Level 5
Maybe check out the Laravel Throttle package.
Mar 5, 2015
2
Level 2
How to add a condition for logging in (while still using Laravel's built-in authentication)
Hi, I am trying to add a custom condition for logging in a user, so that I can prevent a brute force attack. So for example, only letting the user log in if they have less than 3 failed log-in attempts in the last 10 minutes.
I tried adding the following code to AuthController.php (it is a simplified version of the code provided in the docs) to test if it controls who can log in, but it did not work. I'm not sure where I would need to call the function:
public function authenticate()
{
if (Auth::attempt(['email' => 'someone@example.com']))
{
return redirect()->intended('dashboard');
}
}
I would rather not have to write out every part of the authentication myself. Is there a way of using the provided authentication but just adding an extra condition myself, please?
Level 2
Thanks dawiyo! So I have followed the installation and configuration instructions, but I am stuck on how to actually use it. For example, I have tried the following, slightly adjusted from the example in the usage instructions:
use Illuminate\Support\Facades\Route;
Route::get('throttle', array('before' => 'throttle:3,1', function () {
return 'Why herro there!';
}, ));
And I am still able to access /throttle as many times as I like, so the throttling doesn't seem to be doing anything.
Please or to participate in this conversation.