当前位置:网站首页>Laravel notes - add the function of locking accounts after 5 login failures in user-defined login (improve system security)
Laravel notes - add the function of locking accounts after 5 login failures in user-defined login (improve system security)
2022-07-06 20:42:00 【IT1995】
The login used here is to read foreigners' custom login and registration functions , It's using Laravel8, If you use this online directly , Not very safe. . If it is brutally cracked , It's troublesome to keep trying , There are too many script boys now , The threshold is low , Ordinary people can learn to disgust others in a few days . Here I write a train of thought , I don't know and php Is the mainstream the same . Anyway, I write SpringBoot This idea is used in the project .
First build a users_lock surface
Among them the users_email and users Table correspondence , There is no foreign key relationship , It's equivalent to being independent , The design here is not very good , But I feel that small sites are enough .
Corresponding SQL That's true :
CREATE TABLE `users_lock` (
`user_email` varchar(255) NOT NULL,
`login_num` int(11) DEFAULT 5,
`last_time` timestamp NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP,
`lock_time` timestamp NULL DEFAULT NULL,
PRIMARY KEY (`user_email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Fill in this table when registering , Just fine .
The key is to log in , My logic is like this :
public function customLogin(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required|min:6|max:128',
'captcha' => 'required|captcha'
]);
// verification
date_default_timezone_set('Asia/Shanghai');
$userLock = UserLock::find($request['email']);
if(!$userLock){
return redirect()->back()->withErrors(' Username or password incorrect ');
}
if($userLock['last_time'] < date('Y-m-d H:i:s',strtotime('-5 minute')) && $userLock['login_num'] <= 0){
$userLock['login_num'] = 5;
$userLock->save();
}
// lock
if($userLock['login_num'] <= 0){
return redirect()->back()->withErrors(' Account lock , Unlock time ' . $userLock['lock_time']);
}
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
return redirect()->intended('dashboard')
->withSuccess('Signed in');
}
// frequency
$userLock['login_num'] -= 1;
if($userLock['login_num'] <= 0){
$userLock['lock_time'] = date('Y-m-d H:i:s',strtotime('+5 minute'));
}
$userLock->save();
return redirect()->back()->withErrors(' Wrong user name or password ');
}
Logic :
① First detect users_lock Whether this user exists in , If so, continue , without , Go straight back ;
② Determine whether the number of attempts is 0, If 0, also last_time, Be overdue ( Than the current time -5 Minutes should be small ), Just count the number of attempts , Reset to 5.
( There is no way here , If you have conditional friends , It is suggested to use the scheduling thread to do , Every time 5 Run every minute , Or directly use the timer of the database )
③ When login_time by 0 when , It means that the account has been locked .
④ Use Laravel Of Auth To verify the username and password .
⑤ Login times -5, If the number of logins <=0 Just lock the account , Lock to the current time +5 minute .
here UserLock Class is like this :
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
class UserLock extends Model
{
protected $table = "users_lock";
protected $primaryKey = 'user_email';
protected $keyType = 'string';
public $timestamps = false;
}
It can be used :
边栏推荐
- 解剖生理学复习题·VIII血液系统
- Force deduction brush question - 98 Validate binary search tree
- 【DSP】【第一篇】开始DSP学习
- Tencent T4 architect, Android interview Foundation
- 逻辑是个好东西
- In unity space, an object moves around a fixed point on the sphere at a fixed speed
- Spark SQL chasing Wife Series (initial understanding)
- Kubernetes learning summary (20) -- what is the relationship between kubernetes and microservices and containers?
- 过程化sql在定义变量上与c语言中的变量定义有什么区别
- [DIY]如何制作一款個性的收音機
猜你喜欢
[diy] self designed Microsoft makecode arcade, official open source software and hardware
[weekly pit] information encryption + [answer] positive integer factorization prime factor
(工作记录)2020年3月11日至2021年3月15日
15 millions d'employés sont faciles à gérer et la base de données native du cloud gaussdb rend le Bureau des RH plus efficace
B-jiege's tree (pressed tree DP)
Distributed ID
【每周一坑】输出三角形
逻辑是个好东西
Deep learning classification network -- zfnet
拼多多败诉,砍价始终差0.9%一案宣判;微信内测同一手机号可注册两个账号功能;2022年度菲尔兹奖公布|极客头条
随机推荐
In unity space, an object moves around a fixed point on the sphere at a fixed speed
SSO single sign on
Learn to punch in Web
棋盘左上角到右下角方案数(2)
(工作记录)2020年3月11日至2021年3月15日
Rhcsa Road
SQL injection 2
Maximum likelihood estimation and cross entropy loss
过程化sql在定义变量上与c语言中的变量定义有什么区别
1_ Introduction to go language
[DSP] [Part 2] understand c6678 and create project
华为设备命令
Basic knowledge of lists
知识图谱之实体对齐二
Gui Gui programming (XIII) - event handling
【DSP】【第一篇】开始DSP学习
Zoom with unity mouse wheel: zoom the camera closer or farther
I've seen many tutorials, but I still can't write a program well. How can I break it?
Anaconda安裝後Jupyter launch 沒反應&網頁打開運行沒執行
Build your own application based on Google's open source tensorflow object detection API video object recognition system (IV)