[yii2] Show captcha after failed login attempt

bardimin pic

Written by Bardimin

On April 18, 2021
Home » Blogs » Technology » [yii2] Show captcha after failed login attempt

If you have a login page that can be reached over the , at some point that page will be attacked. The reason for this is that it is very easy for an attacker to do so.

Brute force attacks are attempts to gain access to an account by guessing the username and used. Brute force attack is actually an old technique in cybercrime. However, it is still widely used because it is considered still effective.

One way to secure a website from brute force attacks is to use a (Completely Automated Public Test to Tell Computers and Humans Apart). In this tutorial, we will learn to activate captcha after the user fails to login. For how to create a you can read on [yii2]Create a Login Form with Captcha.

Steps to activate captcha after user fails to login:

1. Add captcha fields and validation rules to models/LoginForm.php

class LoginForm extends Model
{
    .............
    .............
    public $verifyCode;
    .............
  
    public function rules()
    {
        return [
            .............
            .............
  
            ['verifyCode', 'required', 'when'=>function(){return $this->loginFailed;}],
            ['verifyCode', 'captcha', 'when'=>function(){return $this->loginFailed;}],
              
            .............
            .............
        ];
    }
 
    public function validatePassword($attribute, $params)
    {
        if (!$this->hasErrors()) {
            .............
            if (!$user || !$user->validatePassword($this->password)) {
 
                Yii::$app->session->set('_loginAttempts', Yii::$app->session->get('_loginAttempts', 0)+1);
 
                .............
            }
        }
    }   
     
    //Check number login failed
    public function getLoginFailed()
    {
        return Yii::$app->session->get('_loginAttempts', 0) > 3;
    }
     
    .............
    .............   
}

2. Add widgets to views/site/login.php

.............
.............
 
<div class="site-login">
    .............
    .............
 
    <div class="row">
        <div class="col-lg-5">
            <?php $form = ActiveForm::begin(['id' => 'login-form']); ?>
 
                .............
                .............
 
                <?php
                if($model->loginFailed){
                    echo $form->field($model, 'verifyCode')->widget(\yii\captcha\Captcha::class);
                }
                ?>
 
                .............
                .............
     
            <?php ActiveForm::end(); ?>
        </div>
    </div>
</div>

3. Add action to the controller/SiteController.php

For captchas to work, you'll need to add an action captcha to controllers/SiteController.php. Maybe the action already exists because the standard Yii2 app template adds it automatically.

.............
.............
  
class SiteController extends Controller
{
    .............
    .............
      
    public function actions()
    {
        return [
            .............
            .............
              
            'captcha' => [
                'class' => 'yii\captcha\CaptchaAction',
            ],
            .............
            .............
        ];
    }
      
    .............
    .............   
}

Latest Articles

Basic Computer and Laptop Maintenance Techniques

Basic Computer and Laptop Maintenance Techniques

You may not realize it, but computers and cars have something in common, both requiring regular maintenance. If your car needs regular oil changes, your computer should also regularly update its software, keep its antivirus up to date, and check for spyware....

The desktop version of ChatGPT for Windows, Linux, and Mac

The desktop version of ChatGPT for Windows, Linux, and Mac

Do you know what ChatGPT is? Do you know how to get and install ChatGPT on your device? ChatGPT is fast becoming one of the most important inventions in the world of natural language processing. You can use it to generate human-like responses based on your input. You...

24 Pinout Voltage at ATX Power Supply to the Motherboard

24 Pinout Voltage at ATX Power Supply to the Motherboard

The Power Supply converts alternating current (AC) power into low-voltage controlled direct current (DC). Some Power Supply devices include a choice of manual input voltages, while others automatically adjust. The Power Supply converts the voltage from the power line...

Google Chrome – Open Bookmarks to a New Tab By Default

Google Chrome – Open Bookmarks to a New Tab By Default

Bookmarks are shortcuts to open website pages that you have saved for you to visit again later. Have you ever visited a website page that is quite interesting and you want to visit it again later? Considering the address of a website page is certainly difficult,...

x