Laravel登录失败次数限制的实现方法
发布:smiling 来源: PHP粉丝网 添加日期:2022-03-23 11:33:41 浏览: 评论:0
这篇文章主要给大家介绍了关于Laravel登录失败次数限制的实现方法,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧。
在用户身份验证的情况下,Laravel 具有内置的身份验证系统,我们可以根据要求轻松修改它,身份验证中包含的功能之一是Throttling.
为什么我们需要throttling保护?
基本上,throttling是用来保护暴力攻击的。它将在一定时间内检查登录尝试。在短登录中,throttling会计算用户或机器人尝试失败的登录尝试次数。
使用自定义登录实现限制
默认情况下,在内置身份验证控制器中实现限制。但是,如果我们需要实现它到自定义登录呢?
实现自定义登录限制非常容易。首先,我们必须将ThrottlesLogins trait包含到您的控制器中。
use Illuminate\Foundation\Auth\ThrottlesLogins;
现在,将此ThrottlesLogins trait 加到控制器中。
- namespace App\Http\Controllers;
- use Illuminate\Http\Request;
- use Illuminate\Foundation\Auth\ThrottlesLogins;
- class AuthController extends Controller
- {
- use ThrottlesLogins;
- ......
现在转到用于对用户进行身份验证的方法,在我的例子中,我使用了 login() POST 方法,并粘贴以下代码:
- public function login(Request $request)
- {
- // Authenticate Inputs
- $request->validate([
- 'username' => 'required',
- 'password' => 'required|min:6|max:18'
- ]);
- // If the class is using the ThrottlesLogins trait, we can automatically throttle
- // the login attempts for this application. We'll key this by the username and
- // the IP address of the client making these requests into this application.
- if (method_exists($this, 'hasTooManyLoginAttempts') &&
- $this->hasTooManyLoginAttempts($request)) {
- $this->fireLockoutEvent($request);
- return $this->sendLockoutResponse($request);
- }
- .......
首先,我们验证了用户提交的输入,然后实现了hasTooManyLoginAttempts() 方法,此方法将检查用户在某个时间是否执行过一定数量的失败尝试,然后系统将通过sendLockoutResponse() 方法阻止该用户。
现在,我们必须通过incrementLoginAttempts()方法指示对ThrottlesLogins trait的失败登录尝试。
- if( Auth::attempt(['username' => $username, 'password' => $password]) ){
- // Redirect to appropriate dashboard
- }
- else {
- // If the login attempt was unsuccessful we will increment the number of attempts
- // to login and redirect the user back to the login form. Of course, when this
- // user surpasses their maximum number of attempts they will get locked out.
- $this->incrementLoginAttempts($request);
- return redirect()->back()
- ->withInput($request->all())
- ->withErrors(['error' => 'Please check your username / password.']);
- }
您还可以通过$maxAttempts和$decayMinutes属性更改允许的最大尝试次数和限制的分钟数,在这里,您可以找到完整的代码。
- <?php
- namespace App\Http\Controllers;
- use Illuminate\Http\Request;
- use Illuminate\Foundation\Auth\ThrottlesLogins;
- class AuthController extends Controller
- {
- use ThrottlesLogins;
- /**
- * The maximum number of attempts to allow.
- *
- * @return int
- */
- protected $maxAttempts = 5;
- /**
- * The number of minutes to throttle for.
- *
- * @return int
- */
- protected $decayMinutes = 1;
- public function login(Request $request)
- {
- // Authenticate Inputs
- $request->validate([
- 'username' => 'required',
- 'password' => 'required|min:6|max:18'
- ]);
- // If the class is using the ThrottlesLogins trait, we can automatically throttle
- // the login attempts for this application. We'll key this by the username and
- // the IP address of the client making these requests into this application.
- if (method_exists($this, 'hasTooManyLoginAttempts') &&
- $this->hasTooManyLoginAttempts($request)) {
- $this->fireLockoutEvent($request);
- return $this->sendLockoutResponse($request);
- }
- $username = $request->username;
- $password = $request->password;
- if( Auth::attempt(['username' => $username, 'password' => $password]) ){
- // Redirect to appropriate dashboard
- }
- else {
- // If the login attempt was unsuccessful we will increment the number of attempts
- // to login and redirect the user back to the login form. Of course, when this
- // user surpasses their maximum number of attempts they will get locked out.
- $this->incrementLoginAttempts($request);
- return redirect()->back()
- ->withInput($request->all())
- ->withErrors(['error' => 'Please check your username / password.']);
- }
- }
- }
- Related Posts:
Tags: Laravel登录失败次数限制
分享到:
- 上一篇:Laravel相关的一些故障解决
- 下一篇:最后一页
推荐文章
热门文章
最新评论文章
- 写给考虑创业的年轻程序员(10)
- PHP新手上路(一)(7)
- 惹恼程序员的十件事(5)
- PHP邮件发送例子,已测试成功(5)
- 致初学者:PHP比ASP优秀的七个理由(4)
- PHP会被淘汰吗?(4)
- PHP新手上路(四)(4)
- 如何去学习PHP?(2)
- 简单入门级php分页代码(2)
- php中邮箱email 电话等格式的验证(2)