I’m working on a web application using Laravel and I’d like to know if it were possible to limit login attempts per example, if some user enter wrong credentials for 3 times s/he needs to wait 10 min to login again. If s/he use wrong credentials for 5 times s/he needs to wait 30 min.
Thanks for your help !
Advertisement
Answer
To complete this you should override the login method in LoginController.php.
At first, define two protected property for set how many attempts and restriction time(as first condition).
protected $maxAttempts = 3; protected $decayMinutes = 10;
Now override the login method ,
/**
* [login - ovveride login method form AuthenticatesUsers Traits]
* @param Request $request [Login Request]
* @return [type] [description]
*/
public function login(Request $request)
{
$this->validateLogin($request);
if (auth()->attempt(['email' => $request->email, 'password' => $request->password])) {
return redirect()->intended('home');
}else{
if ($this->hasTooManyLoginAttempts($request)) {
$key = $this->throttleKey($request);
$rateLimiter = $this->limiter();
$limit = [3 => 10, 5 => 30];
$attempts = $rateLimiter->attempts($key); // return how attapts already yet
if($attempts >= 5)
{
$rateLimiter->clear($key);;
}
if(array_key_exists($attempts, $limit)){
$this->decayMinutes = $limit[$attempts];
}
$this->incrementLoginAttempts($request);
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
}