Laravel登入失敗次數限制的實現方法
在使用者身份驗證的情況下,Laravel 具有內建的身份驗證系統。我們可以根據要求輕鬆修改它。身份驗證中包含的功能之一是Throttling.
為什麼我們需要throttling保護?
基本上,throttling是用來保護暴力攻擊的。它將在一定時間內檢查登入嘗試。在短登入中,throttling會計算使用者或機器人嘗試失敗的登入嘗試次數。
使用自定義登入實現限制
預設情況下,在內建身份驗證控制器中實現限制。但是,如果我們需要實現它到自定義登入呢?
實現自定義登入限制非常容易。首先,我們必須將ThrottlesLogins trait包含到您的控制器中。
use Illuminate\Foundation\Auth\ThrottlesLogins;
現在,將此ThrottlesLogins trait 加到控制器中。
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
use ThrottlesLogins;
......
現在轉到用於對使用者進行身份驗證的方法。在我的例子中,我使用了 login() POST 方法。並貼上以下程式碼:
public function login(Request $request)
{
// Authenticate Inputs
$request->validate([
'username' => 'required','password' => 'required|min:6|max:18'
]);
// If the class is using the ThrottlesLogins trait,we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this,'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
.......
首先,我們驗證了使用者提交的輸入,然後實現了hasTooManyLoginAttempts() 方法。此方法將檢查使用者在某個時間是否執行過一定數量的失敗嘗試,然後系統將通過sendLockoutResponse() 方法阻止該使用者。
現在,我們必須通過incrementLoginAttempts()方法指示對ThrottlesLogins trait的失敗登入嘗試。
if( Auth::attempt(['username' => $username,'password' => $password]) ){
// Redirect to appropriate dashboard
}
else {
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course,when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return redirect()->back()
->withInput($request->all())
->withErrors(['error' => 'Please check your username / password.']);
}
您還可以通過$maxAttempts和$decayMinutes屬性更改允許的最大嘗試次數和限制的分鐘數。在這裡,您可以找到完整的程式碼。
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
use ThrottlesLogins;
/**
* The maximum number of attempts to allow.
*
* @return int
*/
protected $maxAttempts = 5;
/**
* The number of minutes to throttle for.
*
* @return int
*/
protected $decayMinutes = 1;
public function login(Request $request)
{
// Authenticate Inputs
$request->validate([
'username' => 'required','password' => 'required|min:6|max:18'
]);
// If the class is using the ThrottlesLogins trait,we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this,'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$username = $request->username;
$password = $request->password;
if( Auth::attempt(['username' => $username,'password' => $password]) ){
// Redirect to appropriate dashboard
}
else {
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course,when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return redirect()->back()
->withInput($request->all())
->withErrors(['error' => 'Please check your username / password.']);
}
}
}
Related Posts:
總結
到此這篇關於Laravel登入失敗次數限制的文章就介紹到這了,更多相關Laravel登入失敗次數限制內容請搜尋我們以前的文章或繼續瀏覽下面的相關文章希望大家以後多多支援我們!