Joko/order_gizi
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: Joko:production
Branches Tags
Joko:production
Joko:main
Joko:new_version
Joko:development
Joko:real_time
Joko:test
..
compare: Joko:main
Branches Tags
Joko:production
Joko:main
Joko:new_version
Joko:development
Joko:real_time
Joko:test

1 Commits
production ... main

Author SHA1 Message Date
Joko
8c8863ec9a Merge pull request 'production' (#20) from production into main 
Reviewed-on: #20
 2026-05-05 07:59:15 +00:00
2 changed files with 76 additions and 57 deletions
Show Stats Expand all files Collapse all files

125
app/Http/Controllers/AuthController.php
View File

@ -5,17 +5,51 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\RateLimiter;
class AuthController extends Controller
{
private int $captchaTtlSeconds = 120;
private int $loginDecaySeconds = 60;
private int $maxLoginAttempts = 10;
public function index(){
private function generateCaptchaCode(int $length = 6): string
{
// Avoid ambiguous chars: 0,O,1,I,l
$chars = '23456789ABCDEFGHJKLMNPQRSTUVWXYZ';
$out = '';
$max = strlen($chars) - 1;
for ($i = 0; $i < $length; $i++) {
$out .= $chars[random_int(0, $max)];
}
return $out;
}
private function refreshCaptcha(): string
{
$captcha = $this->generateCaptchaCode(6);
session(['login_captcha' => $captcha]);
session([
'login_captcha' => $captcha,
'login_captcha_created_at' => now()->getTimestamp(),
]);
return $captcha;
}
private function ensureCaptchaValid(): void
{
$createdAt = (int) session('login_captcha_created_at', 0);
$expired = $createdAt <= 0 || (now()->getTimestamp() - $createdAt) > $this->captchaTtlSeconds;
if ($expired || (string) session('login_captcha', '') === '') {
$this->refreshCaptcha();
}
}
public function index(){
$this->refreshCaptcha();
$data = [
'title' => 'Login Admin | Order Gizi',
'title' => 'Login Admin | Order Gizi'
];
return view('auth.index', $data);
}
@ -35,30 +69,25 @@ class AuthController extends Controller
$now = time();
$rateKey = 'login:' . $request->ip() . ':' . strtolower((string) $request->input('username'));
$windowSeconds = 60;
$maxAttempts = 10;
$attempts = (array) $request->session()->get($rateKey, []);
$attempts = array_values(array_filter($attempts, fn($ts) => is_int($ts) && $ts > ($now - $windowSeconds)));
if(count($attempts) >= $maxAttempts){
return back()->withInput($request->only('username'))
->with(['alertError' => 'rate']);
}
$backoffKey = $rateKey . ':backoff_until';
$until = (int) $request->session()->get($backoffKey, 0);
if($until > $now){
return back()->withInput($request->only('username'))
->with(['alertError' => 'backoff']);
if (RateLimiter::tooManyAttempts($rateKey, $this->maxLoginAttempts)) {
return back()
->withInput($request->only('username'))
->with(['alertError' => 'rate']);
}
$this->ensureCaptchaValid();
$expectedCaptcha = (string) session('login_captcha', '');
$givenCaptcha = strtoupper(preg_replace('/\s+/', '', (string) $request->input('captcha', '')));
if($expectedCaptcha === '' || !hash_equals(strtoupper($expectedCaptcha), (string) $givenCaptcha)){
return back()->withInput($request->only('username'))
->with(['alertError' => 'captcha']);
if ($expectedCaptcha === '' || !hash_equals(strtoupper($expectedCaptcha), (string) $givenCaptcha)) {
RateLimiter::hit($rateKey, $this->loginDecaySeconds);
$this->refreshCaptcha();
return back()
->withInput($request->only('username'))
->with(['alertError' => 'captcha']);
}
// One-time use
$request->session()->forget('login_captcha');
$request->session()->forget('login_captcha_created_at');
// IMPORTANT: only pass auth credentials to Auth::attempt
// (do not include captcha / honeypot fields, otherwise Laravel will query non-existent columns)
@ -69,18 +98,13 @@ class AuthController extends Controller
if(Auth::attempt($credentials)){
