快捷導(dǎo)航

Laravel登錄失敗次數(shù)限制的實現(xiàn)方法

更新時間：2020年08月26日 10:16:55 作者：Lenix

這篇文章主要給大家介紹了關(guān)于Laravel登錄失敗次數(shù)限制的實現(xiàn)方法，文中通過示例代碼介紹的非常詳細(xì)，對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值，需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧

在用戶身份驗證的情況下，Laravel 具有內(nèi)置的身份驗證系統(tǒng)。我們可以根據(jù)要求輕松修改它。身份驗證中包含的功能之一是Throttling.

為什么我們需要throttling保護(hù)？

基本上，throttling是用來保護(hù)暴力攻擊的。它將在一定時間內(nèi)檢查登錄嘗試。在短登錄中，throttling會計算用戶或機(jī)器人嘗試失敗的登錄嘗試次數(shù)。

使用自定義登錄實現(xiàn)限制

默認(rèn)情況下，在內(nèi)置身份驗證控制器中實現(xiàn)限制。但是，如果我們需要實現(xiàn)它到自定義登錄呢？

實現(xiàn)自定義登錄限制非常容易。首先，我們必須將ThrottlesLogins trait包含到您的控制器中。

use Illuminate\Foundation\Auth\ThrottlesLogins;

現(xiàn)在，將此ThrottlesLogins trait 加到控制器中。

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
 use ThrottlesLogins;
 ......

現(xiàn)在轉(zhuǎn)到用于對用戶進(jìn)行身份驗證的方法。在我的例子中，我使用了 login() POST 方法。并粘貼以下代碼:

public function login(Request $request)
{
 // Authenticate Inputs
 $request->validate([
 'username' => 'required', 
 'password' => 'required|min:6|max:18'
 ]);
 // If the class is using the ThrottlesLogins trait, we can automatically throttle
 // the login attempts for this application. We'll key this by the username and
 // the IP address of the client making these requests into this application.
 if (method_exists($this, 'hasTooManyLoginAttempts') &&
 $this->hasTooManyLoginAttempts($request)) {
 $this->fireLockoutEvent($request);
 return $this->sendLockoutResponse($request);
 }
 
 .......

首先，我們驗證了用戶提交的輸入，然后實現(xiàn)了hasTooManyLoginAttempts() 方法。此方法將檢查用戶在某個時間是否執(zhí)行過一定數(shù)量的失敗嘗試，然后系統(tǒng)將通過sendLockoutResponse() 方法阻止該用戶。

現(xiàn)在，我們必須通過incrementLoginAttempts()方法指示對ThrottlesLogins trait的失敗登錄嘗試。

if( Auth::attempt(['username' => $username, 'password' => $password]) ){
 // Redirect to appropriate dashboard 
}
else {
 // If the login attempt was unsuccessful we will increment the number of attempts
 // to login and redirect the user back to the login form. Of course, when this
 // user surpasses their maximum number of attempts they will get locked out.
 $this->incrementLoginAttempts($request);
 return redirect()->back()
  ->withInput($request->all())
  ->withErrors(['error' => 'Please check your username / password.']);
}

您還可以通過$maxAttempts和$decayMinutes屬性更改允許的最大嘗試次數(shù)和限制的分鐘數(shù)。在這里，您可以找到完整的代碼。

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
 use ThrottlesLogins;
 /**
  * The maximum number of attempts to allow.
  *
  * @return int
  */
 protected $maxAttempts = 5;
 /**
  * The number of minutes to throttle for.
  *
  * @return int
  */
 protected $decayMinutes = 1;
 public function login(Request $request)
 {
  // Authenticate Inputs
  $request->validate([
   'username' => 'required', 
   'password' => 'required|min:6|max:18'
  ]);
  // If the class is using the ThrottlesLogins trait, we can automatically throttle
  // the login attempts for this application. We'll key this by the username and
  // the IP address of the client making these requests into this application.
  if (method_exists($this, 'hasTooManyLoginAttempts') &&
   $this->hasTooManyLoginAttempts($request)) {
   $this->fireLockoutEvent($request);
   return $this->sendLockoutResponse($request);
  }
  $username = $request->username;
  $password = $request->password;
  
  if( Auth::attempt(['username' => $username, 'password' => $password]) ){
   // Redirect to appropriate dashboard 
  }
  else {
   // If the login attempt was unsuccessful we will increment the number of attempts
   // to login and redirect the user back to the login form. Of course, when this
   // user surpasses their maximum number of attempts they will get locked out.
   $this->incrementLoginAttempts($request);
   return redirect()->back()
    ->withInput($request->all())
    ->withErrors(['error' => 'Please check your username / password.']);
  }
 }
}
Related Posts:

總結(jié)

到此這篇關(guān)于Laravel登錄失敗次數(shù)限制的文章就介紹到這了,更多相關(guān)Laravel登錄失敗次數(shù)限制內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: