I\'m currently working on my Laravel app and to prevent spam I decided that only active users are able to login. I\'m currently using Laravel\'s login system just like in La
I check user is actived by overwrite sendLoginResponse function in LoginController
protected function sendLoginResponse(Request $request)
{
if($this->guard()->user()->active == 0){
$this->guard()->logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors(['active' => 'User in not activated.']);
}
$request->session()->regenerate();
$this->clearLoginAttempts($request);
return $this->authenticated($request, $this->guard()->user())
?: redirect()->intended($this->redirectPath());
}
You can use Eloquent scopes: https://laravel.com/docs/5.5/eloquent#query-scopes
like this:
class User extends Authenticatable {
...
/**
* The "booting" method of the model.
*
* @return void
*/
protected static function boot() {
parent::boot();
static::addGlobalScope('scopeActive', function (Builder $builder) {
$builder->where('active', 1);
});
}
...
You don't have to override the whole function. You can just change the Validator in AuthController to achieve that adding "exists:table,column" validation.
Let's assume that you have a users table with email,password and active fields.
'email' => 'exists:users,email,active,1'
Here is the validotor function should look like in AuthController.php
protected function validator(array $data)
{
return Validator::make($data, [
'email' => 'required|email|max:255|exists:users,email,active,1',
'password' => 'required|confirmed'
]);
}
or if you are using soft deletes this should work too.
'email' => 'exists:users,email,deleted_at,NULL'
You can also check out the validation rule at this link http://laravel.com/docs/5.1/validation#rule-exists
In case, you want to keep everything as simple, you can use Laravel built-in feature. It is email verification. I do not guarantee this way would resolve your problem. It is reference in case you didn't know about it before.
Follow the doc at https://laravel.com/docs/7.x/verification, all you have to do are a few steps.
User
model with MustVerifyEmail
<?php
namespace App;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
class User extends Authenticatable implements MustVerifyEmail
{
use Notifiable;
// ...
}
Active the middleware verify
for the routes in web.php
or in controller
You can activate the verification link and verify email
Auth::routes(['verify' => true]);
email_verified_at
column.I often use this built-in feature if I need verification users before allowing it to access the application.
In case anyone is came here looking for information on Laravel 5.4/5.5, and that allows for a custom message just for this scenario (not a combined message) here's the answer for that from https://laracasts.com/discuss/channels/laravel/user-account-status
Override the 'authenticated' method within your'app/Http/Controllers/Auth/LoginController.php` file:
/**
* The user has been authenticated.
*
* @param \Illuminate\Http\Request $request
* @param mixed $user
* @return mixed
*/
protected function authenticated(Request $request, $user)
{
if ($user->status_id == 2) { // or whatever status column name and value indicates a blocked user
$message = 'Some message about status';
// Log the user out.
$this->logout($request);
// Return them to the log in form.
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors([
// This is where we are providing the error message.
$this->username() => $message,
]);
}
}
Laravel 6.6 tested. Overwrite validateLogin
in your LoginController.php
use Illuminate\Http\Request;
use App\User;
use Illuminate\Validation\ValidationException;
......
/**
* Validate the user login request.
*
* @param \Illuminate\Http\Request $request
* @return void
*
* @throws \Illuminate\Validation\ValidationException
*/
protected function validateLogin(Request $request)
{
// Get the user details from database and check if user is exist and active.
$user = User::where('email',$request->email)->first();
if( $user && !$user->activation){
throw ValidationException::withMessages([$this->username() => __('User has been desactivated.')]);
}
// Then, validate input.
return $request->validate([
$this->username() => 'required|string',
'password' => 'required|string',
]);
}