class AuthController extends Controller
{
//
use ThrottlesLogins, AuthenticatesAndRegistersUsers;
protected $redirectTo = 'admin/index';
protected $loginView = 'admin/login';
protected $guard = 'admin';
protected $redirectAfterLogout = 'admin/login';
protected $maxLoginAttempts = 5; //每分钟最大尝试登录次数
protected $lockoutTime = 600; //登录锁定时间
function __construct()
{
$this->middleware('guest:admin', ['except' => 'logout']);
}
protected function validator(array $data)
{
return Validator::make($data, [
'username' => 'required|max:255',
'email' => 'required|email|max:255|unique:admin_users',
'password' => 'required|confirmed|min:6',
]);
}
/**
* @param Request $request
*/
protected function validateLogin(Request $request)
{
$this->validate($request,[
$this->loginUsername() => 'required',
'password' => 'required',
'captcha' => 'required|captcha'
], [
'email.required' => '邮箱必须',
'password.required' => '密码必须',
'captcha.captcha' => '验证码错误',
'captcha.required' => '验证码必须',
]);
}
/**
* 重写登录
* @param Request $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
*/
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
$throttles = $this->isUsingThrottlesLoginsTrait();
//dd($this->hasTooManyLoginAttempts($request));
if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
//日志记录
$this->login_logs(['email'=>$request->input('email'), 'login_ip'=>$request->ip(), 'login_result'=>0, 'comments'=>'限制登录10分钟']);
return $this->sendLockoutResponse($request);
}
$credentials = $this->getCredentials($request);
if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
//日志记录
$this->login_logs(['email'=>$request->input('email'), 'login_ip'=>$request->ip(), 'login_result'=>1, 'comments'=>'登录成功']);
return $this->handleUserWasAuthenticated($request, $throttles);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if ($throttles && ! $lockedOut) {
//日志记录
$this->login_logs(['email'=>$request->input('email'), 'login_ip'=>$request->ip(), 'login_result'=>0, 'comments'=>'登录失败']);
$this->incrementLoginAttempts($request);
}
return $this->sendFailedLoginResponse($request);
}
/**
* 登录记录
* @param $data
*/
private function login_logs ($data)
{
LoginLog::create($data);
}
}
直接重写login方法,其实我是复制了原方法然后加入了一些自己的东西。
主要的一些修改就是:
- 加入验证码(自定义了验证信息及提示)。
- 后台登录频率的限制。
登录日志记录。
很粗糙。。下班了。。。