Use the correct env variables in config/auth.php file. (#9048)

app/Http/Controllers/Auth/LoginController.php

@@ -189,8 +189,8 @@ class LoginController extends Controller
             return redirect()->back()->withInput()->withErrors($validator);
         }
 
-        $this->maxLoginAttempts = config('auth.throttle.max_attempts');
+        $this->maxLoginAttempts = config('auth.passwords.users.throttle.max_attempts');
-        $this->lockoutTime = config('auth.throttle.lockout_duration');
+        $this->lockoutTime = config('auth.passwords.users.throttle.lockout_duration');
 
         if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
             $this->fireLockoutEvent($request);
@@ -452,8 +452,8 @@ class LoginController extends Controller
      */
     protected function hasTooManyLoginAttempts(Request $request)
     {
-        $lockoutTime = config('auth.throttle.lockout_duration');
+        $lockoutTime = config('auth.passwords.users.throttle.lockout_duration');
-        $maxLoginAttempts = config('auth.throttle.max_attempts');
+        $maxLoginAttempts = config('auth.passwords.users.throttle.max_attempts');
 
         return $this->limiter()->tooManyAttempts(
             $this->throttleKey($request),

config/auth.php

@@ -103,7 +103,10 @@ return [
             'email' => 'auth.emails.password',
             'table' => 'password_resets',
             'expire' => env('RESET_PASSWORD_LINK_EXPIRES', 900),
-            'throttle' => env('LOGIN_MAX_ATTEMPTS', 60),
+            'throttle' => [
+                'max_attempts' => env('LOGIN_MAX_ATTEMPTS', 5),
+                'lockout_duration' => env('LOGIN_LOCKOUT_DURATION', 60)
+            ],
         ],
     ],