This tool designed for simple limiting some user requests. It makes it easy to add some protection from DB ddos or bruteforce attack.
1: install via composer
composer require ircop/antiflood
2: add service provider to providers array in config/app.php:
Ircop\Antiflood\AntifloodServiceProvider::class,
3: add facade alias to aliases array in config/app.php:
'Antiflood' => Ircop\Antiflood\Facade\Antiflood::class,
Checking for record existance with given ident.
Ident can be ip-address, login, anything unique.
$maximum - is maximum allowed value for this ident. Default is 1.
\Antiflood::check( $ident, $maximum = 1 );
// Or with IP identity
\Antiflood::checkIP( $maximum = 1 );Putting record for given ident on given $minutes:
\Antiflood::put( $ident, $minutes = 10 );
// Or with IP identity
\Antiflood::putIP( $minutes = 10 );This example limiting wrong login attempts from one ip-address to 5 tryes per 20 minutes:
public function postLogin()
{
$key = $_SERVER['REMOTE_ADDR'];
// If this ip has >= 5 failed login attempts in last 20 minutes, redirect user
// back with error:
if( \Antiflood::check( $key, 5 ) === FALSE )
return redirect()->back()->withErrors(['Too many login attempts! Try again later.']);
// ....
// ....
// ....
// After failed login put user ipaddr to antiflood cacte on 20 min.
// If there is no records with this ident, record will be added with value=1, else
// it will be increased.
\Antiflood::put( $key, 20 );
}
This code shows how to limit some functions like email, etc. to prevend flood from our server, for example.
public function postPasswordRecover()
{
$key = \Input::get('email');
if( \Antiflood::check( $key ) === FALSE )
return redirect()->back()->withErrors(['.....']);
// ....
// ....
// ....
\Antiflood::put( $key, 20 );
}