Discuz user multiple sign-in failure required to fill in the Verification code

Target

Now almost all sites will have verification code function, some are graphic, some are filled with characters. Have seen similar features on a website and want to do one. Now the company recently asked to use Discuz no way, ready to study its error login three times, will ask for 15 minutes to wait for the function, and try to modify it. Analysis Discuz The first step analyzes the Discuz login entry member.php file login address is:member.php?mod=logging&action=login& loginsubmit=yes& infloat=yes& lssubmit=yes& Inajax=1

In this file, the system initializes the framework and determines if the MoD exists and then loads the corresponding file. Here the./source/module/member/member_logging.php file is loaded the second step analysis of the member_logging.php file

......
$ctl _obj = new Logging_ctl ();
$ctl _obj->setting = $_g[' setting ');
$method = ' on_ '. $_get[' action ';
$ctl _obj->template = ' member/login ';
$ctl _obj-> $method ();
The Class_member.php class is instantiated directly, and the On_login method is called

Step Three analysis class_member.php fileThis is the key to the login. Analysis On_login method

This method inside writes a large number of user login business logic, the other temporarily regardless, only need to track its login. Since Discuz is a ucenter so a user center, there are now two places to log in.

First place

.....
Here the user login user's
$result = userlogin (
    $_get[' username ', 
    $_get[' password '], 
    $_get[' QuestionID '), 
    $_get[' answer ', 
    $this->setting[' autoidselect '? ' Auto ': $_get[' Loginfield '], $_g[' ClientIP ']);
$uid = $result [' Ucresult '] [' uid '];
......

Second place
function_member.php file Analysis

......
This implements the user login
if ($isuid = = 3) {
    if (!strcmp (Dintval $username), $username) && Getglobal (' setting/ Uidlogin ') {
        $return [' ucresult '] = Uc_user_login ($username, $password, 1, 1, $questionid, $answer, $ip);
    } ElseIf (Isemail ($username)) {
        $return [' ucresult '] = Uc_user_login ($username, $password, 2, 1, $questionid, $answer, $IP);
    }
    if ($return [' Ucresult '][0] <= 0 && $return [' Ucresult '][0]! =-3) {
        $return [' ucresult '] = Uc_user_login ( Addslashes ($username), $password, 0, 1, $questionid, $answer, $ip);
    }
} else {
    $return [' ucresult '] = Uc_user_login (Addslashes ($username), $password, $isuid, 1, $questionid, $answer, $ip) ;
}
......

Log in here, there is only success and failure. Today does not analyze the success of the situation, only the process of processing logon failures.

2. Login failure Handling
Database files table_common_failedlogin.php File

Public Function update_failed ($IP, $username) {
    db::query ("Update%t SET count=count+1, lastupdate=%d WHERE ip=%s", a Rray ($this->_table, TIMESTAMP, $ip));
}
As can be seen from the above, here directly updated the xx_common_failedlogin.php table, in the corresponding username field of the Count field +1, than the update last logon time-lastupdate field
//%d is TIMESTAMP 
//Find above definition define (' TIMESTAMP ', Time ());

3. IP Failure handling

function Failedip () {
    global $_g;
    List ($ip 1, $ip 2) = Explode ('. ', $_g[' ClientIP '));
    $ip = $ip 1. '. '. $ip 2;
    Here directly recorded IP, the specific need to analyze the table_common_failedip.php file.
    c::t (' Common_failedip ')->insert_ip ($IP);
}

table_common_fialedip.php file

Public Function Insert_ip ($IP) {
    if (Db::result_first ("Select COUNT (*) from%t WHERE ip=%s and lastupdate=%d", Array ($ This->_table, $ip, TIMESTAMP)) {
        db::query ("UPDATE%t SET ' count ' = ' count ' +1 WHERE ip=%s and lastupdate=%d", array ($this->_table, $ip, TIMESTAMP));
    } else {
        db::query ("INSERT into%t VALUES (%s,%d, 1)", Array ($this->_table, $ip, TIMESTAMP));
    }
    Db::query ("DELETE from%t WHERE lastupdate<%d", Array ($this->_table, TIMESTAMP-3600));
}

Analyze the above code:
Here we first determine whether the login failure exists under the IP, and the number of times the login failed to update. Does not exist, a login failure data under that IP is added directly. You can see a failure record of 1 hours before the last one was deleted.

