Limit the number of login failures
If you use Laravel's built-in AuthController class, you can use the IlluminateFoundationAuthThrottlesLogins trait to limit the number of user login failures. By default, users will be unable to log in for one minute after several failed login attempts. This restriction is based on the user's username/email address IP address:
<?php
namespace AppHttpControllersAuth;
use AppUser;use Validator;
use AppHttpControllersController;
use IlluminateFoundationAuthThrottlesLogins;
use IlluminateFoundationAuthAuthenticatesAndRegistersUsers;
class AuthController extends Controller{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
// AuthController类的其它部分...}
The document is written like this, I can’t understand it
黄舟2017-05-31 10:35:58
A new access frequency limiting middleware has been built into the framework, allowing you to easily limit the number of requests to a route from a given IP address in a specified period of time. For example, to limit an IP address to accessing a route 60 times per minute, you can do this:
Route::get('/api/users', ['middleware' => 'throttle:60,1', function () {
//
}]);
淡淡烟草味2017-05-31 10:35:58
Thanks for the invitation
Disclaimer: I have not used it
Idea
Refer to the source code ThrottlesLogins
You can introduce the trait and rewrite the hasTooManyLoginAttempts function to achieve the effect.
黄舟2017-05-31 10:35:58
I have recorded videos on actual use and source code interpretation before: https://www.laravist.com/seri...