logo标签列表

如何在Laravel 5.2中为登录条件添加额外的逻辑

laravellaravel-authentication
10

我只是想说,如果用户没有活动,不允许登录。我已经创建了以下控制器,但我不确定我缺少什么或者我还需要做些什么才能使其正常工作!

<?php
namespace App\Http\Controllers\Auth;

use Illuminate\Auth\Authenticatable;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller{
    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    protected $redirectTo = '/home';

    
    public function __construct()
    {
        $this->middleware($this->guestMiddleware(), ['except' => 'logout']);
    }

    
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|min:6|confirmed',
        ]);
    }

    
    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }

    public function authenticate()
    {
        if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
            // Authentication passed...
            return redirect()->intended('dashboard');
        }
    }

}

我认为authenticate()方法应该能解决问题!

它是否“工作”?如果是,你有什么问题? - tkausl
我的问题是关于标题的。不,这个方法不行。但我已经得到了答案。 - Abdul
5个回答
9
以下代码适用于我的情况:
protected function getCredentials(Request $request)
    {
        return [
            'email' => $request->input('email'),
            'password' => $request->input('password'),
            'active' => true
        ];
    }

对于 Laravel 5.3,需要在 LoginController 中添加以下代码:

protected function credentials(Request $request)
    {
        return [
            'email' => $request->input('email'),
            'password' => $request->input('password'),
            'active' => true
        ];
    }
我只需要第二段代码。我正在使用Laravel 5.4。 - sulaiman sudirman
它是否会抛出错误,而 'active' 验证失败的原因是什么? - ARUN Madathil
7
我认为您应该创建一个方法来检查用户是否通过了您的凭据验证。这是我的建议:
protected function getCredentials(Request $request)
{
    return [
        'username' => $request->input('email'),
        'password' => $request->input('password'),
        'active' => true
    ];
}

以及您的登录方式:

public function login(Request $request) {
    $this->validate($request,['email' => 'required|email','password' => 'required']);

    if (Auth::guard()->attempt($this->getCredentials($request))){
        //authentication passed
    }

    return redirect()->back();
}

希望你能初步了解。
它在我的5.2版本中可以工作。将这两个函数放到AuthController.php中,并在类名前加上use Illuminate\Support\Facades\Auth;。 - Kabir Hossain
0
在 LoginController.php 文件中编写此函数:
protected function credentials(Request $request) {

$extraFields = [
  'user_type'=> 'customer',
  'user_entry_status' => 1
];

return array_merge($request->only($this->username(), 'password'), $extraFields);
}
-1

修改getCredantials方法可以正常运行,但最好让用户知道账户已被暂停使用(凭据是正确的,但账户状态有问题)。你可以轻松地覆盖Auth/LoginController.php中的登录方法,添加自己的逻辑到登录过程并抛出自己的异常。

在Auth/LoginController.php中创建login和sendAccountBlocked函数。

/*load additional classes to LoginController.php*/
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
use Auth;

public function login(Request $request){
  //
  $this->validateLogin($request);
  //
  // If the class is using the ThrottlesLogins trait, we can automatically throttle
  // the login attempts for this application. We'll key this by the username and
  // the IP address of the client making these requests into this application.
  if (method_exists($this, 'hasTooManyLoginAttempts') && $this->hasTooManyLoginAttempts($request)) {
    $this->fireLockoutEvent($request);
    return $this->sendLockoutResponse($request);
  }

  if ($this->attemptLogin($request)) {
    //check user status        
    if (Auth::user()->user_status == 'A') return $this->sendLoginResponse($request);
    // if user_status != 'A' raise exception
    else {
      $this->guard()->logout();
      return $this->sendAccountBlocked($request);
    }
  }

  // If the login attempt was unsuccessful we will increment the number of attempts
  // to login and redirect the user back to the login form. Of course, when this
  // user surpasses their maximum number of attempts they will get locked out.
  $this->incrementLoginAttempts($request);
  return $this->sendFailedLoginResponse($request);
  //
}//

protected function sendAccountBlocked(Request $request){
  throw ValidationException::withMessages([
    $this->username() => ['Your account was suspended.'],
  ]);
}
1
这段代码与问题中的代码毫无关系。它如何回答这个(五年前的)问题呢? - miken32
目前你的回答不够清晰,请编辑并添加更多细节,以帮助其他人理解它如何回答问题。你可以在帮助中心找到有关如何编写好答案的更多信息。 - Community
-1

前往此路径: your-project-folder/vendor/laravel/framework/src/illuminate/Foundation/Auth/AuthenticatesUsers.php

$credentials=$request->only($this->loginUsername(), 'password');
$credentials['status'] = '1';
return $credentials;
2
避免编辑供应商文件,那不是一个好主意。更新会将其重置回原始状态。 - Ronnel Martinez
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接