Limit login attempts in Laravel 5.7

Question

I have Laravel 5.7 project with custom login. How can I let Laravel accept three login attempts after that redirect for page waiting to 2 or 3 min, etc?

public function loginPost(LoginRequest $request)
{
    if (Auth::attempt(array('user_name' => $request->user_name, 'password' => $request->user_pass)))
    {
        if(Auth::check())
            return redirect('/');
        else
            return back();
    }
    else
    {
        return "login faled call administrator";
    }
}

Answer 1

you can do it in two way

1. add the Laravel built-in throttle middleware in route for example

    Route::post("/user/login","LoginController@login")->middleware("throttle:10,2");
   

it will allow 10 requests per 2 minute

2. Use the Built-in Trait ThrottlesLogins

first, add ThrottlesLogins trait in the loginController and this line in the login method

if ($this->hasTooManyLoginAttempts($request)) {
    $this->fireLockoutEvent($request);
    return $this->sendLockoutResponse($request);
}

if(attempt()) {
    $this->clearLoginAttempts($request);
}else {
  $this->incrementLoginAttempts($request);
}

if attempt successfully then add this line in the attempt method

$this->clearLoginAttempts($request);

else fail login then add this line in else condition

$this->incrementLoginAttempts($request);