后台限制IP登陆错误次数

借助 session 实现,作为一个接口发布:

public function Index(){
    $rs = array();
    
    $ip = getIP::Index();

    if(!isset($_SESSION[$ip])){
        $_SESSION[$ip] = 5;
    }

    $rs['code'] = -1;

    if(isset($_SESSION[$ip]) && $_SESSION[$ip] > 0)
    {
        $domain = new DomainAdmin();
        $flag = $domain->ifUser($this->username, $this->pswd);

        if($flag == true){
            $_SESSION['adminadmin'] = true;
            $rs['href'] = "admin.php";
            $rs['code'] = 1;
            //登陆成功
        }else
            {
                $_SESSION['adminadmin'] = false;
                $_SESSION[$ip] --;
                $rs['code'] = 0;
                $rs['count'] = $_SESSION[$ip];
                //账号或密码错误,返回code = 0 和 可用次数count
            }
    }else
        {
            $rs['code'] = -1;
            $_SESSION['adminadmin'] = false;
            $rs['count'] = $_SESSION[$ip];
            //IP登陆次数用完,锁定,一直返回code = -1
        }
    return $rs;
}

页面头部检测:

//Login.php 登陆页面头部
if(isset($_SESSION[$ip]) && $_SESSION[$ip] == 0){
    echo '<script>window.location="404.html"</script>';
}

//admin.php 后台页面头部
if(!isset($_SESSION["adminadmin"]) || !$_SESSION["adminadmin"] === true || $_SESSION[$ip] < 0){
    echo '<script>window.location="Login.php"</script>';
}

登录界面 JS:

 function f() {
        let username = $("#inputText1").val();
        let pswd = $("#inputText2").val();
        let csrf_token = $("#csrf_token").val();
        $.ajax({
            type:'POST',
            url:'/article/public/?s=Login/Index',
            data:{
                "username": rsa_encode(username),
                "pswd": rsa_encode(pswd),
                "csrf_token": csrf_token,
            },
            
            success: function(res, status, xhr){
                let data = res.data;
                console.log(res);
                if (!res.ret || res.ret != 200) {
                    console.log(res.msg);
                    alert('通信错误,请联系管理员!');
                    return;
                }
                
                if(data.code == 1)
                {
                    window.location = data.href;
                }else if(data.code == 0){
                    alert('账号或密码错误!剩余可用次数为:'+data.count);
                    window.location.reload();
                }else if(data.code == -1){
                    window.location="404.html";
                }
            },
            error: function(XMLHttpRequest, textStatus, errorThrown) {
                console.log(XMLHttpRequest.status);
                console.log(XMLHttpRequest.readyState);
                console.log(textStatus);
                console.log(errorThrown);
                alert('参数出错,请刷新后重试!');
            },
        });
    }

本文链接:https://ariser.cn/index.php/archives/21/
本站文章采用 知识共享署名4.0 国际许可协议进行许可,请在转载时注明出处及本声明!