= ($datetime-5)){
// if it is we update both the numloginfail & the lastloginfail fields.
$query = "UPDATE ".$DBprefix."signup Set numloginfail = numloginfail + 1 where username='$username1'";
$result = pg_query($query);
$query = "UPDATE ".$DBprefix."signup Set lastloginfail = '$datetime' where username='$username1'";
$result = pg_query($query);
}
else{
// if it is more than 5 minutes ago, just set the lastloginfail field.
$query = "UPDATE ".$DBprefix."signup Set lastloginfail = '$datetime' where username='$username1'";
$result = pg_query($query);
}
// and ofcourse we tell the user that his log-in failed.
makeform($incorrectLogin);}
}
// if the numloginfail value is larger than 5 that means there someone tryed to break the password by brute force
// we will now check how long ago the lock was engaged. it is is more than half an hour ago is, then we will unlock the account
// and ask the user to login 1 more time to validate it is really him.
else {
$datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
if ($row["lastloginfail"] <= ($datetime-30)){
// set the numloginfail value to 5 so the user has 1 change to enter his password.
$query = "UPDATE ".$DBprefix."signup Set numloginfail = '5' where username='$username1'";
$result = pg_query($query);
// ask the user to enter his username/password once again. Also we set the username field
// to the name the username entered in the first login of this user. By doing this the makeform function
// disables the username-field.
makeform($underAttackReLogin, "$username1");
}
else{
// if it is less than 30 minutes ago ask the user to wait untill the lock is released again.
echo $underAttackPleaseWait;
}
}
}
// if the actnum is other than 0 that means the account has not been activated yet.
else{
makeform($accountNotActivated);
}
}
// if the username does not exist we check it is filled in.
else{
// if it isn't filled we assum that this is the page load and we show the form without an error.
if ($username1 == ""){
makeform("");
}
else {
// if the form is filled it that means that the username does not exist. Therefore we show the form
// with an error. We can not change the numloginfail or lastloginfail fields for the brute forece attack
// because the attack isn't pointed at one user.
makeform($incorrectLogin);
}
}
// this function shows the form.
// ....m($errormessage="", ... indicates an optionale argument for this function, same for $username.
function makeform($errormessage="", $username2 = ""){
?>
S'identifier