protected UserAuthenticationController::getLoginFloodIdentifier(Request $request, $username)
Gets the login identifier for user login flood control.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The current request.
string $username: The username supplied in login credentials.
Return value
string The login identifier or if the user does not exist an empty string.
File
- core/modules/user/src/Controller/UserAuthenticationController.php, line 325
Class
- UserAuthenticationController
- Provides controllers for login, login status and logout via HTTP requests.
Namespace
Drupal\user\Controller
Code
protected function getLoginFloodIdentifier(Request $request, $username) { $flood_config = $this->config('user.flood'); $accounts = $this->userStorage->loadByProperties(['name' => $username, 'status' => 1]); if ($account = reset($accounts)) { if ($flood_config->get('uid_only')) { // Register flood events based on the uid only, so they apply for any // IP address. This is the most secure option. $identifier = $account->id(); } else { // The default identifier is a combination of uid and IP address. This // is less secure but more resistant to denial-of-service attacks that // could lock out all users with public user names. $identifier = $account->id() . '-' . $request->getClientIp(); } return $identifier; } return ''; }
Please login to continue.