Are you concern that someone attempt login to get unauthorized in you app? this is a right place because today I am going to show you how can we block user doing attempts login in you application. Laravel can track attempt login which we can use this feature to prevent brute force attack your account credential.
One of Laravel features is Login throttling, you can enabled and custom message error when user tries to login more than 5 times per minute, by default.
The below step I will show you how to set limit login attempt in Laravel.
Noted: Well tested in Laravel 9
Custom limit login within specific minute.
Open file App -> Http -> Controllers -> Auth -> LoginController.php
class LoginController extends Controller
{
protected $maxAttempts = 3; // default is 5
protected $decayMinutes = 2; // default is 1
// ...
}
These properties means if user enter 3 times wrong email or password in a row, you will stuck with the message error login attempts.
If you want to know what's behind the scene? you can see the throttle trait where all the functions are declared. Okay let's go bottom then you will see those two functions. No modified is required
Open file vendor -> laravel -> ui -> auth-backend -> ThrottlesLogins.php
<?php
/**
* Get the maximum number of attempts to allow.
*
* @return int
*/
public function maxAttempts()
{
return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;
}
/**
* Get the number of minutes to throttle for.
*
* @return int
*/
public function decayMinutes()
{
return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;
}
You also can change to message error as well
Open file lang -> en -> auth.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Language Lines
|--------------------------------------------------------------------------
|
| The following language lines are used during authentication for various
| messages that we need to display to the user. You are free to modify
| these language lines according to your application's requirements.
|
*/
'failed' => 'These credentials do not match our records.',
'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',
];
Another option you can set middleware to the specific login route as below example
Route::post("/admin/login",[LoginController::class,'login'])->middleware("throttle:5,2");
The separate value colum where will send 5 request in 2 minutes. Hope this short tutorial how to limit rate login attempts in Laravel help you. Have a nice day!!
You might also like...
Founder of CamboTutorial.com, I am happy to share my knowledge related to programming that can help other people. I love write tutorial related to PHP, Laravel, Python, Java, Android Developement, all published post are make simple and easy to understand for beginner. Follow him