Provides extended login form with captcha for several sequences failed login attempts.

Installs: 7 515

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 1

Open Issues: 0


1.0.8 2020-07-31 11:58 UTC

This package is auto-updated.

Last update: 2021-05-29 01:13:13 UTC


Build Status SensioLabsInsight


This bundle allows you to use extended login form with captcha when several sequenced failed login attempts received from one IP address.


Step 1

Simply install it via composer:

composer require melk/extended-login-bundle

Step 2

Enable bundle and it's dependencies in the AppKernel:

new Snc\RedisBundle\SncRedisBundle(),
new Gregwar\CaptchaBundle\GregwarCaptchaBundle(),
new Melk\ExtendedLoginBundle\MelkExtendedLoginBundle(),


Gregwar captcha

Gregwar captcha bundle configuration can be found here

Snc redis

General configuration info for snc redis bundle can be found here

Extened login bundle requires snc client configuration, for example:

            type: phpredis
            alias: captcha_login
            dsn: redis://redis/4

Extended login bundle

You can use it without any additional configuration. List of all options with default values:

    client: captcha_login
    max_attempts: 5
    attempts_period: 300 (5 minutes in seconds)
    captcha_period: 1800 (30 minutes in seconds)


Enabling form

Simply change your firewall settings changing form_login to melk_form_login. No additional configuration required:

        captcha_parameter: _captcha

All other options inherited from the basic Symfony form_login

Accessing captcha info

Bundle provides you melk_extended_login.service.captcha_login_service which allows to check if captcha required and get captcha image url:

$captchaLoginService = $container->get('melk_extended_login.service.captcha_login_service');


Authentication Failure Handler

Bundle provides own authentication failure handler, which will return JsonResponse with next keys: success, message and optional captcha (captcha url if captcha required) in case when request sent via AJAX (it is XmlHttpRequest). In all other cases this handler acts as default form login authentication failure handler.