class AuthController extends Controller { // use ThrottlesLogins, AuthenticatesAndRegistersUsers; protected $redirectTo = 'admin/index'; protected $loginView = 'admin/login'; protected $guard = 'admin'; protected $redirectAfterLogout = 'admin/login'; protected $maxLoginAttempts = 5; //每分钟最大尝试登录次数 protected $lockoutTime = 600; //登录锁定时间 function __construct() { $this->middleware('guest:admin', ['except' => 'logout']); } protected function validator(array $data) { return Validator::make($data, [ 'username' => 'required|max:255', 'email' => 'required|email|max:255|unique:admin_users', 'password' => 'required|confirmed|min:6', ]); } /** * @param Request $request */ protected function validateLogin(Request $request) { $this->validate($request,[ $this->loginUsername() => 'required', 'password' => 'required', 'captcha' => 'required|captcha' ], [ 'email.required' => '邮箱必须', 'password.required' => '密码必须', 'captcha.captcha' => '验证码错误', 'captcha.required' => '验证码必须', ]); } /** * 重写登录 * @param Request $request * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\Response */ public function login(Request $request) { $this->validateLogin($request); // If the class is using the ThrottlesLogins trait, we can automatically throttle // the login attempts for this application. We'll key this by the username and // the IP address of the client making these requests into this application. $throttles = $this->isUsingThrottlesLoginsTrait(); //dd($this->hasTooManyLoginAttempts($request)); if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) { $this->fireLockoutEvent($request); //日志记录 $this->login_logs(['email'=>$request->input('email'), 'login_ip'=>$request->ip(), 'login_result'=>0, 'comments'=>'限制登录10分钟']); return $this->sendLockoutResponse($request); } $credentials = $this->getCredentials($request); if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) { //日志记录 $this->login_logs(['email'=>$request->input('email'), 'login_ip'=>$request->ip(), 'login_result'=>1, 'comments'=>'登录成功']); return $this->handleUserWasAuthenticated($request, $throttles); } // If the login attempt was unsuccessful we will increment the number of attempts // to login and redirect the user back to the login form. Of course, when this // user surpasses their maximum number of attempts they will get locked out. if ($throttles && ! $lockedOut) { //日志记录 $this->login_logs(['email'=>$request->input('email'), 'login_ip'=>$request->ip(), 'login_result'=>0, 'comments'=>'登录失败']); $this->incrementLoginAttempts($request); } return $this->sendFailedLoginResponse($request); } /** * 登录记录 * @param $data */ private function login_logs ($data) { LoginLog::create($data); } }