Hi Everybody,
Today we will discuss about how to add custom condition for logging in a user for prevent a brute force in Laravel 5.0
As you know Laravel provide throttle library for loaravel 5.1 and newer version, but for laravel 5.0 there is no prdefined throttle so we need to add a custom throttle.
If a user do login with wrong password, so after x attampt account will be lock for y minutes.
See code for this
Inside AuthController.php
Today we will discuss about how to add custom condition for logging in a user for prevent a brute force in Laravel 5.0
As you know Laravel provide throttle library for loaravel 5.1 and newer version, but for laravel 5.0 there is no prdefined throttle so we need to add a custom throttle.
If a user do login with wrong password, so after x attampt account will be lock for y minutes.
See code for this
Inside AuthController.php
public function authenticate()
{
// Set login attempts and login time
$loginAttempts = 1;
// If session has login attempts, retrieve attempts
// counter and attempts time
if (Session::has('loginAttempts'))
{
$loginAttempts = Session::get('loginAttempts');
$loginAttemptTime = Session::get('loginAttemptTime');
// If attempts > 3 and time < 10 minutes
if ($loginAttempts > 3 && (time() - $loginAttemptTime <= 600)
{
return redirect()-back()->with('error', 'maximum login
attempts reached. Try again in a while');
}
// If time > 10 minutes, reset attempts counter and time in session
if (time() - $loginAttemptTime > 600)
{
Session::put('loginAttempts', 1)
Session::put('loginAttemptTime', time());
}
}
else // If no login attempts stored, init login attempts and time
{
Session::put('loginAttempts', $loginAttempts);
Session::put('loginAttemptTime', time())
}
// If auth ok, redirect to restricted area
if (Auth::attempt(['email' => 'someone@example.com']))
{
return redirect()->intended('dashboard');
}
// Increment login attempts
Session::put('loginAttempts', $loginAttempts + 1);
}
Thanks
