发表新帖
发表新帖

Login only if user is active using Laravel

前端 未结
关注
19 1581
孤城傲影
孤城傲影 2020-11-30 23:26

I\'m currently working on my Laravel app and to prevent spam I decided that only active users are able to login. I\'m currently using Laravel\'s login system just like in La

相关标签:
19条回答
  • 無奈伤痛
    2020-11-30 23:52

    I check user is actived by overwrite sendLoginResponse function in LoginController

    protected function sendLoginResponse(Request $request)
{
    if($this->guard()->user()->active == 0){
        $this->guard()->logout();
        return redirect()->back()
            ->withInput($request->only($this->username(), 'remember'))
            ->withErrors(['active' => 'User in not activated.']);
    }

    $request->session()->regenerate();

    $this->clearLoginAttempts($request);

    return $this->authenticated($request, $this->guard()->user())
            ?: redirect()->intended($this->redirectPath());
}
    0 讨论(0)
  • 臣服心动
    2020-11-30 23:52

    You can use Eloquent scopes: https://laravel.com/docs/5.5/eloquent#query-scopes

    like this:

    class User extends Authenticatable {
...
/**
     * The "booting" method of the model.
     *
     * @return void
     */
    protected static function boot() {
        parent::boot();

        static::addGlobalScope('scopeActive', function (Builder $builder) {
            $builder->where('active', 1);
        });
    }
...
    0 讨论(0)
  • 难免孤独
    2020-11-30 23:53

    You don't have to override the whole function. You can just change the Validator in AuthController to achieve that adding "exists:table,column" validation.

    Let's assume that you have a users table with email,password and active fields.

    'email' => 'exists:users,email,active,1'

    Here is the validotor function should look like in AuthController.php

    protected function validator(array $data)
{
    return Validator::make($data, [
        'email' => 'required|email|max:255|exists:users,email,active,1',
        'password' => 'required|confirmed'
    ]);
}

    or if you are using soft deletes this should work too.

    'email' => 'exists:users,email,deleted_at,NULL'

    You can also check out the validation rule at this link http://laravel.com/docs/5.1/validation#rule-exists

    0 讨论(0)
  • 自闭症患者
    2020-11-30 23:54

    In case, you want to keep everything as simple, you can use Laravel built-in feature. It is email verification. I do not guarantee this way would resolve your problem. It is reference in case you didn't know about it before.

    Follow the doc at https://laravel.com/docs/7.x/verification, all you have to do are a few steps.

    1. Implementation of the User model with MustVerifyEmail
    <?php

namespace App;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

class User extends Authenticatable implements MustVerifyEmail
{
    use Notifiable;

    // ...
}

    1. Active the middleware verify for the routes in web.php or in controller

    2. You can activate the verification link and verify email

    Auth::routes(['verify' => true]);
    1. Make sure the user migration has included email_verified_at column.

    I often use this built-in feature if I need verification users before allowing it to access the application.

    0 讨论(0)
  • 粉色の甜心
    2020-11-30 23:55

    In case anyone is came here looking for information on Laravel 5.4/5.5, and that allows for a custom message just for this scenario (not a combined message) here's the answer for that from https://laracasts.com/discuss/channels/laravel/user-account-status

    Override the 'authenticated' method within your'app/Http/Controllers/Auth/LoginController.php` file:

    /**
 * The user has been authenticated.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  mixed  $user
 * @return mixed
 */
protected function authenticated(Request $request, $user)
{
    if ($user->status_id == 2) { // or whatever status column name and value indicates a blocked user

        $message = 'Some message about status';

        // Log the user out.
        $this->logout($request);

        // Return them to the log in form.
        return redirect()->back()
            ->withInput($request->only($this->username(), 'remember'))
            ->withErrors([
                // This is where we are providing the error message.
                $this->username() => $message,
            ]);
    }
}
    0 讨论(0)
  • 醉酒成梦
    2020-11-30 23:56

    Laravel 6.6 tested. Overwrite validateLogin in your LoginController.php

    use Illuminate\Http\Request;
use App\User;
use Illuminate\Validation\ValidationException;

    ......

    /**
 * Validate the user login request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return void
 *
 * @throws \Illuminate\Validation\ValidationException
 */
protected function validateLogin(Request $request)
{
    // Get the user details from database and check if user is exist and active.
    $user = User::where('email',$request->email)->first();
    if( $user && !$user->activation){
        throw ValidationException::withMessages([$this->username() => __('User has been desactivated.')]);
    }

    // Then, validate input.
    return $request->validate([
        $this->username() => 'required|string',
        'password' => 'required|string',
    ]);
}
    0 讨论(0)
 看不清?
提交回复
热议问题