6

I am new to Laravel and have been fairly successful in implementing user authentication. Now to move on to the next step I must allow only users whose status in active to login. For that I have added a

status TINYINT

column in my mysql users table.

I found this in the Laravel Documentation:

Specifying Additional Conditions

If you wish, you may also add extra conditions to the authentication query in addition to the user's e-mail and password. For example, we may verify that user is marked as "active":

if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
// The user is active, not suspended, and exists.
}

Can someone please point out where I need to put this chunk. Am thoroughly confused and need some pointers.

Thanks

Debajeet Choudhury
  • 389
  • 2
  • 5
  • 9

6 Answers6

14

Have this on your LoginController:

protected function credentials(Request $request)
{        
   return ['username' => $request->{$this->username()}, 'password' => $request->password, 'status' => 1];
}
kapitan
  • 2,008
  • 3
  • 20
  • 26
  • `Symfony \ Component \ Debug \ Exception \ FatalThrowableError (E_RECOVERABLE_ERROR) Argument 1 passed to App\Http\Controllers\Auth\LoginController::credentials() must be an instance of App\Http\Controllers\Auth\Request, instance of Illuminate\Http\Request given, called in /Library/WebServer/Documents/transport/www/vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php on line 81` – Debajeet Choudhury Dec 14 '18 at 14:22
  • 2
    My bad forgot to include `use Illuminate\Http\Request;` – Debajeet Choudhury Dec 14 '18 at 14:23
  • Accepted for the simplicity of the solution. Kudos and thanks – Debajeet Choudhury Dec 14 '18 at 14:25
4

You just take user status and check user status is true or false. You can take status using Auth::User()->status from auth session. Try this. 

 if(Auth::attempt(['email'=>$request->email,'password'=>$request->password])){
                $userStatus = Auth::User()->status;
                if($userStatus=='1') {
                    return redirect()->intended(url('/dashboard'));
                }else{
                    Auth::logout();
                    Session::flush();
                    return redirect(url('login'))->withInput()->with('errorMsg','You are temporary blocked. please contact to admin');
                }
            }
            else {

                return redirect(url('login'))->withInput()->with('errorMsg','Incorrect username or password. Please try again.');
            }
Jasim Juwel
  • 736
  • 8
  • 19
3

Just simply put this code in your App\Auth\LoginController or elsewhere where you have your LoginController located.

public function authenticate(Request $request)
{
    $credentials = $request->only('email', 'password');

    if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
        // Authentication passed...
        return redirect()->intended('dashboard');
    }
}

with this code you are overriding default authenticate function

Malkhazi Dartsmelidze
  • 4,783
  • 4
  • 16
  • 40
  • Am yet to try it out but your answer seems to make sense. My only concern is that I am redirecting the user to different dashboard base on a level field. For that I am using: `public function redirectTo() { $user = Auth::user(); $level = $user->level; if($level == 0) { return '/home/super'; } elseif($level == 1) { return '/home/accountant'; } else { return '/home/branch'; }` How do I handle this redirection? – Debajeet Choudhury Dec 14 '18 at 13:54
  • if You are redirecting it in different location you can place `protected $redirectTo = '/';` in your LoginController. – Malkhazi Dartsmelidze Dec 14 '18 at 13:56
1

Add this to your LoginController:

protected function credentials(Request $request)
{        
    return [$this->username() => $request->{$this->username()}, 'password' => $request->password, 'active' => 1];
}
Headway
  • 55
  • 6
0

Add below method in

app\Http\Controllers\Auth\LoginController.php

and it would extend

AuthenticatesUsers trait

validateLogin method. So basically, it would check for your active clause as well. 

protected function validateLogin(Request $request)
    {
        $this->validate($request, [
            $this->username() => [
                'required',
                Rule::exists('users')->where(function ($query) {
                    $query->where('active', 1);
                }),
            ],
            'password' => 'required'
        ]);
    }

OR

Place your required code in app\Http\Controllers\Auth\LoginController.php

public function authenticate(Request $request)
{
    if (Auth::attempt(['email' => $request->email, 'password' => $request->password, 'active' => 1])) {
        // The user is active, not suspended, and exists.
    }
}
Muhammad Usama
  • 151
  • 1
  • 13
0

You can override authenticated() method in your App\Http\Controllers\Auth\LoginController.php like so:

protected function authenticated(Request $request, $user)
{
   if(!$user->active) {
       Auth::logout();
       abort(403);
   };
}

Do note it's quick but not very "Laravely" solution. Sloppy.

Enis P. Aginić
  • 935
  • 8
  • 9