How to protect Laravel reset password from multiple fast clicks
During implementing user registration and user activation process in Laravel, I encountered a problem!
If the user clicks fast multiple times on the reset password button or the resend activation code button, he gets lots of emails at the same time.
This can happen due to two scenarios:
1. User is so stupid and wants to do something silly with our app or misuse!
2. There is a real user but the server is slow at that time and after the first click the user thinks “he may not have submitted the form” and click the button again and again!
Even I checked it in spark and tried to reset my password with multiple fast clicks. It seems having the same problem!
When a reset password link is requested, a record in the password_resets table will be generated. If the user uses the reset link (sent to his email), the record will be deleted. If the user does not use the link but continues to request the password reset, the record will be deleted and created again.
So I targeted the ForgotPasswordController and inserted in it the sendResetLinkEmail() getting from the SendsPasswordResetEmails trait.
I modified sendResetLinkEmail(Request $request) as follows to consider the time period between each two consecutive requests.
In sendResetLinkEmail(Request $request) just after :
I put these logics:
and did not change anything else. Meanwhile, I set 60 seconds as the interval time for two accepted requests. You can change it as you prefer.
To improve the solution, it is better to bring more generic, middleware based solution to prevent a single form from being submitted multiple times.
I intend to share my experience relating to Laravel framework. Any suggestions for a better solution is most welcome.
Thank you for reading! If you enjoyed this article clap it !
Panjeh — Medium
Read writing from Panjeh on Medium. Physicists PhD, Self-taught web developer #Learning, #laravelphp #Vuejs. Every day…
Also I’d like to hear your opinion on this article. If you have any doubt, question or suggestion please leave a comment below.
Have a very wonderful day!
Previous Stories You will Love:
Laravel call named routes in console internally php artisan command
How to call Laravel routes internally php artisan command
Telegram Bot Packages libraries Examples in Laravel, PHP, Node.js, Python, Java, Ruby, Swift, C++
If you want to learn more about Telegram bots, This Introduction to Bots would be a good guide to start.
Laravel Auth::routes() Email verification Reset password Authentication Registration routes
Auth::routes() is a helper class that helps you generate all the routes required for user authentication
Laravel eloquent model increment with or without updating timestamps
Problem: You may need to increment a field in a record of a table (Laravel Model) and do not want update the updated_at…
Laravel validation username no space allowed alpha_dash or regex custom rule
If you want to restrict the username in Laravel to only accept letters, numbers, dashes and underscores and not space…
Laravel delete queued jobs using redis horizon artisan command
The question is how to delete all jobs which are queued in Laravel when you are using redis as the Queue driver.
Laravel detector mobile browser name version platform device robot crawler user language
Laravel define global constants Config php file
If you look at the main Laravel directory you can find these subdirectories:
Laravel session flash message include html tag link href
In Laravel you may insert a or strong tags into the flash message deliver to the session.
Laravel 502 Bad Gateway when starting Laravel Valet — Simple solution
The first solution is here: