protected UserAuthenticationController::floodControl(Request $request, $username)
Enforces flood control for the current login request.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The current request.
string $username: The user name sent for login credentials.
File
- core/modules/user/src/Controller/UserAuthenticationController.php, line 293
Class
- UserAuthenticationController
- Provides controllers for login, login status and logout via HTTP requests.
Namespace
Drupal\user\Controller
Code
protected function floodControl(Request $request, $username) { $flood_config = $this->config('user.flood'); if (!$this->flood->isAllowed('user.failed_login_ip', $flood_config->get('ip_limit'), $flood_config->get('ip_window'))) { throw new AccessDeniedHttpException('Access is blocked because of IP based flood prevention.', NULL, Response::HTTP_TOO_MANY_REQUESTS); } if ($identifier = $this->getLoginFloodIdentifier($request, $username)) { // Don't allow login if the limit for this user has been reached. // Default is to allow 5 failed attempts every 6 hours. if (!$this->flood->isAllowed('user.http_login', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) { if ($flood_config->get('uid_only')) { $error_message = sprintf('There have been more than %s failed login attempts for this account. It is temporarily blocked. Try again later or request a new password.', $flood_config->get('user_limit')); } else { $error_message = 'Too many failed login attempts from your IP address. This IP address is temporarily blocked.'; } throw new AccessDeniedHttpException($error_message, NULL, Response::HTTP_TOO_MANY_REQUESTS); } } }
Please login to continue.