1

I need to add the functionality that toomanyloginattempts with my login . now its not working. Iam using Laravel Framework 5.1.45 (LTS). The code that i used is mentioned below. My controller function is

    <?php
    use App\Libraries\SessionHelper;
    use App\Libraries\ConfigUtils;
    use App\Libraries\GeneralLib;
    use App\Models\OrgSettings;
    use App\Http\Controllers\Controller;
    use Illuminate\Foundation\Auth\ThrottlesLogins;
    use Illuminate\Foundation\Auth\AuthenticatesUsers;
    use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

    class LoginController extends Controller {
     use AuthenticatesAndRegistersUsers, ThrottlesLogins;

      public function doLogin() {
        $email = Input::get('email');
        $pass = Input::get('password');
        $candidate_login_user = User::getUserByEmail($email);
        $data = User::authenticate($email, $pass);
        if (empty($data)) {
          User::logFailedAuthentication($email, $candidate_login_user->organization);
          Session::flash('error', "Incorrect email or password.");
          return Redirect::to('/login');
        }

    }

my view page is as follows

    <form action="login" method="post">
                    <div class="body bg-gray">
                       <div class="alert alert-danger">
        <strong >Whoops!</strong> There were some problems with your input.<br><br>
        <ul>
            @foreach ($errors->all() as $error)
                <li>{{ $error }}</li>
            @endforeach
        </ul>
    </div>
@endif

                        <?php
                            Session::forget('error');
                            Session::forget('success');
                        ?>
                        <div class="form-group">
                            <input type="email" name="email" class="form-control"
                                placeholder="email"/>
                        </div>
                        <div class="form-group">
                            <input type="password" name="password"
                                class="form-control" placeholder="password"/>
                        </div>
user2830078
  • 39
  • 6
  • "now its not working" - in what way? not authenticating, or not limiting attempts, or are you getting a 500 error, or a blank page? what are the random `=` signs at the bottom of your controller class? – HorusKol Feb 15 '20 at 05:24
  • toomany login attempts is not showing even after many failed logins. How can i achieve this? – user2830078 Feb 15 '20 at 05:34
  • i have added use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Foundation\Auth\AuthenticatesUsers; in controller and inside my class LoginController extends Controller { use AuthenticatesAndRegistersUsers, ThrottlesLogins; but not working – user2830078 Feb 15 '20 at 05:35
  • in the code that i mentioned above – user2830078 Feb 15 '20 at 06:02
  • Is the `doLogin` your own code? And that is the action you're routing to when the user submits the form? – HorusKol Feb 15 '20 at 06:11
  • yes doLogin is my custom function. i need to lockout the user after 5 failure attempts. – user2830078 Feb 15 '20 at 06:16

1 Answers1

0

Since you're implementing your own login action it is not enough to just add the traits to your LoginController to implement throttling.

You need to be checking the hasTooManyLoginAttempts method from your doLogin action, and firing the lockout event yourself, if necessary.

public function doLogin(\Illuminate\Http\Request $request) {
    if ($this->hasTooManyLoginAttempts($request)) {
        $this->fireLockoutEvent($request);

        return $this->sendLockoutResponse($request);
    }


    $email = Input::get('email');
    $pass = Input::get('password');
    $candidate_login_user = User::getUserByEmail($email);
    $data = User::authenticate($email, $pass);


    if (empty($data)) {
        User::logFailedAuthentication($email, $candidate_login_user->organization);
        Session::flash('error', "Incorrect email or password.");
        $this->incrementLoginAttempts($request);
        return Redirect::to('/login');
    }
}

Altogether, I think you'd be better off simply using the built-in Auth controllers to handle your login (or at least using them as a starting point) rather than reimplement your own.

HorusKol
  • 8,375
  • 10
  • 51
  • 92