laravel - 如何在 Laravel 5.2 中为登录条件添加额外的逻辑

Question

我只是想说如果用户不活跃，则不允许登录。我已经制作了如下控制器，我不确定我缺少什么或我必须在这里做什么才能完成这项工作！

<?php
namespace App\Http\Controllers\Auth;

use Illuminate\Auth\Authenticatable;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller{
    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    protected $redirectTo = '/home';

    
    public function __construct()
    {
        $this->middleware($this->guestMiddleware(), ['except' => 'logout']);
    }

    
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|min:6|confirmed',
        ]);
    }

    
    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }

    public function authenticate()
    {
        if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
            // Authentication passed...
            return redirect()->intended('dashboard');
        }
    }

}

我的想法是 authenticate() 方法应该可以解决问题！

Answer 1

以下代码适用于我的案例：

protected function getCredentials(Request $request)
    {
        return [
            'email' => $request->input('email'),
            'password' => $request->input('password'),
            'active' => true
        ];
    }

---

对于 Laravel 5.3 需要将以下代码添加到 LoginController

protected function credentials(Request $request)
    {
        return [
            'email' => $request->input('email'),
            'password' => $request->input('password'),
            'active' => true
        ];
    }

Answer 2

我认为您应该创建方法来检查用户是否通过了您的凭据，这是我的建议：

protected function getCredentials(Request $request)
{
    return [
        'username' => $request->input('email'),
        'password' => $request->input('password'),
        'active' => true
    ];
}

和您的登录方法：

public function login(Request $request) {
    $this->validate($request,['email' => 'required|email','password' => 'required']);

    if (Auth::guard()->attempt($this->getCredentials($request))){
        //authentication passed
    }

    return redirect()->back();
}

希望你得到基本的想法。

Answer 3

转到此路径：your-project-folder/vendor/laravel/framework/src/illuminate/Foundation/Auth/AuthenticatesUsers.php

$credentials=$request->only($this->loginUsername(), 'password');
$credentials['status'] = '1';
return $credentials;

Answer 4

更改 getCredentials 可以正常工作，但最好让用户知道该帐户已暂停（凭据正常，但帐户状态不是）。您可以轻松地将 Auth/LoginController.php 中的登录方法覆盖到您自己的副本中，将您自己的逻辑添加到登录过程并引发自己的异常。

在 Auth/LoginController.php 创建登录和 sendAccountBlocked 函数

/*load additional classes to LoginController.php*/
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
use Auth;

public function login(Request $request){
  //
  $this->validateLogin($request);
  //
  // If the class is using the ThrottlesLogins trait, we can automatically throttle
  // the login attempts for this application. We'll key this by the username and
  // the IP address of the client making these requests into this application.
  if (method_exists($this, 'hasTooManyLoginAttempts') && $this->hasTooManyLoginAttempts($request)) {
    $this->fireLockoutEvent($request);
    return $this->sendLockoutResponse($request);
  }

  if ($this->attemptLogin($request)) {
    //check user status        
    if (Auth::user()->user_status == 'A') return $this->sendLoginResponse($request);
    // if user_status != 'A' raise exception
    else {
      $this->guard()->logout();
      return $this->sendAccountBlocked($request);
    }
  }

  // If the login attempt was unsuccessful we will increment the number of attempts
  // to login and redirect the user back to the login form. Of course, when this
  // user surpasses their maximum number of attempts they will get locked out.
  $this->incrementLoginAttempts($request);
  return $this->sendFailedLoginResponse($request);
  //
}//

protected function sendAccountBlocked(Request $request){
  throw ValidationException::withMessages([
    $this->username() => ['Your account was suspended.'],
  ]);
}