php怎么对登录失败的次数进行限制-群英

上一篇：PHP中的header头定义有哪些，你知道多少？下一篇：ThinkPHP框架怎样使用？ThinkPHP框架用法详解

php怎么对登录失败的次数进行限制？如果同一站号在同一IP下连续登陆失败多次，出于用户的账号安全问题考虑，我们需要对登陆失败的次进行限制，超出次数，账号应该被锁定。那么要如何实现这一操作呢？

在用户身份验证的情况下，Laravel 具有内置的身份验证系统。我们可以根据要求轻松修改它。身份验证中包含的功能之一是Throttling.

为什么我们需要throttling保护？

基本上，throttling是用来保护暴力攻击的。它将在一定时间内检查登录尝试。在短登录中，throttling会计算用户或机器人尝试失败的登录尝试次数。

使用自定义登录实现限制

默认情况下，在内置身份验证控制器中实现限制。但是，如果我们需要实现它到自定义登录呢？实现自定义登录限制非常容易。首先，我们必须将ThrottlesLogins trait包含到您的控制器中。

use Illuminate\Foundation\Auth\ThrottlesLogins;

现在，将此ThrottlesLogins trait 加到控制器中。

namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
 use ThrottlesLogins;
 ......

现在转到用于对用户进行身份验证的方法。在我的例子中，我使用了 login() POST 方法。并粘贴以下代码:

public function login(Request $request)
{
 // Authenticate Inputs
 $request->validate([
 'username' => 'required', 
 'password' => 'required|min:6|max:18'
 ]);
 // If the class is using the ThrottlesLogins trait, we can automatically throttle
 // the login attempts for this application. We'll key this by the username and
 // the IP address of the client making these requests into this application.
 if (method_exists($this, 'hasTooManyLoginAttempts') &&
 $this->hasTooManyLoginAttempts($request)) {
 $this->fireLockoutEvent($request);
 return $this->sendLockoutResponse($request);
 }
 
 .......

首先，我们验证了用户提交的输入，然后实现了hasTooManyLoginAttempts() 方法。此方法将检查用户在某个时间是否执行过一定数量的失败尝试，然后系统将通过sendLockoutResponse() 方法阻止该用户。

现在，我们必须通过incrementLoginAttempts()方法指示对ThrottlesLogins trait的失败登录尝试。

if( Auth::attempt(['username' => $username, 'password' => $password]) ){
 // Redirect to appropriate dashboard 
}
else {
 // If the login attempt was unsuccessful we will increment the number of attempts
 // to login and redirect the user back to the login form. Of course, when this
 // user surpasses their maximum number of attempts they will get locked out.
 $this->incrementLoginAttempts($request);
 return redirect()->back()
  ->withInput($request->all())
  ->withErrors(['error' => 'Please check your username / password.']);
}

您还可以通过$maxAttempts和$decayMinutes属性更改允许的最大尝试次数和限制的分钟数。在这里，您可以找到完整的代码。

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\ThrottlesLogins;
class AuthController extends Controller
{
 use ThrottlesLogins;
 /**
  * The maximum number of attempts to allow.
  *
  * @return int
  */
 protected $maxAttempts = 5;
 /**
  * The number of minutes to throttle for.
  *
  * @return int
  */
 protected $decayMinutes = 1;
 public function login(Request $request)
 {
  // Authenticate Inputs
  $request->validate([
   'username' => 'required', 
   'password' => 'required|min:6|max:18'
  ]);
  // If the class is using the ThrottlesLogins trait, we can automatically throttle
  // the login attempts for this application. We'll key this by the username and
  // the IP address of the client making these requests into this application.
  if (method_exists($this, 'hasTooManyLoginAttempts') &&
   $this->hasTooManyLoginAttempts($request)) {
   $this->fireLockoutEvent($request);
   return $this->sendLockoutResponse($request);
  }
  $username = $request->username;
  $password = $request->password;
  
  if( Auth::attempt(['username' => $username, 'password' => $password]) ){
   // Redirect to appropriate dashboard 
  }
  else {
   // If the login attempt was unsuccessful we will increment the number of attempts
   // to login and redirect the user back to the login form. Of course, when this
   // user surpasses their maximum number of attempts they will get locked out.
   $this->incrementLoginAttempts($request);
   return redirect()->back()
    ->withInput($request->all())
    ->withErrors(['error' => 'Please check your username / password.']);
  }
 }
}
Related Posts:

总结

以上就是关于php对登录失败次数进行限制的介绍，上文有具体代码，有需要的朋友可以参考，更多PHP内容大家可以继续关注其他文章。