I'm curently completing my job, but my client is requested more feature on managing users, like suspending an account, or freezing an account, I'm very sure it can be done easily with this : https://laravel.com/docs/5.4/authentication#authenticating-users, but I'm already using default php artisan make:auth Authentication. My question is, It's posible to add more check while user logging in like, if active == true or something like that? Thanks!
Add a comment
|
3 Answers
In laravel 5.4, You can use authenticated post login hook of AuthenticatesUsers to do your custom validation.
protected function authenticated( Request $request, $user ) {
if($user->active){
return redirect()->intended($this->redirectPath());
}
$this->guard()->logout();
$request->session()->flush();
$request->session()->regenerate();
return redirect()->back()
->withInput($request->except('password'))
->withError('Please activate your account.')
}
8 Comments
Rizal Fakhri
I don't know why I'm interested to this answer than another one, But Where should I put the code you gave? On the LoginController??
Pankit Gami
Yes. Check your
LoginController, there must be use AuthenticatesUsers statement. So you are just overriding the authenticated method of AuthenticatesUsers trait.Rizal Fakhri
I paste whole code you gave into the LoginController , But no different User still can login even active is false :/
Pankit Gami
@RizalFakhri What is your database field for active flag?
Rizal Fakhri
Solved with:
$errors->has() and $errors->first() Thanks for your help :D |
you can over ride the existing login function by your own like this:
public function postLogin(Request $request)
{
$this->validate($request, [
'email' => 'required|email', 'password' => 'required',
]);
$credentials = $this->getCredentials($request);
// This section is the only change
if (Auth::validate($credentials)) {
$user = Auth::getLastAttempted();
if ($user->active) {
Auth::login($user, $request->has('remember'));
return redirect()->intended($this->redirectPath());
} else {
return redirect($this->loginPath()) // Change this to redirect elsewhere
->withInput($request->only('email', 'remember'))
->withErrors([
'active' => 'You must be active to login.'
]);
}
}
return redirect($this->loginPath())
->withInput($request->only('email', 'remember'))
->withErrors([
'email' => $this->getFailedLoginMessage(),
]);
}
And you can also do modifications as per your need.
Thanks
3 Comments
Pankit Gami
In laravel 5.4, there is no
postLogin method.
Sagar Arora
@PankitGami you can create your your own /login route and then use this method to login user
Pankit Gami
Yup definetly we can but than we won't get throttle restriction and all that. Login method of laravel comes with Throttling and other checks. I suggest to use
authenticated hook of AuthenticatesUsers trait.Put this functions in your LoginController
public function postLogin(Request $request)
{
$credentials = $request->only('email', 'password');
$user=User::whereEmail($credentials['email'] )->first();
if (!empty($user) && $user->active) {
if (Auth::attempt($credentials)) {
return redirect()->intended($this->redirectPath());
} else {
return redirect($this->loginPath())
->withInput($request->only('email', 'remember'))
->withErrors(['email' => $this->getFailedLoginMessage()]
);
}
} else {
return redirect($this->loginPath())
->withInput($request->only('email', 'remember'))
->withErrors(['email' => $this->getFailedLoginMessage()]
);
}
}
public function loginPath()
{
return property_exists($this, 'loginTo') ? $this->redirectTo : '/login';
}
protected function getFailedLoginMessage()
{
return Lang::has('auth.failed')
? Lang::get('auth.failed')
: 'set here your custom message.';
}
