/** * Show the application login form. * * @return \Illuminate\Http\Response */ public function getLogin() { //dd("loaded"); // get the current request object //Throttle::clear(); $request = Request::getFacadeRoot(); //dd($request); // throttler object for that request, X, Y // X = tries, Y = minutes $throttler = Throttle::get($request, Config::get('kagi.throttle', '3'), Config::get('kagi.time_out', '2')); //dd($throttler); /* // check if we've gone over the limit var_dump($throttler->check()); // implement Countable var_dump($throttler->count()); // the attempt function will hit the throttle, then return check var_dump(Throttle::attempt($request)); */ // Check throttle, return with error if (!Throttle::attempt($request, 5)) { Flash::error(trans('kotoba::auth.error.not_approved')); } return Theme::View('modules.kagi.auth.login'); }
public function login(Request $request) { $data = $request->only('username', 'password'); $gcm_token = $request->get('gcm_token'); $throttler = Throttle::get($request, 5, 1); if (!$throttler->check()) { $response = Response(['error' => 'too many wrong requests']); $response->setStatusCode('420', "Enhance Your Calm"); return $response; } try { if (!($token = JWTAuth::attempt($data))) { // Invalid authentication, hit the throttler $throttler->hit(); return response()->json(['error' => true, 'message' => 'invalid_credentials'], 401); } // We have a google token, so let's set it if (null != $gcm_token) { $user = JWTAuth::toUser($token); $user->setGCMToken($gcm_token); $user->save(); } } catch (JWTException $e) { $throttler->hit(); return response()->json(['error' => true, 'message' => 'couldnt_create_token'], 401); } return response()->json(compact('token')); }
/** * @param Request $request * @return mixed */ public function postLogin(Request $request) { $validator = Validator::make($request->all(), ['email' => 'required|email', 'password' => 'required']); //檢查登入冷卻,防止惡意登入 $throttle = Throttle::get($request, 5, 10); //密碼錯誤三次後,追加reCaptcha $validator->sometimes('g-recaptcha-response', 'required', function ($input) use($throttle) { return $throttle->count() >= 3; }); if ($validator->fails()) { return Redirect::route('user.login')->withErrors($validator)->withInput(); } else { //檢查登入次數 if (!$throttle->check()) { return Redirect::route('user.login')->with('warning', '嘗試登入過於頻繁,請等待10分鐘。')->with('delay', 10 * 60)->withInput(); } //上線環境再檢查 if (App::environment('production') && !empty(env('reCAPTCHA_Site_key'))) { //密碼錯誤三次後,追加檢查reCaptcha if ($throttle->count() >= 3) { $result = ReCaptchaHelper::tryPassGoogleReCAPTCHA($request); if (!(is_bool($result->success) && $result->success)) { LogHelper::info('[reCAPTCHA Failed]', $result); return Redirect::route('user.login')->with('warning', '沒有通過 reCAPTCHA 驗證,請再試一次。')->withInput(); } } } //增加次數 $throttle->hit(); $remember = $request->has('remember') ? true : false; $auth = Auth::attempt(['email' => $request->get('email'), 'password' => $request->get('password')], $remember); if ($auth) { $user = Auth::user(); //更新資料 $user->lastlogin_ip = $request->getClientIp(); $user->lastlogin_at = Carbon::now()->toDateTimeString(); $user->save(); //移除重新設定密碼的驗證碼 DB::table('password_resets')->where('email', '=', $user->email)->delete(); //記錄 LogHelper::info('[LoginSucceeded] 登入成功:' . $request->get('email'), ['email' => $request->get('email'), 'ip' => $request->getClientIp()]); //重導向至登入前頁面 if (Session::has('previous-url')) { return Redirect::to(Session::get('previous-url'))->with('global', '已順利登入'); } else { return Redirect::intended('/')->with('global', '已順利登入'); } } else { //紀錄 LogHelper::info('[LoginFailed] 登入失敗:' . $request->get('email'), ['email' => $request->get('email'), 'ip' => $request->getClientIp()]); return Redirect::route('user.login')->with('warning', '帳號或密碼錯誤'); } } }