限制Laravel 5.2中的登录尝试

时间:2016-03-25 06:18:05

标签: laravel laravel-5.2

我创建了一个Laravel 5.2应用程序;我需要限制失败登录尝试。我创建了一个带有以下代码的AuthController;但是没有工作日志尝试锁定。

<?php

 namespace App\Http\Controllers\Auth;

use App\User;
use Validator;
use Auth;
use URL;

 use Illuminate\Http\Request;
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller
{


use AuthenticatesAndRegistersUsers;

   protected $maxLoginAttempts=5;
   protected $lockoutTime=300;


/**
 * Create a new authentication controller instance.
 *
 * @return void
 */
public function __construct()
{
    $this->middleware('guest', ['except' => 'getLogout']);
    $this->loginPath = URL::route('login');
    $this->redirectTo = URL::route('dashboard'); //url after login
    $this->redirectAfterLogout = URL::route('home');
}

public function index()
{
    return 'Login Page';
}


/**
 * Handle a login request to the application.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function postLogin(Request $request)
{
    $this->validate($request, [
        'username' => 'required', 'password' => 'required',
    ]);


    $throttles = $this->isUsingThrottlesLoginsTrait();

    if ($throttles && $this->hasTooManyLoginAttempts($request)) {
        return $this->sendLockoutResponse($request);
    }

    $credentials = $this->getCredentials($request);

    if (Auth::attempt($credentials, $request->has('remember'))) {
        return redirect()->intended($this->redirectPath());
    }



    if ($throttles) {
        $this->incrementLoginAttempts($request);
    }


    return redirect($this->loginPath)
        ->withInput($request->only('username', 'remember'))
        ->withErrors([
            'username' => $this->getFailedLoginMessage(),
        ]);
}

/**
 * Get the needed authorization credentials from the request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return array
 */
protected function getCredentials(Request $request)
{
    return $request->only('username', 'password');
}


/**
 * Create a new user instance after a valid registration.
 *
 * @param  array  $data
 * @return User
 */
protected function create(array $data)
{
    return User::create([
        'name' => $data['name'],
        'username' => $data['username'],
        'password' => bcrypt($data['password']),
    ]);
  }
}

多次登录失败后,显示无错误信息。我添加了一些行来显示login.blade.php文件中的错误

4 个答案:

答案 0 :(得分:5)

假设你已经实现了laravel的make:auth artisan命令。 在loginController内,更改属性:

protected $maxLoginAttempts=5;protected $maxAttempts = 5;

protected $lockoutTime=300;protected $decayMinutes = 5; //in minutes

答案 1 :(得分:3)

您需要在控制器中使用ThrottlesLogins特征

....
use AuthenticatesAndRegistersUsers, ThrottlesLogins ;
...

答案 2 :(得分:2)

看一看https://github.com/GrahamCampbell/Laravel-Throttle 在这里https://mattstauffer.co/blog/login-throttling-in-laravel-5.1

第二个链接适用于L5.1,但我认为L5.2不应该有所不同 希望它有所帮助!

度过愉快的一天。

答案 3 :(得分:0)

只需覆盖以下两个函数maxAttempts和decayMinutes就可以了。这2个函数属于Illuminate \ Foundation \ Auth \ ThrottlesLogins.php文件。我已经在Laravel 5.6版本上测试过并且工作正常。 

public function maxAttempts()
{
    //Lock on 4th Failed Login Attempt
    return 3;
}

public function decayMinutes()
{
    //Lock for 2 minutes
    return 2;
}
相关问题
最新问题