Php 防止使用Laravel'登录;作者
我试图阻止用户在某些情况下登录 我的想法是在使用Laravel的Auth系统后执行一些额外的检查。 至于登录/注册和恢复密码系统,一切正常。但我似乎无法注销用户并在登录页面中显示自定义错误 我想做的就是在验证用户是否被挂起后,在“email address”字段下显示一条自定义的“your account was suspended”消息 我的代码(HomeController)以及我的一些解决方案:Php 防止使用Laravel'登录;作者,php,laravel,laravel-blade,Php,Laravel,Laravel Blade,我试图阻止用户在某些情况下登录 我的想法是在使用Laravel的Auth系统后执行一些额外的检查。 至于登录/注册和恢复密码系统,一切正常。但我似乎无法注销用户并在登录页面中显示自定义错误 我想做的就是在验证用户是否被挂起后,在“email address”字段下显示一条自定义的“your account was suspended”消息 我的代码(HomeController)以及我的一些解决方案: public function index(Request $request) {
public function index(Request $request)
{
// After Laravel logs the user through its authentication system
$user = Auth::user();
if (!isset($user)) {
return redirect('/');
} else {
// we perform some checks of our own
if ($user->suspended != 0) { // suspended by an administrator
$error = trans('errors_login.SUSPENDED_BY_ADMIN');
// return redirect()->route('logout', array('error_msg' => $error));
// return redirect()->route('logout')->withErrors('email','There was an error'); // trying to replace the "email" error
Auth::logout();
$error = ['loginError'=> trans('errors_login.SUSPENDED_BY_ADMIN')];
return view('auth.login', $error);
}
}
...
仅澄清“注销”路线是什么:
Route::get('/logout', '\App\Http\Controllers\Auth\LoginController@logout');
我正在使用Laravel生成的登录视图:
...
<div class="form-group row">
<label for="email" class="col-md-4 col-form-label text-md-right">E-Mail Address</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="email" value="{{ old('email') }}" required autofocus>
@if ($errors->has('email'))
<span class="invalid-feedback" role="alert">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div>
。。。
电子邮件地址
@如果($errors->has('email'))
{{$errors->first('email')}
@恩迪夫
似乎什么都不管用。
我对拉拉维尔还不太熟悉,所以我肯定错过了什么
谢谢。Laravel的默认登录控制器(
App\Http\controller\Auth\LoginController
)在引擎盖下使用了一种名为authenticateusers
的特性
因此,每当用户通过身份验证时,它都会在发送回登录响应之前调用authenticated()
方法,这意味着您可能会执行类似的操作
在App\Http\Controller\Auth\LoginController
中添加一个新的authenticates()
方法,该方法覆盖AuthenticatesUsers::authenticates()
Laravel的默认登录控制器(
App\Http\controller\Auth\LoginController
)在引擎盖下使用了一种称为AuthenticatesUsers
的特性
因此,每当用户通过身份验证时,它都会在发送回登录响应之前调用authenticated()
方法,这意味着您可能会执行类似的操作
在App\Http\Controller\Auth\LoginController
中添加一个新的authenticates()
方法,该方法覆盖AuthenticatesUsers::authenticates()
我也是这样做的:
protected function sendFailedLoginResponse(Request $request)//this will get triggered if the method above (attemptLogin(Request $request)) returns false.
{
$credentials = [
'email' => $request['email'],
'password' => $request['password'],
];
$valid = Auth::attempt($credentials);
if ($valid == false) { //if user credentials are incorrect
$errors = [$this->username() => trans('auth.failed')];
Auth::logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
} else { // //if user credentials are correct check additional conditions
$user = User::where('email', $request->input('email'))->first();
if ($user->locked == 1) {
$errors = [$this->username() => trans('auth.locked')];
Auth::logout();
throw ValidationException::withMessages([
$this->username() => [trans('auth.locked')],
]);
} else {
$errors = [$this->username() => trans('auth.notactivated')];
Auth::logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
}
}
}
不确定是否足够好,但它也能工作。我也用这个:
protected function sendFailedLoginResponse(Request $request)//this will get triggered if the method above (attemptLogin(Request $request)) returns false.
{
$credentials = [
'email' => $request['email'],
'password' => $request['password'],
];
$valid = Auth::attempt($credentials);
if ($valid == false) { //if user credentials are incorrect
$errors = [$this->username() => trans('auth.failed')];
Auth::logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
} else { // //if user credentials are correct check additional conditions
$user = User::where('email', $request->input('email'))->first();
if ($user->locked == 1) {
$errors = [$this->username() => trans('auth.locked')];
Auth::logout();
throw ValidationException::withMessages([
$this->username() => [trans('auth.locked')],
]);
} else {
$errors = [$this->username() => trans('auth.notactivated')];
Auth::logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors($errors);
}
}
}
不确定是否足够好,但它也能工作。非常好、非常优雅的解决方案。谢谢如何知道可以在LoginController中覆盖哪些方法?有我可以看的医生吗?注意:我最终使用了->withErrors()而不是->with()。如下所示:return back()->withErrors(数组('loginError'=>trans('errors\u login.SUSPENDED\u BY\u ADMIN'));不客气。我通常会把书签作为参考:)非常好,非常优雅的解决方案。谢谢如何知道可以在LoginController中覆盖哪些方法?有我可以看的医生吗?注意:我最终使用了->withErrors()而不是->with()。如下所示:return back()->withErrors(数组('loginError'=>trans('errors\u login.SUSPENDED\u BY\u ADMIN'));不客气。我通常会把书签作为参考:)