PHP后台限制IP登陆错误次数
2019-04-24 本文已影响0人
Aris_TnT
欢迎访问个人博客Aris-Blog
借助session实现,作为一个接口发布:
public function Index(){
$rs = array();
$ip = getIP::Index();
if(!isset($_SESSION[$ip])){
$_SESSION[$ip] = 5;
}
$rs['code'] = -1;
if(isset($_SESSION[$ip]) && $_SESSION[$ip] > 0)
{
$domain = new DomainAdmin();
$flag = $domain->ifUser($this->username, $this->pswd);
if($flag == true){
$_SESSION['adminadmin'] = true;
$rs['href'] = "admin.php";
$rs['code'] = 1;
//登陆成功
}else
{
$_SESSION['adminadmin'] = false;
$_SESSION[$ip] --;
$rs['code'] = 0;
$rs['count'] = $_SESSION[$ip];
//账号或密码错误,返回code = 0 和 可用次数count
}
}else
{
$rs['code'] = -1;
$_SESSION['adminadmin'] = false;
$rs['count'] = $_SESSION[$ip];
//IP登陆次数用完,锁定,一直返回code = -1
}
return $rs;
}
页面头部检测:
//Login.php 登陆页面头部
if(isset($_SESSION[$ip]) && $_SESSION[$ip] == 0){
echo '<script>window.location="404.html"</script>';
}
//admin.php 后台页面头部
if(!isset($_SESSION["adminadmin"]) || !$_SESSION["adminadmin"] === true || $_SESSION[$ip] < 0){
echo '<script>window.location="Login.php"</script>';
}
登录界面JS:
function f() {
let username = $("#inputText1").val();
let pswd = $("#inputText2").val();
let csrf_token = $("#csrf_token").val();
$.ajax({
type:'POST',
url:'/article/public/?s=Login/Index',
data:{
"username": rsa_encode(username),
"pswd": rsa_encode(pswd),
"csrf_token": csrf_token,
},
success: function(res, status, xhr){
let data = res.data;
console.log(res);
if (!res.ret || res.ret != 200) {
console.log(res.msg);
alert('通信错误,请联系管理员!');
return;
}
if(data.code == 1)
{
window.location = data.href;
}else if(data.code == 0){
alert('账号或密码错误!剩余可用次数为:'+data.count);
window.location.reload();
}else if(data.code == -1){
window.location="404.html";
}
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
console.log(XMLHttpRequest.status);
console.log(XMLHttpRequest.readyState);
console.log(textStatus);
console.log(errorThrown);
alert('参数出错,请刷新后重试!');
},
});
}
