Locks user accounts and IP addresses after repeated failed login attempts.
You can install the package via composer:
composer require mralston/lockoutYou can publish and run the migrations with:
php artisan vendor:publish --provider="Mralston\Lockout\LockoutServiceProvider" --tag="lockout-migrations"
php artisan migrateYou can publish the config file with:
php artisan vendor:publish --provider="Mralston\Lockout\LockoutServiceProvider" --tag="lockout-config"This is the contents of the published config file:
return [
'max_attempts_user' => env('MAX_LOGIN_ATTEMPTS_USER', 10),
'max_attempts_ip' => env('MAX_LOGIN_ATTEMPTS_IP', 20),
'lockout_duration_user' => env('LOCKOUT_DURATION_USER', 15 * 60),
'lockout_duration_ip' => env('LOCKOUT_DURATION_IP', 60 * 60 * 24 * 7),
];The package will automatically block a user account or IP address after too many failed attempts within the specified time interval.
MAX_LOGIN_ATTEMPTS_USER determines how many failed logins should be permitted for a specific user before being locked out.
MAX_LOGIN_ATTEMPTS_IP determines how many failed logins should be permitted from a specific IP address before being locked out.
LOCKOUT_DURATION_USER determines how long a user account should be locked for. Set to zero or null for a permanent ban.
LOCKOUT_DURATION_IP determines how long an IP address should be locked for. Set to zero or null for a permanent ban.
A locked user account or IP address can be manually unlocked using the following commands:
php artisan lockout:unlock --user=123
php artisan lockout:unlock [email protected]
php artisan lockout:unlock --ip=1.2.3.5Stale records of failed authentication attempts can be pruned with the following command, which can be run manually or through the scheduler:
php artisan lockout:prunePlease see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.