在用戶身份驗(yàn)證的情況下����,Laravel 具有內(nèi)置的身份驗(yàn)證系統(tǒng)。我們可以根據(jù)要求輕松修改它�����。身份驗(yàn)證中包含的功能之一是Throttling.
為什么我們需要throttling保護(hù)�����?
基本上�,throttling是用來保護(hù)暴力攻擊的。它將在一定時(shí)間內(nèi)檢查登錄嘗試�。在短登錄中,throttling會(huì)計(jì)算用戶或機(jī)器人嘗試失敗的登錄嘗試次數(shù)�����。
使用自定義登錄實(shí)現(xiàn)限制
默認(rèn)情況下�����,在內(nèi)置身份驗(yàn)證控制器中實(shí)現(xiàn)限制����。但是,如果我們需要實(shí)現(xiàn)它到自定義登錄呢���?
實(shí)現(xiàn)自定義登錄限制非常容易。首先�,我們必須將ThrottlesLogins trait包含到您的控制器中�����。
use Illuminate\Foundation\Auth\ThrottlesLogins;
現(xiàn)在����,將此ThrottlesLogins trait 加到控制器中����。
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
use ThrottlesLogins;
......
現(xiàn)在轉(zhuǎn)到用于對(duì)用戶進(jìn)行身份驗(yàn)證的方法。在我的例子中��,我使用了 login() POST 方法�����。并粘貼以下代碼:
public function login(Request $request)
{
// Authenticate Inputs
$request->validate([
'username' => 'required',
'password' => 'required|min:6|max:18'
]);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts')
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
.......
首先���,我們驗(yàn)證了用戶提交的輸入��,然后實(shí)現(xiàn)了hasTooManyLoginAttempts() 方法��。此方法將檢查用戶在某個(gè)時(shí)間是否執(zhí)行過一定數(shù)量的失敗嘗試�����,然后系統(tǒng)將通過sendLockoutResponse() 方法阻止該用戶��。
現(xiàn)在�����,我們必須通過incrementLoginAttempts()方法指示對(duì)ThrottlesLogins trait的失敗登錄嘗試���。
if( Auth::attempt(['username' => $username, 'password' => $password]) ){
// Redirect to appropriate dashboard
}
else {
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return redirect()->back()
->withInput($request->all())
->withErrors(['error' => 'Please check your username / password.']);
}
您還可以通過$maxAttempts和$decayMinutes屬性更改允許的最大嘗試次數(shù)和限制的分鐘數(shù)����。在這里����,您可以找到完整的代碼。
?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
use ThrottlesLogins;
/**
* The maximum number of attempts to allow.
*
* @return int
*/
protected $maxAttempts = 5;
/**
* The number of minutes to throttle for.
*
* @return int
*/
protected $decayMinutes = 1;
public function login(Request $request)
{
// Authenticate Inputs
$request->validate([
'username' => 'required',
'password' => 'required|min:6|max:18'
]);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if (method_exists($this, 'hasTooManyLoginAttempts')
$this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$username = $request->username;
$password = $request->password;
if( Auth::attempt(['username' => $username, 'password' => $password]) ){
// Redirect to appropriate dashboard
}
else {
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return redirect()->back()
->withInput($request->all())
->withErrors(['error' => 'Please check your username / password.']);
}
}
}
Related Posts:
總結(jié)
到此這篇關(guān)于Laravel登錄失敗次數(shù)限制的文章就介紹到這了,更多相關(guān)Laravel登錄失敗次數(shù)限制內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家���!
您可能感興趣的文章:- Laravel實(shí)現(xiàn)用戶注冊(cè)和登錄
- Laravel搭建后臺(tái)登錄系統(tǒng)步驟詳解
- Laravel 自帶的Auth驗(yàn)證登錄方法
- Laravel 5.4重新登錄實(shí)現(xiàn)跳轉(zhuǎn)到登錄前頁面的原理和方法
- Laravel重寫用戶登錄簡(jiǎn)單示例
- 利用Laravel事件系統(tǒng)如何實(shí)現(xiàn)登錄日志的記錄詳解
- SSO單點(diǎn)登錄的PHP實(shí)現(xiàn)方法(Laravel框架)
- Laravel5.2使用Captcha生成驗(yàn)證碼實(shí)現(xiàn)登錄(session巨坑)
- php的laravel框架快速集成微信登錄的方法
- laravel5.2實(shí)現(xiàn)區(qū)分前后臺(tái)用戶登錄的方法
