Skip to content
Advertisement

Limit login attempts in Laravel and increase restriction time for submit wrong credentials

I’m working on a web application using Laravel and I’d like to know if it were possible to limit login attempts per example, if some user enter wrong credentials for 3 times s/he needs to wait 10 min to login again. If s/he use wrong credentials for 5 times s/he needs to wait 30 min.

Thanks for your help !

Advertisement

Answer

To complete this you should override the login method in LoginController.php.

At first, define two protected property for set how many attempts and restriction time(as first condition).

protected $maxAttempts = 3;
protected $decayMinutes = 10;

Now override the login method ,

/**
 * [login - ovveride login method form AuthenticatesUsers Traits]
 * @param  Request $request [Login Request]
 * @return [type]           [description]
 */
public function login(Request $request)
{
    $this->validateLogin($request);
    
    if (auth()->attempt(['email' => $request->email, 'password' => $request->password])) {
       return redirect()->intended('home');
    }else{

        if ($this->hasTooManyLoginAttempts($request)) {

                $key = $this->throttleKey($request);
                $rateLimiter = $this->limiter();


                $limit = [3 => 10, 5 => 30];
                $attempts = $rateLimiter->attempts($key);  // return how attapts already yet

                if($attempts >= 5)
                {
                    $rateLimiter->clear($key);;
                }

                if(array_key_exists($attempts, $limit)){
                    $this->decayMinutes = $limit[$attempts];
                }
                
                $this->incrementLoginAttempts($request);

                $this->fireLockoutEvent($request);
            return $this->sendLockoutResponse($request);

            }

            $this->incrementLoginAttempts($request);
        return $this->sendFailedLoginResponse($request);
    }
    
}

User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement