All Questions

Secure system access analyzes of different Google Payoneer platforms among other financial platforms.

In the following analyzes I found these characteristics:

• On the first failed attempt it shows the captcha code.
• After 5 attempts the user's account is blocked for 15 minutes.
• When you have access whether or not the fault history exists, you must answer a security question to continue.
• Does not allow double logging.

Other References: create secure login script

I have managed to fix my old code.

Note: Please edit my question to avoid possible duplicate question.

The corrections:

It ipwill continue to be blocked, it will not affect anything because being blocked ipwill only show the captcha code.

I have created a new fail_attempt table with the following columns: something like my idea.

id_fail_attempt   id_user   attempt   ip       datetime                 time
      1              1        5      ::1   2017-08-23 17:57:46   2017-08-23 18:12:46 

The following table login_attemptslists the failed attempts of theip

  id         ip        attempts        datetime               
  1         ::1           2       2017-08-23 17:57:46    

The boardusers

id   username   email   password   lastname  active
1     Hola      hola@    Hola        Hola      1

How can I insert in the table fail_attemptthe iduser, the failed attempts, the iptime in which the user will be blocked access and how to control the double login of the same user in the same system.

Full PHP code

How do I add new features and create a secure system?

login.php

<?php
session_start();
$message="";
$captcha = true;

//
$con =  @new mysqli('localhost', 'root', '', 'systemuser');

  if(count($_POST)>0 && isset($_POST["vcode"]) && $_POST["vcode"]!=$_SESSION["vcode"]) {
    $captcha = false;
    $message = "Los caracteres escritos no coinciden con la palabra de verificación. Inténtalo de nuevo.";
  }

  $ip = $_SERVER['REMOTE_ADDR'];

  //Bloqueamos la ip por un día
  $result = mysqli_query($con,"SELECT * FROM failed_login WHERE ip='$ip' AND date BETWEEN DATE_SUB( NOW() , INTERVAL 1 DAY ) AND NOW()");
  $row  = mysqli_fetch_assoc($result);
  //Obtenemos datos para comprar intentos y para resetear intentos por su ultimo fecha.
  $failed_login_attempt = mysqli_real_escape_string($con,$row['attempts']);
  //Liberamos memoria.
  mysqli_free_result($result);

  if(count($_POST)>0 && $captcha == true) {
    $username = mysqli_real_escape_string($con, $_POST["username"]);
    $password = mysqli_real_escape_string($con, $_POST["password"]);
    $username = htmlentities($username);
    $password = htmlentities($password);
    $save_passw = sha1($password);
    $sql = "SELECT * fROM users where username='$username' AND password='$save_passw' AND active='1' ";
    $query = mysqli_query($con, $sql);

    $rowU  = mysqli_fetch_assoc($query);
    $UsernamaDB = mysqli_real_escape_string($con, $rowU["username"]);
    $passwordDB = mysqli_real_escape_string($con, $rowU["password"]);

    if($failed_login_attempt <1) {
            //Si es su primer intento fallido, incluimos el primer registro en la BD
            $con->query("INSERT INTO failed_login (ip,attempts,date) VALUES ('$ip', 1, NOW())");
            } else {
                if($failed_login_attempt <2){
                //En caso de ya estar en la BD, sacamos el valor y agregamos +1
                $contador = $row['attempts'] + 1;
                $con->query("UPDATE failed_login SET attempts='$contador', date=NOW() WHERE ip = '$ip'");
            }
        }


