Support the ongoing development of Laravel.io →
Authentication Security Input
Last updated 4 months ago.
0

So i realized that when attempting to add extra parameter requirement to check if user is active or not I had to do

attempt then logout if account was not active

the auth::attempt doesn't provide isactive check......

so to get it working i added the comment and code below

<?php namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\Registrar;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request;
class AuthController extends Controller {

	/*
	|--------------------------------------------------------------------------
	| Registration & Login Controller
	|--------------------------------------------------------------------------
	|
	| This controller handles the registration of new users, as well as the
	| authentication of existing users. By default, this controller uses
	| a simple trait to add these behaviors. Why don't you explore it?
	|
	*/

	use AuthenticatesAndRegistersUsers;

	/**
	 * Create a new authentication controller instance.
	 *
	 * @param  \Illuminate\Contracts\Auth\Guard  $auth
	 * @param  \Illuminate\Contracts\Auth\Registrar  $registrar
	 * @return void
	 */
	public function __construct(Guard $auth, Registrar $registrar)
	{
		$this->auth = $auth;
		$this->registrar = $registrar;

		$this->middleware('guest', ['except' => 'getLogout']);
	}
	
	public function postLogin(Request $request)
	{
		$this->validate($request, [
			'email' => 'required', 'password' => 'required',
		]);

		$credentials = $request->only('email', 'password');

		if ($this->auth->attempt($credentials, $request->has('remember') ) )
		{
			 
			if($this->auth->User()->active == 1)
			{
				return redirect()->intended($this->redirectPath());
			}
			else
			{
				//have to log out since our data is cached and we're already logged in but we find the account is inactive !
				$this->auth->logout();
				//now we are logged out, we can redirect with message we want, if we did not log out the middleware recognize us as NON GUEST account !
				return redirect('/auth/login')->withInput($request->only('email'))->withErrors(['email' => 'Your Account is not active',]); 
			}
			
			
		}



		return redirect('/auth/login')
					->withInput($request->only('email'))
					->withErrors([
						'email' => 'These credentials do not match our records.',
					]); 
	}
	
}

you see here we log in first, then check isactive then we log out if it's non active and redirect

if you redirect before logging out the middleware catches you and redirects you to home page because 'isActive' is not part of the rules when authenticating in the auth::attempt

=\

0

Hi! Try this...

if($this->auth->user()->active == 1)
	{
		return redirect()->intended($this->redirectPath());
	}
	else
	{
		$this->auth->logout();

		return redirect('auth/login')
			->withErrors([
				'active' => 'User no active.',
			]);;
	}
Last updated 7 years ago.
0

Sign in to participate in this thread!

LoadForge

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.