Above is all the logon failure actions.

then the problem arises, how to verify that the user has failed to log on multiple times during login. dicuz Verify that the user has failed multiple logons

In the class_member.php file

 Check is locked and cannot log on if (!) (
    $_g[' member_loginperm '] = Logincheck ($_get[' username '))) {Captcha::report ($_g[' ClientIP ']);
ShowMessage (' login_strike ');
}//logincheck () This inside does the login is locked to verify the//logincheck method, you can see that the Uc_user_logincheck method is called here.

    function Logincheck ($username) {global $_g;
    $return = 0;
    $username = Trim ($username);
    Loaducenter ();
    if (function_exists (' Uc_user_logincheck ')) {$return = Uc_user_logincheck (Addslashes ($username), $_g[' ClientIP ']); } ...//view to the Uc_user_logincheck method here called the Logincheck method inside the/control/user.php file function Uc_user_logincheck ($user Name, $ip) {return Call_user_func (uc_api_func, ' user ', ' Logincheck ', Array (' username ' = = $username, ' ip ' = = $ip
));
}//Find this method and find it is written below.
    function Onlogincheck () {$this->init_input ();
    $username = $this->input (' username ');
    $ip = $this->input (' IP ');
Return $_env[' user ']->can_do_login ($username, $IP); }//$_env[' user ']->can_do_login ($username, $IP); Analyze this sentence. $_eNV is a PHP global variable.
 You can see that the user is called

Analyze and find the meaning of $_env[' user '], according to Discuz's urine, this must be a database object, the following is interrupted to begin to analyze the timing of this $_env.

The following location in the client.php file

if (Empty ($uc _controls[$model])) {
if (function_exists ("mysql_connect")) {
    include_once uc_root. /lib/db.class.php ';
} else {
    include_once uc_root. /lib/dbi.class.php ';
}
Include_once Uc_root. /model/base.php ';
Include_once uc_root. " /control/$model. php ";
      Var_dump ($_env[' user ') exit;//no result
eval ("\ $uc _controls[' $model '] = new {$model}control ();");
      Var_dump ($_env[' user '); exit; Has output
}

Start analyzing uc_client\./control/user.php this file.

In this file, see the following
class UserControl extends Base {


    function __construct () {
        $this->usercontrol ();
    }

    function UserControl () {
        parent::__construct ();
        $this->load (' user '); Guess is the stuff that loads the $_env here.
        $this->app = $this->cache[' apps '][uc_appid];
    }

......
......
    Find this load method, sure enough, call the 
    function load here ($model, $base = NULL) {
        $base = $base? $base: $this;
        if (Empty ($_env[$model])) {
            require_once uc_root. /model/$model. php "; Here, load the/model/user.php file and take a look.
            eval (' $_env[$model] = new '. $model. ' Model ($base); ');
        }
        return $_env[$model];
    }

Files uc_client\model\user.php File

Wow, finally found this method, began to analyze this method. ... function can_do_login ($username, $ip = ') {$check _times = $this->base->settings[' login_failedtime '] & Lt 1? 5: $this->base->settings[' login_failedtime ';
    Gets the default maximum number of failures $username = substr (MD5 ($username), 8, 15); $expire = 15 * 60;
    This is a single validation time, per second if (! $ip) {$ip = $this->base->onlineip;
    } $ip _check = $user _check = Array (); $query = $this->db->query ("SELECT * from". Uc_dbtablepre. " Failedlogins WHERE ip= ' ". $ip." ' or ip= ' $username '); According to the IP, or username query data, according to this SQL can know the information here to query while ($row = $this->db->fetch_array ($query)) {if ($row [' IP '
        ] = = = $username) {$user _check = $row;
        } elseif ($row [' ip '] = = = = $ip) {$ip _check = $row; }}//Judgment, is name validation, or IP authentication, default to username verification as quasi if (empty ($ip _check) | | ($this->base->time-$ip _check[' lastupdate ') > $expire)
        {$ip _check = array (); $this->db->query ("ReplacE into ". Uc_dbtablepre. "
    Failedlogins (IP, Count, lastupdate) VALUES (' {$ip} ', ' 0 ', ' {$this->base->time} ') '); } if (Empty ($user _check) | | ($this->base->time-$user _check[' lastupdate ') > $expire)
        {$user _check = array (); $this->db->query ("REPLACE into". Uc_dbtablepre. "
    Failedlogins (IP, Count, lastupdate) VALUES (' {$username} ', ' 0 ', ' {$this->base->time} ') '); if ($ip _check | | $user _check) {$time _left = min (($check _times-$ip _check[' count ']), ($check _times-$user
        _check[' count '));

    return $time _left;

    }//above, the return value is, and finally there is the chance of landing. $this->db->query ("DELETE from". Uc_dbtablepre. " Failedlogins WHERE lastupdate< ".

    ($this->base->time-($expire + 1)), ' unbuffered ');
return $check _times; }

And finally return to the bottom of class_member.php.

Check is locked and cannot log on
if (!) ( $_g[' member_loginperm '] = Logincheck ($_get[' username '))) {
    captcha::report ($_g[' ClientIP ']);
    ShowMessage (' login_strike ');
}
Returns the number of times the result can also be wrong, if returning 0 returns the error directly.

The login failure process to this Discuz has been analyzed.