防止使用Laravel的Auth登录

时间:2019-01-13 09:03:17

标签: php laravel laravel-blade

在某些情况下,我试图阻止用户登录。

我的想法是在使用Laravel的Auth系统后执行一些附加检查。 至于登录/注册和恢复密码系统,一切正常。但是我似乎无法注销用户并在登录页面上显示自定义错误。

我要做的就是在确认用户是否被暂停之后,在“电子邮件地址”字段下显示一条自定义的“您的帐户已被暂停”消息。

enter image description here

我的代码(HomeController)以及我的一些解决方案:

public function index(Request $request)
{
        // After Laravel logs the user through its authentication system
        $user = Auth::user();
        if (!isset($user)) {
            return redirect('/');

        } else {    
            // we perform some checks of our own
            if ($user->suspended != 0) { // suspended by an administrator
                $error = trans('errors_login.SUSPENDED_BY_ADMIN');

               // return redirect()->route('logout', array('error_msg' => $error));

               // return redirect()->route('logout')->withErrors('email','There was an error'); // trying to replace the "email" error


               Auth::logout();

               $error = ['loginError'=> trans('errors_login.SUSPENDED_BY_ADMIN')];
               return view('auth.login', $error);


            }
        }
...

仅说明“登出”路线是什么:

Route::get('/logout', '\App\Http\Controllers\Auth\LoginController@logout');

我正在使用Laravel生成的登录视图:

...

<div class="form-group row">
<label for="email" class="col-md-4 col-form-label text-md-right">E-Mail Address</label>

<div class="col-md-6">
    <input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="email" value="{{ old('email') }}" required autofocus>

    @if ($errors->has('email'))
        <span class="invalid-feedback" role="alert">
            <strong>{{ $errors->first('email') }}</strong>
        </span>
    @endif
</div>

似乎没有任何效果。 我对Laravel还是很陌生,所以我一定想念一些东西。

谢谢。

2 个答案:

答案 0 :(得分:2)

Laravel的默认登录控制器(App\Http\Controller\Auth\LoginController)在后台使用称为AuthenticatesUsers的特征。

因此,每当用户通过身份验证时,它都会在返回登录响应之前调用authenticated()方法,这意味着您可能可以执行以下操作。

App\Http\Controller\Auth\LoginController中添加一个新的authenticated()方法,该方法将覆盖AuthenticatesUsers::authenticated()

protected function authenticated(Request $request, $user)
{
    if ($user->suspended) {
        Auth::logout();

        return back()
            ->with('loginError', trans('errors_login.SUSPENDED_BY_ADMIN'));
    }

    return redirect()->intended($this->redirectPath());
}

答案 1 :(得分:0)

我也是用这个做的:

protected function sendFailedLoginResponse(Request $request)//this will get triggered if the method above (attemptLogin(Request $request))  returns false.
{
    $credentials = [
        'email' => $request['email'],
        'password' => $request['password'],
    ];
    $valid = Auth::attempt($credentials);

    if ($valid == false) { //if user credentials are incorrect
        $errors = [$this->username() => trans('auth.failed')];
         Auth::logout();
        return redirect()->back()
            ->withInput($request->only($this->username(), 'remember'))
            ->withErrors($errors);
    } else { // //if user credentials are correct check additional conditions
        $user = User::where('email', $request->input('email'))->first();
        if ($user->locked == 1) {
            $errors = [$this->username() => trans('auth.locked')];
            Auth::logout();
            throw ValidationException::withMessages([
                $this->username() => [trans('auth.locked')],
            ]);
        } else {
            $errors = [$this->username() => trans('auth.notactivated')];
            Auth::logout();
            return redirect()->back()
                ->withInput($request->only($this->username(), 'remember'))
                ->withErrors($errors);
        }
    }
}

不确定是否足够好,但它也有效。

相关问题
最新问题