Bagaimana cara block user setelah 3 gagal login?

dan bagaimana cara menerapkannya di kode ini SQL
 -- phpMyAdmin SQL Dump
-- version 4.5.1
-- http://www.phpmyadmin.net
--
-- Host: 127.0.0.1
-- Generation Time: Mar 11, 2017 at 07:07 PM
-- Server version: 10.1.13-MariaDB
-- PHP Version: 7.0.5

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @[email protected]@CHARACTER_SET_CLIENT */;
/*!40101 SET @[email protected]@CHARACTER_SET_RESULTS */;
/*!40101 SET @[email protected]@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- Database: `cekula`
--

-- --------------------------------------------------------

--
-- Table structure for table `person`
--

CREATE TABLE `person` (
  `id` int(11) NOT NULL,
  `author` varchar(20) NOT NULL,
  `nama` varchar(100) NOT NULL,
  `alamat` text NOT NULL,
  `gambar` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `person`
--

INSERT INTO `person` (`id`, `author`, `nama`, `alamat`, `gambar`) VALUES
(13, 'fadhel', 'Hello World!', '<p>x</p>\r\n', ''),
(20, 'admin', 'Steve', '
\r\nJobs</pre>\r\n', '4vjftl68udus.jpg'),
(21, 'fadhel', 'FADHEL', '<p><em>FADHEL</em></p>\r\n', '4yypfqdlvow8.jpg'),
(23, 'fadhel', 'KYGO', '<p>STAY</p>\r\n', ''),
(30, 'fadhel', 'let''s', '<p>go</p>\r\n', ''),
(44, 'fadhel', '<script>', '<p><script></p>\r\n', ''),
(45, 'fadhel', 'SECURE!', '<p>MANTAP</p>\r\n', '');

-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE `users` (
  `user_id` int(11) NOT NULL,
  `username` varchar(20) NOT NULL,
  `password` varchar(60) NOT NULL,
  `count` int(11) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`user_id`, `username`, `password`, `count`) VALUES
(14, 'fadhel', '$2y$10$XHqHc1UQrO11gOjIaxukkOIj8S3cwpwd2GF5Lp2ajojQ5LcNhjHEu', 6),
(15, 'fadhel', '$2y$10$pu0j.ijdGY1oy994cd3k1epq0xOOuL04OSEVsGRLhrJWdQijrFK2G', 6),
(16, 'admin', '$2y$10$9grexkDmmAPATFZxtk5HZem.dIlY72RnCAyX1Bkw8LcNQtGRIDW8m', 6);

--
-- Indexes for dumped tables
--

--
-- Indexes for table `person`
--
ALTER TABLE `person`
  ADD PRIMARY KEY (`id`);

--
-- Indexes for table `users`
--
ALTER TABLE `users`
  ADD PRIMARY KEY (`user_id`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `person`
--
ALTER TABLE `person`
  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=46;
--
-- AUTO_INCREMENT for table `users`
--
ALTER TABLE `users`
  MODIFY `user_id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=17;
/*!40101 SET [email protected]_CHARACTER_SET_CLIENT */;
/*!40101 SET [email protected]_CHARACTER_SET_RESULTS */;
/*!40101 SET [email protected]_COLLATION_CONNECTION */;
 
Login.php
<?php
  require_once 'template/header.php';

  if(session::exists('username')){
    header('location: profile.php');
  }

  $errors = array();

  if ( input::get('submit')) {
    //call validation
    $validation = new validation();
    // ngecek
    $validation = $validation->check(array(
      'username' => array( 'required' => true ),
      'password' => array( 'required' => true )
    ));

    //finish
    if( $validation->passed() ){
      if($user->cek_nama(input::get('username'))){
      if( $user->login_user( input::get('username'), input::get('password') ) )
      {
      session::set('username', input::get('username'));
      header('Location: profile.php');
    }else{
      $errors[] = "login FAIL";
      $user->updatecount();
    }
  }else {
    $errors[] = "namanya belum ada";
    $user->updatecount();
  }

}else{
      $errors = $validation->errors();
    }

  }


?>
<div class="panel panel-default">
  <div class="panel-heading">
  <div class="panel-title"><h1>Login</h1></div>
</div>
<form action="login.php" method="post">
  <div class="panel-body">
  <tr>
      <td><input type='text' name='username' class="form-control" placeholder="Username"></td>
  </tr>
      <div class="clearfix"></div><br />
  <tr>
      <td><input type='password' name='password' class='form-control' placeholder="Password"></td>
  </tr>
    <div class="clearfix"></div><br />
  <tr>
  <td><input type="submit" class="btn btn-large btn-success" name="submit" value="Login Sekarang"></td>
  </tr>
  <?php if(!empty($errors)){?>
    <div id="errors">
    <?php foreach ($errors as $error){ ?>
      <li> <?php echo $error;?> </li>
    <?php } ?>
</div>
  <?php } ?>

