4

这是非常标准的登录功能和验证,效果很好。但我也想检查用户是否处于活动状态。我在我的用户表中设置了一个列,将“活动”设置为 0 或 1。

public function post_login() 
{
    $input = Input::all();

    $rules = array(
        'email' => 'required|email',
        'password' => 'required',
    );  

    $validation = Validator::make($input, $rules);

    if ($validation->fails())
    {
        return Redirect::to_route('login_user')
            ->with_errors($validation->errors)->with_input();
    }

    $credentials = array(
        'username' => $input['email'],
        'password' => $input['password'],
    );

    if (Auth::attempt($credentials)) 
    {
        // Set remember me cookie if the user checks the box
        $remember = Input::get('remember');
        if ( !empty($remember) )
        {
            Auth::login(Auth::user()->id, true);
        }

        return Redirect::home();

    } else {
        return Redirect::to_route('login_user')
            ->with('login_errors', true);
    }
}

我已经尝试过这样的事情:

$is_active = Auth::user()->active;

if (!$is_active == 1)
{
    echo "Account not activated";
}

但这只能在“身份验证尝试”if 语句中使用,此时用户凭据(电子邮件和密码)已经过验证。因此,即使用户帐户此时未处于活动状态,他们也已经登录。

我需要一种返回验证的方法,让他们知道他们仍然需要激活他们的帐户并检查他们的帐户是否在检查他们的电子邮件和通行证的同时设置。

4

5 回答 5

8

过滤器是要走的路。解决这个问题既简单又干净,请参见下面的示例。

Route::filter('auth', function()
{
    if (Auth::guest())
{
    if (Request::ajax())
    {
        return Response::make('Unauthorized', 401);
    }
    else
    {
        return Redirect::guest('login');
    }
}
else
{
    // If the user is not active any more, immidiately log out.
    if(Auth::check() && !Auth::user()->active)
    {
        Auth::logout();

        return Redirect::to('/');
    }
}
});
于 2014-10-16T16:20:00.123 回答
4

你不能使用这样的东西:

if (Auth::once($credentials))
{
    if(!Auth::user()->active) {
        Auth::logout();

        echo "Account not activated";
    }
}
于 2013-05-25T15:01:57.810 回答
3

只需将活动字段设为确认之一即可。你可以这样做:

$credentials = array(
        'username' => $input['email'],
        'password' => $input['password'],
        'active' => 1
    );

    if (Auth::attempt($credentials)) 
    {
        // User is active and password was correct
    }

如果您想明确告诉用户他们不活跃 - 您可以跟进:

    if (Auth::validate(['username' => $input['email'], 'password' => $input['password'], 'active' => 0]))
    {
        return echo ('you are not active');
    }
于 2014-10-12T15:59:28.377 回答
2

更好的解决方案可能是创建一个扩展已在使用的 Eloquent Auth 驱动程序的 Auth 驱动程序,然后覆盖尝试方法。

然后更改您的身份验证配置以使用您的驱动程序。

就像是:

<?php

class Myauth extends Laravel\Auth\Drivers\Eloquent {

    /**
     * Attempt to log a user into the application.
     *
     * @param  array $arguments
     * @return void
     */
    public function attempt($arguments = array())
    {
        $user = $this->model()->where(function($query) use($arguments)
        {
            $username = Config::get('auth.username');

            $query->where($username, '=', $arguments['username']);

            foreach(array_except($arguments, array('username', 'password', 'remember')) as $column => $val)
            {
                $query->where($column, '=', $val);
            }
        })->first();

        // If the credentials match what is in the database we will just
        // log the user into the application and remember them if asked.
        $password = $arguments['password'];

        $password_field = Config::get('auth.password', 'password');

        if ( ! is_null($user) and Hash::check($password, $user->{$password_field}))
        {
            if ($user->active){
                return $this->login($user->get_key(), array_get($arguments, 'remember'));
            } else {
                Session::flash('authentication', array('message' => 'You must activate your account before you can log in'));
            }
        }

        return false;
    }
}
?>

在您的登录屏幕中,检查 Session::get('authentication') 并进行相应处理。

或者,允许他们登录,但不要让他们访问除提供重新发送激活电子邮件的链接的页面之外的任何页面。

于 2013-05-25T17:46:44.373 回答
0

这就是我所做的:

if (\Auth::attempt(['EmailWork' => $credentials['EmailWork'], 'password' => $credentials['Password']], $request->has('remember'))) {
    if (\Auth::once(['EmailWork' => $credentials['EmailWork'], 'password' => $credentials['Password']])) {
        if (!\Auth::user()->FlagActive == 'Active') {
            \Auth::logout();
            return redirect($this->loginPath())
                ->withInput($request->only('EmailWork', 'RememberToken'))
                ->withErrors([
                    'Active' => 'You are not activated!',
                ]);
        }
    }

    return redirect('/');
}

return redirect($this->loginPath())
    ->withInput($request->only('EmailWork', 'RememberToken'))
    ->withErrors([
        'EmailWork' => $this->getFailedLoginMessage(),
    ]);
于 2016-02-04T11:47:48.810 回答