This is the code placed in unlock.php
:
> <?php require_once("../../db-config.php");
>
> $Result = "ERROR, still locked..."; if (isset($_POST['User'])) {
> if (mysql_query("DELETE FROM LoginAttempts WHERE User='".$_POST['User']."'", $conn))
> $Result = "User Unlocked"; } if ($conn)
> mysql_close($conn); echo $Result; ?>
I want to unlock a user, I'm trying like this but getting the error "Error still locked..."
instead of "User unlocked"
:
http://example.com/unlock.php?User=Administrador
How should I pass the variable User=name
in the URL?
You can collect your URL params using $_GET. Or $_REQUEST (which collects from POST, GET and COOKIE).
Beware that this call:
http://example.com/unlock.php?User=Administrador' OR 1=1
will empty your LoginAttempts
table.
At least sanitize your input with mysql_real_escape_string($_GET['User'])
.
I've solved this by going to PHPmyadmin and deleting the corresponding failed login attempts entries in the db table.
Different approach solves the issue. I've already warned about the security concerns.
Thanks guys.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.