) < $rule_value ) {
$this->addError(" $item minimal $rule_value 3 character ");
}
break;
case 'max':
if( strlen(input::get($item)) > $rule_value ) {
$this->addError(" $item maximal $rule_value 3 character ");
}
break;
default:
break;
}
}
}//end first foreach
if(empty($this->_errors)){
$this->_passed = true;
}
return $this;
}
private function addError($error){
$this->_errors[] = $error;
}
public function errors(){
return $this->_errors;
}
public function passed(){
return $this->_passed;
}
}
?>
input.php
<?php
class input {
public static function get($name){
if( isset($_POST[$name]) ){
return $_POST[$name];
}
else if( isset($_GET[$name]) ) {
return $_GET[$name];
}
return false;
}
}
?>
session.php
<?php
class session{
public static function exists($nama){
return(isset($_SESSION[$nama])) ? true : false ;
}
public static function set($nama, $nilai){
return $_SESSION[$nama] = $nilai;
}
public static function get($nama){
return $_SESSION[$nama];
}
}
?>
0
3 Jawaban:
logikanya begini: tambahkan satu column di table user, misalnya namanya "login_attempt" tipdetanya angka, tinyInt cukup. Setiap user gagal login tambahkan login_attempt ini + 1, dan diujia dibagian gagal login ini, kalau udah 3 , silahkan block usernya, bisa lewat status ganti jadi -1, jadi semua yang statusnya -1 ga boleh login lagi.
BIasanya sih di website sekedar tambahin waktu misalnya 10 menit lagi baru bisa login, kalau mau pake ini tambahkan lagi kolom "login_time" tinggal taro waktunya disini dan diuji apakah usernya udah ngelewatin waktu ini atau belum
0
<pre> <?php
class session{ public static function exists($nama){ return(isset($_SESSION[$nama])) ? true : false ; }
public static function set($nama, $nilai){ return $_SESSION[$nama] = $nilai;
} public static function get($nama){ return $_SESSION[$nama];
} }
?> </pre>
0
