使用 laravel 检查活跃用户状态
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16750375/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Check for active user state with laravel
提问by Stephan-v
This is pretty standard login function and validation that works nicely. But I also want to check that the user is active. I have set up a column in my users table with 'active' set to either 0 or 1.
这是非常标准的登录功能和验证,效果很好。但我也想检查用户是否处于活动状态。我在我的用户表中设置了一列,将“活动”设置为 0 或 1。
public function post_login()
{
$input = Input::all();
$rules = array(
'email' => 'required|email',
'password' => 'required',
);
$validation = Validator::make($input, $rules);
if ($validation->fails())
{
return Redirect::to_route('login_user')
->with_errors($validation->errors)->with_input();
}
$credentials = array(
'username' => $input['email'],
'password' => $input['password'],
);
if (Auth::attempt($credentials))
{
// Set remember me cookie if the user checks the box
$remember = Input::get('remember');
if ( !empty($remember) )
{
Auth::login(Auth::user()->id, true);
}
return Redirect::home();
} else {
return Redirect::to_route('login_user')
->with('login_errors', true);
}
}
I've tried something like this already:
我已经尝试过这样的事情:
$is_active = Auth::user()->active;
if (!$is_active == 1)
{
echo "Account not activated";
}
But this can only be used within the 'auth attempt' if statement and at that point the users credentials(email and pass) are already validated. So even if the users account if not active at this point they are already logged in.
但这只能在“身份验证尝试”中使用 if 语句,此时用户凭据(电子邮件和密码)已经过验证。因此,即使用户帐户此时未处于活动状态,他们也已经登录。
I need a way to return validation to let them know they still need to activate their account and check if their account is set at the same time their email and pass are being checked.
我需要一种返回验证的方法,让他们知道他们仍然需要激活他们的帐户,并在检查他们的电子邮件和通行证的同时检查他们的帐户是否已设置。
采纳答案by PottyBert
A better solution might be to create an Auth driver that extends the Eloquent Auth driver already in use and then override the attempt method.
更好的解决方案可能是创建一个 Auth 驱动程序来扩展已经在使用的 Eloquent Auth 驱动程序,然后覆盖尝试方法。
Then change your auth config to use your driver.
然后更改您的身份验证配置以使用您的驱动程序。
Something like:
就像是:
<?php
class Myauth extends Laravel\Auth\Drivers\Eloquent {
/**
* Attempt to log a user into the application.
*
* @param array $arguments
* @return void
*/
public function attempt($arguments = array())
{
$user = $this->model()->where(function($query) use($arguments)
{
$username = Config::get('auth.username');
$query->where($username, '=', $arguments['username']);
foreach(array_except($arguments, array('username', 'password', 'remember')) as $column => $val)
{
$query->where($column, '=', $val);
}
})->first();
// If the credentials match what is in the database we will just
// log the user into the application and remember them if asked.
$password = $arguments['password'];
$password_field = Config::get('auth.password', 'password');
if ( ! is_null($user) and Hash::check($password, $user->{$password_field}))
{
if ($user->active){
return $this->login($user->get_key(), array_get($arguments, 'remember'));
} else {
Session::flash('authentication', array('message' => 'You must activate your account before you can log in'));
}
}
return false;
}
}
?>
In your login screen, check for Session::get('authentication') and handle accordingly.
在您的登录屏幕中,检查 Session::get('authentication') 并进行相应处理。
Alternatively, allow them to log in but don't let them access any pages other than one that offers a link to resend the activation email.
或者,允许他们登录,但不要让他们访问提供重新发送激活电子邮件链接的页面以外的任何页面。
回答by blinkiebill
Filters are the way to go. It's easy and clean to solve this problem, see my example below.
过滤器是要走的路。解决这个问题既简单又干净,请参阅下面的示例。
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
else
{
// If the user is not active any more, immidiately log out.
if(Auth::check() && !Auth::user()->active)
{
Auth::logout();
return Redirect::to('/');
}
}
});
回答by Antonio Carlos Ribeiro
Can't you use something like this:
你不能使用这样的东西:
if (Auth::once($credentials))
{
if(!Auth::user()->active) {
Auth::logout();
echo "Account not activated";
}
}
回答by Laurence
Just make the active field one of the confirmations. You can do this:
只需将活动字段作为确认之一即可。你可以这样做:
$credentials = array(
'username' => $input['email'],
'password' => $input['password'],
'active' => 1
);
if (Auth::attempt($credentials))
{
// User is active and password was correct
}
If you want to specifically tell the user they are not active - you can follow it up with this:
如果您想特别告诉用户他们不活跃 - 您可以按照以下方式跟进:
if (Auth::validate(['username' => $input['email'], 'password' => $input['password'], 'active' => 0]))
{
return echo ('you are not active');
}
回答by Nisal Gunawardana
This is what I do:
这就是我所做的:
if (\Auth::attempt(['EmailWork' => $credentials['EmailWork'], 'password' => $credentials['Password']], $request->has('remember'))) {
if (\Auth::once(['EmailWork' => $credentials['EmailWork'], 'password' => $credentials['Password']])) {
if (!\Auth::user()->FlagActive == 'Active') {
\Auth::logout();
return redirect($this->loginPath())
->withInput($request->only('EmailWork', 'RememberToken'))
->withErrors([
'Active' => 'You are not activated!',
]);
}
}
return redirect('/');
}
return redirect($this->loginPath())
->withInput($request->only('EmailWork', 'RememberToken'))
->withErrors([
'EmailWork' => $this->getFailedLoginMessage(),
]);
