10

I just wanted to say if the user is not active, don't allow to login. I have made the controller as below, I am not sure what I am missing or what else I have to do here to make this work!

<?php
namespace App\Http\Controllers\Auth;

use Illuminate\Auth\Authenticatable;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller{
    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    protected $redirectTo = '/home';

    
    public function __construct()
    {
        $this->middleware($this->guestMiddleware(), ['except' => 'logout']);
    }

    
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|min:6|confirmed',
        ]);
    }

    
    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }

    public function authenticate()
    {
        if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
            // Authentication passed...
            return redirect()->intended('dashboard');
        }
    }

}

My thinking was authenticate() method should do the trick!

miken32
  • 42,008
  • 16
  • 111
  • 154
Abdul
  • 472
  • 1
  • 5
  • 13

5 Answers5

9

The below code worked for my case:

protected function getCredentials(Request $request)
    {
        return [
            'email' => $request->input('email'),
            'password' => $request->input('password'),
            'active' => true
        ];
    }

for Laravel 5.3 need to add following code to LoginController

protected function credentials(Request $request)
    {
        return [
            'email' => $request->input('email'),
            'password' => $request->input('password'),
            'active' => true
        ];
    }
Abdul
  • 472
  • 1
  • 5
  • 13
7

i think you should create method to check if user passed your credentials, here's my suggestion :

protected function getCredentials(Request $request)
{
    return [
        'username' => $request->input('email'),
        'password' => $request->input('password'),
        'active' => true
    ];
}

and your login method:

public function login(Request $request) {
    $this->validate($request,['email' => 'required|email','password' => 'required']);

    if (Auth::guard()->attempt($this->getCredentials($request))){
        //authentication passed
    }

    return redirect()->back();
}

hope you get basic idea.

ishadif
  • 721
  • 2
  • 8
  • 20
  • It works for me in 5.2. Put both function to AuthController.php and put use Illuminate\Support\Facades\Auth; before the class name. – Kabir Hossain Dec 19 '16 at 04:46
0

In LoginController.php file write this function

protected function credentials(Request $request) {

$extraFields = [
  'user_type'=> 'customer',
  'user_entry_status' => 1
];

return array_merge($request->only($this->username(), 'password'), $extraFields);
}
Muhammad Umar
  • 95
  • 1
  • 5
-1

Go to this path : your-project-folder/vendor/laravel/framework/src/illuminate/Foundation/Auth/AuthenticatesUsers.php

$credentials=$request->only($this->loginUsername(), 'password');
$credentials['status'] = '1';
return $credentials;
Ranjita Paul
  • 185
  • 7
-1

Change getCredantials works fine, but it is good practice to let user know, that the account was suspended (credentials are OK, but the account status is not). You can easily override login method in Auth/LoginController.php to your own copy, add your own logic to login process and raise own exception.

in Auth/LoginController.php create login and sendAccountBlocked function

/*load additional classes to LoginController.php*/
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
use Auth;

public function login(Request $request){
  //
  $this->validateLogin($request);
  //
  // If the class is using the ThrottlesLogins trait, we can automatically throttle
  // the login attempts for this application. We'll key this by the username and
  // the IP address of the client making these requests into this application.
  if (method_exists($this, 'hasTooManyLoginAttempts') && $this->hasTooManyLoginAttempts($request)) {
    $this->fireLockoutEvent($request);
    return $this->sendLockoutResponse($request);
  }

  if ($this->attemptLogin($request)) {
    //check user status        
    if (Auth::user()->user_status == 'A') return $this->sendLoginResponse($request);
    // if user_status != 'A' raise exception
    else {
      $this->guard()->logout();
      return $this->sendAccountBlocked($request);
    }
  }

  // If the login attempt was unsuccessful we will increment the number of attempts
  // to login and redirect the user back to the login form. Of course, when this
  // user surpasses their maximum number of attempts they will get locked out.
  $this->incrementLoginAttempts($request);
  return $this->sendFailedLoginResponse($request);
  //
}//

protected function sendAccountBlocked(Request $request){
  throw ValidationException::withMessages([
    $this->username() => ['Your account was suspended.'],
  ]);
}
wiliak
  • 1
  • 1
  • 2
  • 1
    This code bears no relation to the code in the question. How does it answer the (5 year old) question? – miken32 Jan 10 '22 at 16:56
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 11 '22 at 10:06