</div>
</form>
</div>
<?php
include 'template/footer.php';
?>
user.php
 <?php


class user extends db{
   private $table = 'person';
   private $pengguna = 'users';
  public function __construct()
	{
		    parent::__construct();
	}


  public function insert($pemakai,$fields = array())
  {

    //ambil kolom
    $column = implode(",", array_keys($fields));

    //ambil nilai
    $valueArrays = array();
    $i = 0;
    foreach ($fields as $key=>$values) {
      if( is_int($values) ){
      $valueArrays[$i] = $this->escape($values) ;
    }else{
      $valueArrays[$i] = "" . $this->escape($values) . "";
      $i++;}
    }

    $values = implode(",", $valueArrays);

    $query = "INSERT INTO $pemakai ($column) VALUES ($values)";

    return $this->run_query($query, 'have problem when you input data');
  }

  public function get_info( $pemakai,$column, $value)
  {
    if( !is_int($value) )
        $value = "'" . $value . "'";
        $query = "SELECT * FROM $pemakai WHERE $column = $value AND count != 3";
        $result = $this->_db->prepare($query);
        $result->execute();

        while($row = $result->fetch(PDO::FETCH_ASSOC)) {
        return $row;
      }
  }

  public function run_query($query, $msg){
    if($this->_db->query($query)) return true;
    else die($msg);
  }

  public function escape($name){
    return $this->_db->quote($name);
  }

  public function register_user($fields = array())
  {
    if( $this->insert($this->pengguna,$fields) ) return true;
    else return false;
  }
  public function login_user($username , $password)
  {

    $data = $this->get_info($this->pengguna, 'username', $username);

    if(password_verify(input::get('password'), $data['password']) )

      return true;
    else return false;
  }

  public function cek_nama($username)
  {
      $data = $this->get_info($this->pengguna, 'username', $username);
      if(empty($data)) return false;
      else return true;
  }

  public function filterinjection($value){
  // Karakter yang sering digunakan untuk sqlInjection
  $char = array ('-','/','\\',',','.','#',':',';','\'','"',"'",'[',']','{','}',')','(','|','`','~','!','@','%','$','^','&','*','=','?','+');

  // Hilangkan karakter yang telah disebutkan di array $char
  $cleanval = str_replace($char, '', trim($value));

  return $cleanval;
  }

  public function read(){
    $query = "SELECT * FROM $this->table";
    $result = $this->_db->prepare($query);
    $result->execute();
    while($row = $result->fetch(PDO::FETCH_ASSOC))
    $hasil[]=$row;
    rsort($hasil);
    return $hasil;
  }

  public function post( $value)
  {
        $value = "'" . $value . "'";
        $query = "SELECT * FROM $this->table WHERE id=$value";
        $result = $this->_db->prepare($query);
        $result->execute();

        while($row = $result->fetch(PDO::FETCH_ASSOC))
        return $row;
  }

  public function cari( $value, $column, $column2)
  {

        $value = "'%" . $value . "%'";
        $query = "SELECT * FROM $this->table WHERE $column LIKE $value OR $column2 LIKE $value";
        $result = $this->_db->prepare($query);
        $result->execute();

        while($row = $result->fetch(PDO::FETCH_ASSOC))
        $hasil[]=$row;
        return $hasil;
  }

  public function input($fields = array()){
    if( $this->insert($this->table,$fields) ) return true;
    else return false;
  }
  public function delete($pemakai,$fields = array()){


        //ambil kolom
        $column = implode(",", array_keys($fields));

        //ambil nilai
        $valueArrays = array();
        $i = 0;
        foreach ($fields as $key=>$values) {
          if( is_int($values) ){
          $valueArrays[$i] = $values ;
        }else{
          $valueArrays[$i] = $this->escape($values);
          $i++;}
        }

        $values = implode(",", $valueArrays);

        $query = "DELETE FROM $pemakai WHERE $column=$values";
        return $this->run_query($query, 'have problem when you delete data');

