I’m working on a web application using Laravel and I’d like to know if it were possible to limit login attempts per example, if some user enter wrong credentials for 3 times s/he needs to wait 10 min to login again. If s/he use wrong credentials for 5 times s/he needs to wait 30 min.
Thanks for your help !
Advertisement
Answer
To complete this you should override the login method in LoginController.php.
At first, define two protected property for set how many attempts and restriction time(as first condition).
protected $maxAttempts = 3; protected $decayMinutes = 10;
Now override the login method ,
/** * [login - ovveride login method form AuthenticatesUsers Traits] * @param Request $request [Login Request] * @return [type] [description] */ public function login(Request $request) { $this->validateLogin($request); if (auth()->attempt(['email' => $request->email, 'password' => $request->password])) { return redirect()->intended('home'); }else{ if ($this->hasTooManyLoginAttempts($request)) { $key = $this->throttleKey($request); $rateLimiter = $this->limiter(); $limit = [3 => 10, 5 => 30]; $attempts = $rateLimiter->attempts($key); // return how attapts already yet if($attempts >= 5) { $rateLimiter->clear($key);; } if(array_key_exists($attempts, $limit)){ $this->decayMinutes = $limit[$attempts]; } $this->incrementLoginAttempts($request); $this->fireLockoutEvent($request); return $this->sendLockoutResponse($request); } $this->incrementLoginAttempts($request); return $this->sendFailedLoginResponse($request); } }