Limit login attempts in Laravel 5.7

Question

I have Laravel 5.7 project with custom login. How can I let Laravel accept three login attempts after that redirect for page waiting to 2 or 3 min, etc?

public function loginPost(LoginRequest $request)
{
    if (Auth::attempt(array('user_name' => $request->user_name, 'password' => $request->user_pass)))
    {
        if(Auth::check())
            return redirect('/');
        else
            return back();
    }
    else
    {
        return "login faled call administrator";
    }
}

Answer 1

you can do it in two way

1. add the Laravel built-in throttle middleware in route for example

    Route::post("/user/login","LoginController@login")->middleware("throttle:10,2");
   

it will allow 10 requests per 2 minute

2. Use the Built-in Trait ThrottlesLogins

first, add ThrottlesLogins trait in the loginController and this line in the login method

if ($this->hasTooManyLoginAttempts($request)) {
    $this->fireLockoutEvent($request);
    return $this->sendLockoutResponse($request);
}

if(attempt()) {
    $this->clearLoginAttempts($request);
}else {
  $this->incrementLoginAttempts($request);
}

if attempt successfully then add this line in the attempt method

$this->clearLoginAttempts($request);

else fail login then add this line in else condition

$this->incrementLoginAttempts($request);

Answer 2

open you login controller

App\Http\Controllers\Auth\LoginController.php

and paste it

protected $maxAttempts = 1;
protected $decayMinutes = 1;

Answer 3

For Laravel 8 Developers you don't need to provide a trait or any thing because it is a build-in feature all you have to do is to put the middle ware chaining with the route you want to protect with limit rates like below

Route::post("/user/login",[LoginController::class,'login'])->middleware("throttle:10,2");

as same as @Jignesh Joisar explanation

Answer 4

you need to use ThrottlesLogins trait in your controller and then you can controll it via properies maxAttempts / decayMinutes

....
class TagController extends Controller
{
  use ThrottlesLogins;

  protected $maxAttempts = 5;
  protected $decayMinutes = 1;
...

Answer 5

Open App\Http\Controllers\Auth\AuthController.php and add these lines:

protected $maxLoginAttempts = 10; 
protected $lockoutTime = 120;