如何在 3 次错误登录尝试后在 laravel 上再次启用锁定用户
How to enable locked user again on laravel after 3 wrong attempts on login
您好,我正在使用以下代码安全性并且它正在运行。但是我想知道如何按照代码再次启用锁定帐户:
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return redirect('/login')->withErrors(array('error' => 'Your account has been disabled because of too many wrong attempts'));
}
//check if user is deactivated by admin
$user = User::where('email', $request->email_username)->first();
if ($user && !$user->active) {
return redirect('/login')->withErrors(array('error' => 'Your account has been disabled by an administrator.'));
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return redirect('/login')->withErrors(array('error' => 'Your account has been disabled because of too many wrong attempts'));
}
if(isset($user) && !empty($user)){
$request->session()->forget('password_expired_id');
$password_updated_at = $user->passwordSecurity->password_updated_at;
$password_expiry_days = $user->passwordSecurity->password_expiry_days;
$password_expiry_at = Carbon::parse($password_updated_at)->addDays($password_expiry_days);
if($password_expiry_at->lessThan(Carbon::now()) || $user->force_reset == "1"){
$request->session()->put('password_expired_id',$user->id);
auth()->logout();
return redirect('/passwordExpiration')->with('message', "Your Password is expired, You need to change your password.");
}
}
如果您使用的是内置身份验证,您可以将 maxAttempts 属性 添加到 App\Http\Controllers\Auth\LoginController 并将其分配给 3.
有内置节流,但如果您需要编写自定义逻辑,您可以 override sendLockoutResponse() 方法(同样在 LoginController 中)或监听Illuminate\Auth\Events\Lockout 事件。
请记住,锁定用户的帐户可能不是一个好主意,因为任何用户都可以锁定任何其他用户的帐户...
您好,我正在使用以下代码安全性并且它正在运行。但是我想知道如何按照代码再次启用锁定帐户:
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return redirect('/login')->withErrors(array('error' => 'Your account has been disabled because of too many wrong attempts'));
}
//check if user is deactivated by admin
$user = User::where('email', $request->email_username)->first();
if ($user && !$user->active) {
return redirect('/login')->withErrors(array('error' => 'Your account has been disabled by an administrator.'));
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return redirect('/login')->withErrors(array('error' => 'Your account has been disabled because of too many wrong attempts'));
}
if(isset($user) && !empty($user)){
$request->session()->forget('password_expired_id');
$password_updated_at = $user->passwordSecurity->password_updated_at;
$password_expiry_days = $user->passwordSecurity->password_expiry_days;
$password_expiry_at = Carbon::parse($password_updated_at)->addDays($password_expiry_days);
if($password_expiry_at->lessThan(Carbon::now()) || $user->force_reset == "1"){
$request->session()->put('password_expired_id',$user->id);
auth()->logout();
return redirect('/passwordExpiration')->with('message', "Your Password is expired, You need to change your password.");
}
}
如果您使用的是内置身份验证,您可以将 maxAttempts 属性 添加到 App\Http\Controllers\Auth\LoginController 并将其分配给 3.
有内置节流,但如果您需要编写自定义逻辑,您可以 override sendLockoutResponse() 方法(同样在 LoginController 中)或监听Illuminate\Auth\Events\Lockout 事件。
请记住,锁定用户的帐户可能不是一个好主意,因为任何用户都可以锁定任何其他用户的帐户...