        if (empty($_POST) === false) {
            $username = $_POST['username']; $password = $_POST['password'];
            if (empty($username) === true || empty($password) === true) {
                $message = "Es necesario introducir un nombre de usuario y contraseña";
             } elseif ($username != $UsernamaDB) {
                $message = "El 'Usuario' que has introducido no coincide. ";
             } elseif ($save_passw != $passwordDB) {
                $message = "Tu 'Contraseña' introducido no coincide. ";
             } elseif($save_passw == $passwordDB && $username == $UsernamaDB) {
                $_SESSION["id_user"] = 1;
                $con->query("DELETE FROM login_attempts WHERE ip = '$ip'");
             }
            }
        }
        if(isset($_SESSION["id_user"])) {
            header("Location:http://localhost/index.php");
        }
?>
<h1><?php if($message!="") { echo $message; } ?></h1>
<form name="frmUser" method="post" action="">
  <input type="text" name="username" placeholder="Usuario">
  <input type="password" name="password" placeholder="Contraseña">
  <!-- captcha-->
  <?php if (isset($failed_login_attempt) && $failed_login_attempt >= 1) { ?>
    <br><img src="image.php" id="phoca-captcha"/>
  <input name="vcode" type="text" placeholder="Codigo captcha">
   <?php } ?>
  <!-- fin-->
  <input type="submit" value="Iniciar sesión" id="button-login">
</form> 

A few days ago I saw a question that, among other things, implied a problem similar to the one I am going to pose, I wanted to do it in a more general way, because I understand that the well-posed solution could serve as a reference to similar problems. Perhaps for some of you the answer is trivial or obvious, but in my case only when I chewed it enough I found (at least I think so) that it was simpler than I thought. I propose it in Sql but it could be more about algorithms, the issue is that it seemed more practical to be able to test the solutions.

Suppose the following example:

CREATE TABLE A (
    NRO_DESDE INT,
    NRO_HASTA INT
    )

CREATE TABLE B (
    NRO_DESDE INT,
    NRO_HASTA INT
    )

INSERT INTO A (NRO_DESDE, NRO_HASTA)
VALUES (5, 8)

INSERT INTO B (NRO_DESDE, NRO_HASTA)
VALUES (1, 2), (4, 5), (5, 8), (6, 7), (7, 9), (4, 10), (9, 11)

SELECT NRO_DESDE, NRO_HASTA FROM A;
SELECT NRO_DESDE, NRO_HASTA FROM B;

The table Ahas a single value:

NRO_DESDE NRO_HASTA
========= =========
5         8

The boardB

NRO_DESDE NRO_HASTA
========= =========
1         2
4         5
5         8
6         7
7         9
4         10
9         11

The tables Aand Brepresent sets of intervals, but for which we do not have all the values ​​but rather we know the first and last element of each set, the idea is to compare the only set in Awith all of Band determine if they share any element. As an example, the record B (4, 5)shares the 5with A, the (1, 2)does not share any element, the (7, 9)share the 7, 8. The result would then be the records of Bthat have elements shared with those of A, it is not important to know what they are, just to know that there are, we can also assume that the number of elements in each set is relatively manageable. Don't worry about missing primary keys, it's just a conceptual example.

Note: The code is built in SQL Server but could be resolved in any "flavor" of SQL.

I'm learning RegEx, and an example from: Regex Golf (see level 6, "Abba") caught my attention.

The proposed problem is to filter all the words that do not contain letters that follow the pattern XYYX.

For example, leaving out:

• abba
• an alla gmatic
• b assa risk
• chorio alla ntois
• c occo myces

One of the suggested answers was

^(?!.*(.)(.)\2\1)

Debugx Demo

Here is my interpretation of the expression:

1. Start of the line^
2. If not followed by 0 or + characters.*
3. Group the next character in 1(.)
4. Group the next character in 2(.)
5. Group 2\2
6. Group 1\1

The problem is that, even though I'm starting to write my first regular expressions and have already done some exercises, this particular problem leaves me with a lot of questions.

Can anyone give a more intuitive interpretation?

How can you get when there is Internet network availability in Android Java?

I need to detect when an Android device has Internet connectivity, in order to receive or send data.

Running a page and setting the background color value to an arbitrary string such as "chucknorris"the background turns red. Why does this happen?

<body bgcolor="chucknorris">test</body>

Original question: Why does HTML think “chucknorris” is a color?