  }
  public function hapus($fields = array()){
    if( $this->delete($this->table,$fields) ) return true;
    else return false;
  }


  public function update($nama,$alamat,$gambar,$id,$author){
    $query = "UPDATE $this->table SET nama='$nama', alamat='$alamat', gambar='$gambar',author='$author' WHERE id='$id'";
        return $this->run_query($query, 'have problem when you delete data');
  }

  public function updatecount(){
    $bancheck = "UPDATE $this->pengguna SET count = count+1";
    return $this->run_query($bancheck, 'Salah input');
  }

  public function update2($id,$nama,$alamat,$author){
    $query = "UPDATE $this->table SET nama='$nama', alamat='$alamat',author='$author' WHERE id='$id'";
    $result = $this->_db->prepare($query);
    $result->execute();
  } function Paginate($values,$per_page){
  $total_values = count($values);

  if(abs((int) isset($_GET['page']))){
  $current_page = abs((int) $_GET['page']);
  }else{
  $current_page = 1;
  }
  $counts = ceil($total_values / $per_page);
  $param1 = ($current_page - 1) * $per_page;
  $this->data = array_slice($values,$param1,$per_page);

  for($x=1; $x<= $counts; $x++){
  $numbers[] = $x;
  }
  return $numbers;
  }
   function fetchResult(){
  $resultsValues = $this->data;
  return $resultsValues;
  }

/*Installer*/

//membuat database
public function createdatabase($konek2,$databases){
  mysqli_query($konek2,"create database ".$databases."") or die('NAMA HOSTING,USERNAME DAN PASSWORD DI HOSTING HARUS BENAR');
  echo "└ konek ke server... ✓<br/>";
echo "└ berhasil membuat database! ✓<br/>";}

//membuka database yang telah dibuat
public function opendatabase($konek2,$databases){
  mysqli_select_db($konek2,$databases);
echo "└ database telah ditemukan... ✓<br/>";}

//membuat table user dengan user standar
public function createtable($konek2){
mysqli_query($konek2,"create table users(username varchar(30) primary key not null, password varchar(32) not null)");
echo "└ berhasil membuat table! ✓<br/>";}



}

 ?>
 
validation.php
 <?php

class validation{

  private $_passed = false,
          $_errors = array();


  public function check($items = array()){
    foreach ($items as $item => $rules) {
      foreach ($rules as $rule => $rule_value) {
        switch ($rule) {
          case 'required':
            if( trim(input::get($item)) == false && $rule_value == true ) {
              $this->addError(" $item wajib diisi ");
            }
            break;
            case 'min':
              if( strlen(input::get($item)) < $rule_value ) {
                $this->addError(" $item minimal $rule_value 3 character ");
              }
              break;
              case 'max':
                if( strlen(input::get($item)) > $rule_value ) {
                  $this->addError(" $item maximal $rule_value 3 character ");
                }
                break;

          default:
            break;
        }
      }
    }//end first foreach

    if(empty($this->_errors)){
      $this->_passed = true;
    }
    return $this;
  }

private function addError($error){
  $this->_errors[] = $error;
}

public function errors(){
  return $this->_errors;
}

public function passed(){
  return $this->_passed;
}

}


 ?>
 
input.php
 <?php

class input {

  public static function get($name){
    if( isset($_POST[$name]) ){
      return $_POST[$name];
    }
    else if( isset($_GET[$name]) ) {
      return $_GET[$name];
    }

    return false;
  }

}

 ?>
 
session.php
 <?php

class session{
  public static function exists($nama){
    return(isset($_SESSION[$nama])) ? true : false ;
  }

  public static function set($nama, $nilai){
    return $_SESSION[$nama] = $nilai;

  }
  public static function get($nama){
    return $_SESSION[$nama];

  }
}

 ?>
 
avatar fadhelmurphy

@fadhelmurphy

19 Kontribusi 1 Poin


Jawaban

logikanya begini: tambahkan satu column di table user, misalnya namanya "login_attempt" tipdetanya angka, tinyInt cukup. Setiap user gagal login tambahkan login_attempt ini + 1, dan diujia dibagian gagal login ini, kalau udah 3 , silahkan block usernya, bisa lewat status ganti jadi -1, jadi semua yang statusnya -1 ga boleh login lagi. BIasanya sih di website sekedar tambahin waktu misalnya 10 menit lagi baru bisa login, kalau mau pake ini tambahkan lagi kolom "login_time" tinggal taro waktunya disini dan diuji apakah usernya udah ngelewatin waktu ini atau belum
avatar hilmanski

@hilmanski

2514 Kontribusi 2073 Poin


kodenya itu gimana ya untuk sudah 3x?
avatar fadhelmurphy

@fadhelmurphy

19 Kontribusi 1 Poin


 <?php

class session{
  public static function exists($nama){
    return(isset($_SESSION[$nama])) ? true : false ;
  }

  public static function set($nama, $nilai){
    return $_SESSION[$nama] = $nilai;

  }
  public static function get($nama){
    return $_SESSION[$nama];

  }
}

 ?>
 
avatar ahmadsopiyan

@ahmadsopiyan

1 Kontribusi 0 Poin


Login untuk gabung berdiskusi