/** * Calls throttleIdentity of the loginThrottler and returns false * if the throttleCount is grater then the 'throttle_limit' config. * Also sleeps a little in order to avoid dicionary attacks. * * @param mixed $identity. * * @return boolean False if the identity has reached the 'throttle_limit'. */ protected function loginThrottling($identity) { $count = $this->loginThrottler->throttleIdentity($identity); if ($count >= $this->app['config']->get('confide::throttle_limit')) { return false; } // Throttling delay! // See: http://www.codinghorror.com/blog/2009/01/dictionary-attacks-101.html if ($count > 2) { usleep(($count - 1) * 400000); } return true; }
/** * Calls throttleIdentity of the loginThrottler and returns false * if the throttleCount is grater then the 'throttle_limit' config. * Also sleeps a little in order to avoid dictionary attacks. * * @param mixed $identity. * * @return boolean False if the identity has reached the 'throttle_limit'. */ protected function loginThrottling($identity) { $count = $this->loginThrottler->throttleIdentity($identity); $throttle_limit = $this->app->make('config')->get('confide.throttle_limit'); // Make it easy to notice that retrieving throttle_limit didn't work assert(isset($throttle_limit), 'Throttle limit could not be retrieved from config'); if ($count >= $throttle_limit) { return false; } // Throttling delay! // See: http://www.codinghorror.com/blog/2009/01/dictionary-attacks-101.html if ($count > 2) { usleep(($count - 1) * 400000); } return true; }