轉(zhuǎn)自www.3maio.com/w-detail/10

class Login

{

protected $pdo;

public function __construct()

{

//鏈接數(shù)據(jù)庫

$this->connectDB();

}

protected function connectDB()

{

$dsn = "mysql:host=localhost;dbname=demo;charset=utf8";

$this->pdo = new PDO($dsn, 'root', 'root');

}

//顯示登錄頁

public function loginPage()

{

include_once('./html/login.html');

}

//接受用戶數(shù)據(jù)做登錄

public function handlerLogin()

{

$email = $_POST['email'];

$pass = $_POST['pass'];

//根據(jù)用戶提交數(shù)據(jù)查詢用戶信息

$sql = "select id,name,pass,reg_time from blog_admin where email = ?";

$stmt = $this->pdo->prepare($sql);

$stmt->execute([$email]);

$userData = $stmt->fetch(\PDO::FETCH_ASSOC);

//沒有對應(yīng)郵箱

if ( empty($userData) ) {

echo '登錄失敗1';

echo '';

exit;

}

//檢查用戶最近30分鐘密碼錯誤次數(shù)

$res = $this->checkPassWrongTime($userData['id']);

//錯誤次數(shù)超過限制次數(shù)

if ( $res === false ) {

echo '你剛剛輸錯很多次密碼弦疮，為了保證賬戶安全延刘，系統(tǒng)已經(jīng)將您賬號鎖定30min';

echo '';

exit;

}

//判斷密碼是否正確

$isRightPass = password_verify($pass, $userData['pass']);

//登錄成功

if ( $isRightPass ) {

echo '登錄成功';

exit;

} else {

//記錄密碼錯誤次數(shù)

$this->recordPassWrongTime($userData['id']);

echo '登錄失敗2';

echo '';

exit;

}

}

//記錄密碼輸出信息

protected function recordPassWrongTime($uid)

{

//ip2long()函數(shù)可以將IP地址轉(zhuǎn)換成數(shù)字

$ip = ip2long( $_SERVER['REMOTE_ADDR'] );

$time = date('Y-m-d H:i:s');

$sql = "insert into blog_admin_info(uid,ipaddr,logintime,pass_wrong_time_status) values($uid,$ip,'{$time}',2)";

$stmt = $this->pdo->prepare($sql);

$stmt->execute();

}

/**

* 檢查用戶最近$min分鐘密碼錯誤次數(shù)

* $uid 用戶ID

* $min? 鎖定時間

* $wTIme 錯誤次數(shù)

* @return 錯誤次數(shù)超過返回false,其他返回錯誤次數(shù)微姊，提示用戶

*/

protected function checkPassWrongTime($uid, $min=30, $wTime=3)

{

if ( empty($uid) ) {

throw new \Exception("第一個參數(shù)不能為空");

}

$time = time();

$prevTime = time() - $min*60;

//用戶所在登錄ip

$ip = ip2long( $_SERVER['REMOTE_ADDR'] );

//pass_wrong_time_status代表用戶輸出了密碼

$sql = "select * from user_login_info where uid={$uid} and pass_wrong_time_status=2 and UNIX_TIMESTAMP(logintime) between $prevTime and $time and ipaddr=$ip";

$stmt = $this->pdo->prepare($sql);

$stmt->execute();

$data = $stmt->fetchAll(\PDO::FETCH_ASSOC);

//統(tǒng)計錯誤次數(shù)

$wrongTime = count($data);

//判斷錯誤次數(shù)是否超過限制次數(shù)

if ( $wrongTime > $wTime ) {

return false;

}

return $wrongTime;

}

public function __call($methodName, $params)

{

echo '訪問的頁面不存在','返回登錄頁';

}

}

$a = @$_GET['a']?$_GET['a']:'loginPage';

$login = new Login();

$login->$a();