Laravel:在自定義登錄中集成 Throttle
[英]Laravel: Integrating Throttle in Custom Login
問題描述
如果我沒有使用laravel默認的LoginController,如何集成laravel throttle?
這是我的控制器:
use AuthenticatesUsers;
//function for login
public function login(Request $requests){
$username = $requests->username;
$password = $requests->password;
/**to login using email or username**/
if(filter_var($username, FILTER_VALIDATE_EMAIL)) {
Auth::attempt(['email' => $username, 'password' => $password]);
} else {
Auth::attempt(['username' => $username, 'password' => $password]);
}
if(Auth::check()){
if(Auth::user()->type_user == 0){
return view('users.dashboard');
}
else{
return view('admin.dashboard');
}
}
else{
return Redirect::back()->withInput()->withErrors(['message'=>$login_error],'login');
}
}
我想限制失敗的登錄,但我似乎無法使用我自己的控制器使其工作。 你們能幫幫我嗎?
7 個解決方案
解決方案1
11 2017-11-02 16:55:01
在您的方法中添加以下代碼。 把它放在第一位
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
現在在登錄失敗的地方添加以下代碼。 這將增加失敗的嘗試次數。
$this->incrementLoginAttempts($request);
成功登錄后,添加以下代碼以使其重置。
$this->clearLoginAttempts($request);
解決方案2
6 2019-10-09 23:45:53
嘗試向控制器的構造函數添加節流,如下所示:
/**
* Create a new login controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('throttle:3,1')->only('login');
}
不幸的是,Laravel 文檔並沒有多說節流: https ://laravel.com/docs/6.x/authentication#login-throttling
但是,字符串的3,1部分對應最多 3 次嘗試,衰減時間為 1 分鍾。
throttle可以在routeMiddleware數組的/project-root/laravel/app/Http/Kernel.php中定義,如下所示:
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, . Laravel 文檔在此處解釋了此方法: https ://laravel.com/docs/6.x/middleware#assigning-middleware-to-routes
解決方案3
4 2018-05-18 22:30:49
使用 Illuminate\Foundation\Auth 中存在的 Trait ThrottlesLogins 並覆蓋下面提到的 2 個函數。 我已經在 Laravel 5.6 上測試過它並且工作正常。
public function maxAttempts()
{
//Lock out on 5th Login Attempt
return 5;
}
public function decayMinutes()
{
//Lock for 1 minute
return 1;
}
解決方案4
1 2017-07-19 04:45:45
Route::post('login', ['before' => 'throttle:2,60', 'uses' => 'YourLoginController@Login']);
解決方案5
1 2018-03-18 17:58:20
雖然,這個答案已經很晚了,但這是我所做的,並且奏效了。 我希望它也能幫助你。 我正在使用 laravel 5.2。
<?php
namespace App\Http\Controllers;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\MessageBag;
use Cookie;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class UserController extends Controller
{
/** Add This line on top */
use AuthenticatesAndRegistersUsers,ThrottlesLogins;
/** This way, you can control the throttling */
protected $maxLoginAttempts=3;
protected $lockoutTime=300;
public function postUserSignIn(Request $request)
{
/** This line should be in the start of method */
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
/** Validate the input */
$validation = $this->validate($request,[
'email' => 'required|email',
'password' => 'required|min:4'
]);
/** Validation is done, now login user */
//else to user profile
$check = Auth::attempt(['email' => $request['email'],'password' => $request['password']]);
if($check){
$user = Auth::user();
/** Since Authentication is done, Use it here */
$this->clearLoginAttempts($request);
if ($user->role == 1 || $user->role == 2){
if(Session::has('cart')){
return redirect()->route('cart');
}
return redirect()->intended();
}elseif($user->role == 99) {
return redirect()->route('dashboard');
}
}else{
/** Authentication Failed */
$this->incrementLoginAttempts($request);
$errors = new MessageBag(['password' => ['Email and/or Password is invalid']]);
return redirect()->back()->withErrors($errors);
}
}
}
解決方案6
0 2017-07-19 05:04:05
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return redirect()->route('login')->with('alert-warning', 'Too many login attempts');
}
protected function hasTooManyLoginAttempts(Request $request)
{
$maxLoginAttempts = 3;
$lockoutTime = 1; // In minutes
return $this->limiter()->tooManyAttempts(
$this->throttleKey($request), $maxLoginAttempts, $lockoutTime
);
}
解決方案7
0 2017-07-19 13:45:28
試試我的版本:
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller{
use AuthenticatesUsers;
public function login(Request $request){
if($this->hasTooManyLoginAttempts($request)){
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}else{
if (Auth::attempt(['username' => $request->login_username, 'password' => $request->login_password])) {
session()->put(['username'=>Auth::user()->username,'userid'=>Auth::user()->id]);
return redirect()->intended('anydashboard');
}else{
$this->incrementLoginAttempts($request);
//my '/' path is the login page, with customized response msg...
return redirect('/')->with(['illegal'=>'Login failed, please try again!'])->withInput($request->except('password'));
}
}
}
}
為了使用 Eloquent Model Auth(默認),你的 AUTH_MODEL 應該實現 AuthenticatableContract,所以仔細檢查你的模型:
namespace App;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Auth\Authenticatable;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
class User extends Model implements AuthenticatableContract,CanResetPasswordContract
{
use Authenticatable, CanResetPassword;
//protected $fillable = [];
...
}
Laravel:在自定義登錄控制器中使用節流閥
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.