Inicio Explorar Axuda
Rexistro Iniciar sesión
Apq
/
v2board
réplica de https://github.com/v2board/v2board.git
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

update: password check limit

tokumeikoi %!s(int64=2) %!d(string=hai) anos
pai
4398f05b91
achega
c36a54dae2
Modificáronse 4 ficheiros con 18 adicións e 3 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 12 0
      app/Http/Controllers/Passport/AuthController.php
  2. 2 1
      app/Utils/CacheKey.php
  3. 2 1
      resources/lang/en-US.json
  4. 2 1
      resources/lang/zh-CN.json

+ 12 - 0
app/Http/Controllers/Passport/AuthController.php
Ver ficheiro 

@@ -190,6 +190,12 @@ class AuthController extends Controller
 
         $email = $request->input('email');
 
         $password = $request->input('password');
 
 
+        $passwordErrorCount = (int)Cache::get('PASSWORD_ERROR_LIMIT') || 0;
 
+
 
+        if ($passwordErrorCount >= 5) {
 
+            abort(500, __('Incorrect email or password'));
 
+        }
 
+
 
         $user = User::where('email', $email)->first();
 
         if (!$user) {
 
             abort(500, __('Incorrect email or password'));
 
@@ -200,6 +206,12 @@ class AuthController extends Controller
 
             $password,
 
             $user->password)
 
         ) {
 
+            $passwordErrorCount = Cache::get('PASSWORD_ERROR_LIMIT') || 0;
 
+            Cache::put(
 
+                CacheKey::get('PASSWORD_ERROR_LIMIT', $email),
 
+                (int)$passwordErrorCount + 1,
 
+                30 * 60
 
+            );
 
             abort(500, __('Incorrect email or password'));
 
         }

+ 2 - 1
app/Utils/CacheKey.php
Ver ficheiro 

@@ -20,7 +20,8 @@ class CacheKey
 
         'LAST_SEND_EMAIL_REMIND_TRAFFIC' => '最后发送流量邮件提醒',
 
         'SCHEDULE_LAST_CHECK_AT' => '计划任务最后检查时间',
 
         'REGISTER_IP_RATE_LIMIT' => '注册频率限制',
 
-        'LAST_SEND_LOGIN_WITH_MAIL_LINK_TIMESTAMP' => '最后一次发送登入链接时间'
 
+        'LAST_SEND_LOGIN_WITH_MAIL_LINK_TIMESTAMP' => '最后一次发送登入链接时间',
 
+        'PASSWORD_ERROR_LIMIT' => '密码错误次数限制'
 
     ];
 
 
     public static function get(string $key, $uniqueValue)

+ 2 - 1
resources/lang/en-US.json
Ver ficheiro 

@@ -93,5 +93,6 @@
 
     "This subscription reset package does not apply to your subscription": "This subscription reset package does not apply to your subscription",
 
     "Login to :name": "Login to :name",
 
     "Sending frequently, please try again later": "Sending frequently, please try again later",
 
-    "Current product is sold out": "Current product is sold out"
 
+    "Current product is sold out": "Current product is sold out",
 
+    "There are too many password errors, please try again after 30 minutes.": "There are too many password errors, please try again after 30 minutes."
 
 }

+ 2 - 1
resources/lang/zh-CN.json
Ver ficheiro 

@@ -93,5 +93,6 @@
 
     "This subscription reset package does not apply to your subscription": "该订阅重置包不适用于你的订阅",
 
     "Login to :name": "登入到 :name",
 
     "Sending frequently, please try again later": "发送频繁,请稍后再试",
 
-    "Current product is sold out": "当前商品已售罄"
 
+    "Current product is sold out": "当前商品已售罄",
 
+    "There are too many password errors, please try again after 30 minutes.": "密码错误次数过多,请 30 分钟后再试"
 
 }