Support the ongoing development of Laravel.io →
Authentication Security
Last updated 4 months ago.
0

First of all don't have a separate table have this in the uses table then you answered your own question a simple if statement should to do the trick.

0

Am newbie, and laravel brings the login system ready, then I do not know where I can make the scan.

0

You have to overwrite your postLogin method in App\Http\Controllers\AuthController

Laravel Default postLogin:

[...]
$credentials = $this->getCredentials($request);

        if (Auth::attempt($credentials, $request->has('remember'))) {
            return $this->handleUserWasAuthenticated($request, $throttles);
        }
[...]

Auth::attemp try to login the user with credentials, you have to expand the process in Auth::validate($credentials) and after that you have to check if the user is not locked. If the user is validated and not locked, you can login in the user with Auth::login($user, $request->has('remember'));

// Your postLogin $user->canLogin() method in your user-model, you can check if the locked table contains the user

[...]
/** @var User $user */
        $user = User::where($this->loginUsername(),"=",$credentials[$this->loginUsername()])->get()->first();

        if(Auth::validate($credentials)) {
            if ($user->canLogin()) {
                Auth::login($user, $request->has('remember'));
                return $this->handleUserWasAuthenticated($request, $throttles);
            }
            else
            {
                if ($throttles) {
                    $this->incrementLoginAttempts($request);
                }
                return redirect($this->loginPath())
                    ->withInput($request->only($this->loginUsername(), 'remember'))
                    ->withErrors([
                        $this->loginUsername() => Lang::has('auth.not_active')
                            ? Lang::get('auth.not_active')
                            : 'User is not active.',
                    ]);
            }
        }
[...]

You also have to update your Authenticate Middleware in App\Http\Middleware

  public function handle($request, Closure $next)
    {
        if ($this->auth->guest()) {
            if ($request->ajax()) {
                return response('Unauthorized.', 401);
            } else {
                return redirect()->guest(route('login'));
            }
        }

  if($this->auth->user()->yourCanLoginMethod())
            return $next($request);
        $this->auth->logout();

        return redirect()->guest(route('login'));
  }
Last updated 6 years ago.
0

HI, I'm also a big time newbie and I have the exact same problem. Using L5.1 my AuthController doesn't look at all like the answer from @biwerr, actually it's in a different path...
In App\Http\Controllers\Auth\AuthController I only have three methods: __construct(), validator() and create() and I still don't know where to check if user is locked (or active, in my case). Would you expand a little bit for us still learning L5.1?

Last updated 6 years ago.
0

@johanWP you have more than 3 mehtods in your auth controller. Laravel implements AuthenticatesAndRegistersUsers trait, this trait includes the above overwritten method

A second way (maybe) is to create a middleware, and place it after your auth middleware in http/kernel.php

0

I had to use middleware because my field was an enum type.. and you cant override that method...

0

Sign in to participate in this thread!

LoadForge

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.