$request->session()->regenerate();
$request->session()->forget($rateKey);
$request->session()->forget($backoffKey);
RateLimiter::clear($rateKey);
return redirect()->intended('/dashboard');
}
// record failed attempt
$attempts[] = $now;
$request->session()->put($rateKey, $attempts);
// set exponential backoff (1,2,4,8,16,30 seconds max) based on failures in window
$failCount = count($attempts);
$delay = min(30, (int) pow(2, max(0, $failCount - 1)));
$request->session()->put($backoffKey, $now + $delay);
RateLimiter::hit($rateKey, $this->loginDecaySeconds);
$this->refreshCaptcha();
return back()->with(['alertError' => 'Gagal Login!']);
}
@ -92,26 +116,27 @@ class AuthController extends Controller
return redirect('/login');
}
public function captcha(){
public function captcha(Request $request){
$this->ensureCaptchaValid();
$captcha = (string) session('login_captcha', '');
if($captcha === ''){
$captcha = $this->generateCaptchaCode(6);
session(['login_captcha' => $captcha]);
}
if(!function_exists('imagecreatetruecolor')){
return response('GD extension is not available', Response::HTTP_INTERNAL_SERVER_ERROR)->header('Content-Type', 'text/plain');
if (!function_exists('imagecreatetruecolor')) {
return response('GD extension is not available', Response::HTTP_INTERNAL_SERVER_ERROR)
->header('Content-Type', 'text/plain');
}
$width=140;
$height=44;
$width = 140;
$height = 44;
$img = imagecreatetruecolor($width, $height);
$bg = imagecolorallocate($img, 245, 247, 250);
$fg = imagecolorallocate($img, 35, 45, 70);
$noise = imagecolorallocate($img, 120, 130, 150);
imagefilledrectangle($img, 0, 0, $width, $height, $bg);
for($i = 0; $i < 6; $i++){
// noise lines
for ($i = 0; $i < 6; $i++) {
imageline(
$img,
random_int(0, $width),
@ -122,13 +147,15 @@ class AuthController extends Controller
);
}
for($i = 0; $i < 180; $i++){
// noise dots
for ($i = 0; $i < 180; $i++) {
imagesetpixel($img, random_int(0, $width - 1), random_int(0, $height - 1), $noise);
}
// draw text (built-in font to avoid font dependency)
$font = 5;
$textWidth = imagefontwidth($font) * strlen($captcha);
$textHeight = imagefontwidth($font);
$textHeight = imagefontheight($font);
$x = (int) (($width - $textWidth) / 2);
$y = (int) (($height - $textHeight) / 2);
imagestring($img, $font, $x, $y, $captcha, $fg);
@ -137,17 +164,9 @@ class AuthController extends Controller
imagepng($img);
$png = ob_get_clean();
imagedestroy($img);
return response($png, 200)->header('Content-Type', 'image/png')->header('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0');
}
public function generateCaptchaCode(int $length = 6): string
{
$chars = '23456789ABCDEFGHJKLMNPQRSTUVWXYZ';
$out = '';
$max = strlen($chars) - 1;
for ($i = 0; $i < $length; $i++){
$out .= $chars[random_int(0, $max)];
}
return $out;
return response($png, 200)
->header('Content-Type', 'image/png')
->header('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0');
}
}

8
resources/views/auth/index.blade.php
View File

@ -60,12 +60,12 @@
<p class="mb-4">Please sign-in to your account</p>
@if (session()->has('alertError'))
<div class="alert alert-danger fw-bold" role="alert">
@if(session('alertError') === 'rate')
@if(session('alertError') === 'captcha')
Captcha salah!
@elseif(session('alertError') === 'rate')
Terlalu banyak percobaan login. Coba lagi dalam 1 menit.
@elseif(session('alertError') === 'backoff')
Mohon tunggu beberapa detik sebelum mencoba lagi.
@elseif(session('alertError') === 'captcha')
Captcha tidak sesuai
@else
Username atau password salah!
@endif
@ -100,7 +100,7 @@
<span class="input-group-text cursor-pointer"><i class="bx bx-hide"></i></span>
</div>
</div>
<div class="mb-4">
<div class="mb-4">
<label class="form-label">Captcha</label>
<div class="d-flex align-items-center gap-2">
<img