Problem in LOGICAL THINKING

From: Sascha Affolter <webmaster@xxxxxxxxxxxxx>
Date: Sun, 19 Mar 2006 17:05:30 GMT

Hi,
I make a login system with an function to filtre the hacker. When a user login with a wrong Password or USERNAME he have 5 logins to make this.
whats my problem?
[php]<?php
include("include/config.php");
$fehler = "";
$time = time();
$ip = $_SERVER['REMOTE_ADDR'];
$query = "SELECT time,enters FROM loginhack WHERE ip = '$ip'";
$sql = mysql_query($query) or die(mysql_error());
$ds = mysql_fetch_object($sql);
if($ds->enters < 5){
$canlogin = TRUE;
}else{
if(isset($ds->enters) AND $ds->time > $time){
$query = "UPDATE loginhack SET time = '0', enters = '0' WHERE ip = '$ip'";
mysql_query($query);
$canlogin = TRUE;
}
}
if($canlogin == TRUE){
if(isset($_COOKIE['login_sid'])){
$cookiedata = explode('|',$_COOKIE['login_sid']);
$query = "SELECT passwort FROM Login WHERE nickname = '$cookiedata[1]'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
if($ds->passwort == $cookiedata[2]){
$fehler = "Bereits drinnen!!!";
}
}else{
if(empty($loginnickname) || empty($loginpasswort)){
$fehler = "Bitte geben Sie PW und Nick an!";
}else{
$loginnickname = mysql_escape_string($_POST['nickname']);
$loginpasswort = mysql_escape_string($_POST['passwort']);
$query = "SELECT nickname,passwort,aktiviert FROM Login WHERE nickname = '$loginnickname'";
$sql = mysql_query($query) or die(mysql_error());
$ds = mysql_fetch_object($sql);
$loginpasswortmd = md5($loginpasswort);

$query = "SELECT passwort FROM Login WHERE nickname = '$loginnickname'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
if($ds->passwort !== $loginpasswortmd){
$query = "SELECT time,enters FROM loginhack WHERE ip = '$ip'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
if(!isset($ds->enters)){
$query = "INSERT INTO loginhack SET ip = '$ip', enters = '1'";
$sql = mysql_query($query) or die(mysql_error());
$newenter = "1";
}else{
if($ds->enters == "5"){
if($ds->time < $time){
$query = "UPDATE loginhack SET time = '0', enters = '1' WHERE ip = '$ip'";
mysql_query($query) or die(mysql_error());
$newenter = 1;
}
}else{
if($ds->enters == "4"){
$endtime = $time+60*15;
$query = "UPDATE loginhack SET time = '$endtime', enters = '5' WHERE ip = '$ip'";
mysql_query($query);
$newenter = 5;
}else{
if($ds->enters < 4){
$enters = $ds->enters;
$newenter = $enters+1;
$query = "UPDATE loginhack SET enters = '$newenter' WHERE ip = '$ip'";
mysql_query($query) or die(mysql_error());
}
}
}
}
if(isset($newenter)){
$newenter = 5 - $newenter;
$fehler = "Sie haben ein falsches PW angegeben oder den falschen NICK! Sie haben noch ".$newenter." Login Versuche!";
}else{
$FORMATED_TIME = $ds->time;
$count = date("m-d-Y H:i",$FORMATED_TIME);
$fehler = "Sie sind noch bis ".$count." gesperrt!!";
}
}else{
if($ds->aktiviert == "1"){
$fehler = "Sie sind noch nicht aktiviert!";
}else{
if($fehler == "" AND $fehlerhack == ""){
$cookievalue = $loginnickname.' | '.md5($loginpasswort);
setcookie("login_sid", $cookievalue, time()+60*60*24*30);
define(membersite,true);
$date = date("Y-m-d");
$time = date("H:i:s");
$ip = $_SERVER['REMOTE_ADDR'];
$query = "UPDATE Login SET ip = '$ip', lastlogin = '$date $time' WHERE nickname = '$loginnickname'";
mysql_query($query) or die(mysql_error());
print 'Sie werden weitergeleitet... <meta http-equiv="refresh"content="0;URL=http://'.$url.'/index.php?action=login">';
}else{
print 'Sie werden weitergeleitet... <meta http-equiv="refresh"content="0;URL=http://'.$url.'/index.php?fehler='.$fehler.'">';
}
}
}
}
}
}else{
$query = "SELECT time FROM loginhack WHERE ip = '$ip'";
$sql = mysql_query($query);
$ds = mysql_fetch_object($sql);
$FORMATED_TIME = $ds->time;
$count = date("m-d-Y H:i",$FORMATED_TIME);
$fehler = "Sie sind noch bis ".$count." gesperrt!!";
print 'Sie werden weitergeleitet... <meta http-equiv="refresh"content="0;URL=http://'.$url.'/index.php?fehler=!'.$fehler.'">';
}
?>[/php]
When i run this, it prinbt nothing and make nothing :(
.

Prev by Date: Re: print "..." question
Next by Date: Re: How to view compilation errors in PHP/Linux box
Previous by thread: print "..." question
Next by thread: Re: Remember When Some Of You Retards Were Saying The Eval Function Doesn't Do Anything...
Index(es):
- Date
- Thread

Relevant Pages

Re: Permission question - another one
... If I add an Sql Login it does add the TRAVAC\ in front of the names, ... seems to be users that were setup to use SQL Server Authentication. ... RAPTOR is the Server that has SQL Server running on it. ... > " I could think I am taking permissions away from someone, ...
(microsoft.public.sqlserver.programming)
Is it possible to do Authentication with ASP.NET / C# over IIS ?
... I try to solve a problem: Some folder on an IIS Webserver should be ... But I want to have a SQL ... database with the users which are allowed to login and just ONE System ... Make a login page and check Username and password against the entries ...
(microsoft.public.dotnet.framework.aspnet)
Re: SQL 2k5 SP2 Mirroring - SQL in Mixed mode.
... US\sqlservices (old SQLservice account) still member of built-in local admin ... Login: US\sqlservices ... How can I transfer the SQL logins to ... Here is SP_help_revlogin results from the Principal Server (NYSQL-3) ...
(microsoft.public.sqlserver.clustering)
Re: Renamed Windows login not found in SQL Server 2000
... It's almost like SQL tuck some knowledge away in an area ... of memory that only gets released on Windows stop. ... > I am running SQL Server 2000 SP2 with Windows ... > login gets corrupted) I am unable to add the new login to ...
(microsoft.public.sqlserver.security)
Re: SQL Server on XP Home Network
... The sa account is the system administrator "God" account witihin SQL ... This account is a SQL-Server login. ... You might be able to use Enterprise Manager to go in and create a new SQL ... Select the "SQL Server Authentication" ...
(microsoft.public.sqlserver.setup)