1 year ago

How to make IP and user block for false login attempts

Posted 1 year ago by patrickg99


I have searched all over the internet for a solution that will block the IP from someone who tries to log in with different email credentials and that will block user accounts that log in three times with different passwords.

I am using the plain make:auth login from laravel and I have made an extra column in my users table called "blocked_at". I know I am supposed to make another table in phpmyadmin but I am just very new to php and laravel, can someone help me with the problem, please?

This is my LoginController.php so far


namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;

class LoginController extends Controller
    use AuthenticatesUsers;

     * Where to redirect users after login.
     * @var string
    protected $redirectTo = '/home';

     * Create a new controller instance.
     * @return void
    public function __construct()
//        $this->middleware('guest')->except('logout');
        $this->middleware('guest', ['except' => ['logout', 'logout']]);


  public function login(Request $request)

        // If the class is using the ThrottlesLogins trait, we can automatically throttle
        // the login attempts for this application. We'll key this by the username and
        // the IP address of the client making these requests into this application.
        if (method_exists($this, 'hasTooManyLoginAttempts') &&
            $this->hasTooManyLoginAttempts($request)) {

            return $this->sendLockoutResponse($request);

        if ($this->attemptLogin($request)) {
            return $this->sendLoginResponse($request);

        // If the login attempt was unsuccessful we will increment the number of attempts
        // to login and redirect the user back to the login form. Of course, when this
        // user surpasses their maximum number of attempts they will get locked out.

        return $this->sendFailedLoginResponse($request);

As you can see I only copied the function login so far but I don't know what to do next.

BTW I am using laravel 5.8

Please sign in or create an account to participate in this conversation.