Geek Answers Handbook

How to disable automatic login in Laravel 5?

I am new to Laravel, but fell in love with the framework and decided to use it for my project.

I have an active field, and by default I set it to 0 . In the Attempt() method, I set $credentials['active'] = 1 . When I log out and log back in, it works fine.

But when I register a user, it automatically registers the user without checking the active field.

+7
php laravel-5
source share
3 answers

I assume that you are using the AuthenticatesAndRegistersUsers character in your controller.

Registration is performed by the postRegister() method in this attribute, which calls the login() method after creating a new user.

You can override this method in your controller and call the login() method only if the field is active true . So your postRegister() method will look something like this:

 public function postRegister(Request $request) { $validator = $this->registrar->validator($request->all()); if ($validator->fails()) { $this->throwValidationException( $request, $validator ); } $user = $this->registrar->create($request->all()); if ($request->get('active')) { $this->auth->login($user); } return redirect($this->redirectPath()); }
+4
source share

In registersUsers.php replace the line:

 Auth::guard($this->getGuard())->login($this->create($request->all()));

With the following:

 $this->create($request->all());

This worked for me, I am using Laravel 5.2

+1
source share

I would not add the active field to the credentials - this is an authorization problem, not an authentication one.

For this, I would use middleware to check if login is active or inactive. In 5.3, the middleware will look like this:

 <?php namespace App\Http\Middleware; use Closure; use Illuminate\Support\Facades\Auth; class RedirectIfInactive { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ( $user = Auth::guard('web')->user() ) { if ( ! $user->active ) return redirect(route('account_inactive')); } return $next($request); } }

Then this middleware should be registered inside Kernel.php :

 protected $routeMiddleware = [ 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'inactive' => \App\Http\Middleware\RedirectIfInactive::class, ];

Finally, we protect all our routes:

 Route::get('inactive', ['as' => 'account_inactive', function () { return view('inactive'); }]); Route::group(['prefix' => 'admin', 'namespace' => 'Admin', 'middleware' => 'inactive'], function () { Route::get('/', ['as' => 'admin.home', 'uses' => ' AdminController@index ']); });

The advantage of this approach is that we can display a more relevant error message than the general "These credentials do not match our records" that people with bad data receive. Thus, the user will know that it is not their fault, they cannot enter the system.

In any case, with the approach in the accepted answer, make sure that you do the same when the user successfully resets his password, since it is also automatically registered.

0
source share

More articles:


All Articles