$username = $db->real_escape_string($username); $password = $db->real_escape_string($password); $query = "SELECT\n\t\t\t\t\t *\n\t\t\t\t\tFROM drivers\n\t\t\t\t\tWHERE dPassword='******' AND dUsername='******' AND dActive=1"; $sql = $db->query($query); $row = $sql->fetch_array(); $row_cnt = $sql->num_rows; $bruteCheck = bruteForceCheck($username, 1, $lockedAt); if ($bruteCheck[0]) { $error = $bruteCheck[1]; } else { if ($row_cnt == 1) { $_SESSION['loginUser'] = $username; $_SESSION['driverID'] = $row['dID']; $_SESSION['driverName'] = $row['dFirstName'] . " " . $row['dLastName']; $_SESSION['userType'] = $_POST['userType']; bruteForceClean($row['dID'], 1); $error = 0; } else { // Trap will go here bruteForceProtection($username, 1); $error = "Username or Password is invalid"; } } echo $error; } else { if ($_POST['userType'] == "Admin") { $username = $_POST['userName']; $password = $_POST['password']; $active = 1; $username = stripslashes($username); $password = stripslashes($password);
function checkUnlock($uID) { // Unlock admin only include '../connection.php'; $lockTime = 10; $unixTime = mktime(date("H"), date("i"), date("s"), date('n'), date('j'), date('Y')); $query = "select * from trap where lockedID='{$uID}' AND lockType='0'"; $sql = $db->query($query); $row = $sql->fetch_array(); $unixLock = $lockTime * 60; $lockedTime = $row['tTimestamp']; $unlockAt = $lockedTime + $unixLock; if ($unixTime >= $unlockAt) { bruteForceClean($uID, 0); return "Your account has been unlocked please try loging in one more time"; } $timeR = $unlockAt - $unixTime; $timeR = $timeR / 60; $timeR = round($timeR, 1, PHP_ROUND_HALF_UP); return "You are locked out, your account will unlock in {$timeR} min"; }