Limit login attempts in Laravel 5.7

php laravel laravel-5 laravel-5.7

10,321

Solution 1

u can do by two way

add laravel bulit in throttle middleware in route for example

Route::post("/user/login","LoginController@login")->middleware("throttle:10,2");

it will send 10 request per 2 minute

2.Use Built in Trait ThrottlesLogins

first of add ThrottlesLogins trait in loginController and this line in login method

if ($this->hasTooManyLoginAttempts($request)) {
    $this->fireLockoutEvent($request);
    return $this->sendLockoutResponse($request);
}

if(attempt()) {
    $this->clearLoginAttempts($request);
}else {
  $this->incrementLoginAttempts($request);
}

if attempt successfully then add this line in attempt method

$this->clearLoginAttempts($request);

else fail login then add this line in else condition

$this->incrementLoginAttempts($request);

Solution 2

open you login controller

App\Http\Controllers\Auth\LoginController.php

and paste it

protected $maxAttempts = 1;
protected $decayMinutes = 1;

Solution 3

For Laravel 8 Developers you don't need to provide a trait or any thing because it is a build-in feature all you have to do is to put the middle ware chaining with the route you want to protect with limit rates like below

Route::post("/user/login",[LoginController::class,'login'])->middleware("throttle:10,2");

as same as @Jignesh Joisar explanation

10,321

Author by

Awar Pulldozer

Updated on September 03, 2022

Comments

Awar Pulldozer over 1 year

I have Laravel 5.7 project with custom login. How can I let Laravel accept three login attempts after that redirect for page waiting to 2 or 3 min, etc?

public function loginPost(LoginRequest $request)
{
    if (Auth::attempt(array('user_name' => $request->user_name, 'password' => $request->user_pass)))
    {
        if(Auth::check())
            return redirect('/');
        else
            return back();
    }
    else
    {
        return "login faled call administrator";
    }
}