Today now in this post i will show you How to use Login Throttle in Laravel? We know Laravel framework provide us an inbuilt throttling for the login. Laravel manage the throttle by using cache facade. Now in this post i will add the whole AuthController file code that way we can understand very well. We can see the login Post method and also understand how it is works.
So we are know that login throttle is for very important security purpose, throttle will help us to block the user for sometime if he write wrong username and password many times. As like, if we want to give 5 try to login with wrong password but if any one will 6 try then it will block the user for 1 minute or 5 minutes as you will set.
So, it will be very secure for our laravel application.
AuthController.php
namespace App\Http\Controllers\Auth;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request;
class AuthController extends Controller
{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
public function loginPost(Request $request)
{
$this->validate($request, [
'email' => 'required|email',
'password' => 'required',
]);
/*If the class is using the ThrottlesLogins trait, we can automatically throttle
the login attempts for this application. We'll key this by the username and
the IP address of the client making these requests into this application.*/
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
$key = $this->getThrottleKey($request).':lockout';
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
$input = $request->input();
if (auth()->attempt(array('email' => $input['email'], 'password' => $input['password'])))
{
return $this->handleUserWasAuthenticated($request, $throttles);
}
/*If the login attempt was unsuccessful we will increment the number of attempts
to login and redirect the user back to the login form. Of course, when this
user surpasses their maximum number of attempts they will get locked out.*/
if ($throttles && ! $lockedOut) {
$this->incrementLoginAttempts($request);
}
return $this->sendFailedLoginResponse($request);
}
}
Read Also : Laravel 8 Mobile Number Verification Tutorial
Thanks for read. I hope it help you. For more you can follow us on facebook