LoginAttempts plugin for CakePHP

Requirements

• CakePHP >= 3.5
• (Optional) CakePHP Authentication plugin 1.x

Installation

You can install this plugin into your CakePHP application using composer.

The recommended way to install composer packages is:

composer require nojimage/cakephp-login-attempts

Load plugin

(CakePHP >= 3.6.0) Load the plugin by adding the following statement in your project's src/Application.php:

$this->addPlugin('LoginAttempts');

(CakePHP <= 3.5.x) Load the plugin by adding the following statement in your project's config/bootstrap.php file:

Plugin::load('LoginAttempts');

Create table

run migration command:

bin/cake migrations migrate -p LoginAttempts

Usage

Use LoginAttempts.Form authenticator instead of Form.

        $this->loadComponent('Auth', [
            'authenticate' => [
                'LoginAttempts.Form' => [
                    'fields' => ['username' => 'email'],
                    'attemptLimit' => 5,
                    'attemptDuration' => '+5 minutes',
                ],
            ],
        ]);

If use are using Authentication plugin:

        $service->loadAuthenticator('LoginAttempts.Form', [
            'fields' => ['username' => 'email'],
            'attemptLimit' => 5,
            'attemptDuration' => '+5 minutes',
        ]);

LoginAttempts.Form Options

attemptLimit

If the num of login failures of the user exceeds attemptLimit during attemptDuration, the user's login is not permitted.

default: 5

attemptDuration

If the num of login failures of the user exceeds attemptLimit during attemptDuration, the user's login is not permitted.

default: '+5 minutes'

attemptAction

The number of attempts is stored separately for this key. Use when there are multiple login forms and you want to set restrictions separately.

default: 'login'

attemptsStorageModel

A model used for logging a failure login and check count of failure login.

default: 'LoginAttempts.Attempts'