Laravel 5.3 身份验证块用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40636768/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel 5.3 Auth block user
提问by nameless
I have a question, I'm currently developing a little site with Laravel 5.3 and I'm using the Basic Auth from them for users to register and login.
我有一个问题,我目前正在使用 Laravel 5.3 开发一个小网站,我正在使用他们的 Basic Auth 供用户注册和登录。
Now I want the following: Everybody can register and login, but if I click on a button (as an admin), I can "block" one specific user (for example if he did something not allowed), I don't completely delete the row in the database, but somehow make sure that if the user tries to login he get's a message saying something like "you can't login any more, your account is blocked, contact admin for more info" or something similar. The question is: Whats the best way to do this? I didn't find something built in, correct me if I'm wrong... Ofcourse, I could just alter the users table and add a column called "blocked", set to false normally, then with the button, set it to true and then when logging in somehow checking for this value and (if it's true) showing this message and not allowing log in. Is this the best way to do this? If yes, where would I have to check for this value and how can I show the message then? If not, whats the better way?
现在我想要以下内容:每个人都可以注册和登录,但是如果我点击一个按钮(作为管理员),我可以“阻止”一个特定的用户(例如,如果他做了不允许的事情),我不会完全删除数据库中的行,但以某种方式确保如果用户尝试登录,他会收到一条消息,内容类似于“您无法再登录,您的帐户已被阻止,请联系管理员以获取更多信息”或类似内容。问题是:这样做的最佳方法是什么?我没有找到内置的东西,如果我错了请纠正我......当然,我可以改变用户表并添加一个名为“blocked”的列,通常设置为false,然后使用按钮将其设置为true 然后在登录时以某种方式检查此值并(如果它为 true)显示此消息并且不允许登录。这是最好的方法吗?如果是,我必须在哪里检查此值,然后如何显示消息?如果没有,有什么更好的方法?
回答by Hymanel414
I would do what you're suggesting - use a blockedor activecolumn to indicate if the user should be able to log in. When I've done something similar in the past, to check this value upon login, I moved the out-of-the-box login function into my LoginController and added to it a bit. My login method now looks like this:
我会按照你的建议去做——使用 ablocked或active列来指示用户是否应该能够登录。当我过去做过类似的事情时,为了在登录时检查这个值,我移开了-框登录功能到我的 LoginController 并添加到它一点。我的登录方法现在看起来像这样:
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function login(Request $request)
{
$this->validateLogin($request);
$user = User::where('email', $request->email)->firstOrFail();
if ( $user && !$user->active ) {
return $this->sendLockedAccountResponse($request);
}
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
I also added these functions to handle users who weren't active:
我还添加了这些功能来处理不活跃的用户:
/**
* Get the locked account response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function sendLockedAccountResponse(Request $request)
{
return redirect()->back()
->withInput($request->only($this->loginUsername(), 'remember'))
->withErrors([
$this->loginUsername() => $this->getLockedAccountMessage(),
]);
}
/**
* Get the locked account message.
*
* @return string
*/
protected function getLockedAccountMessage()
{
return Lang::has('auth.locked')
? Lang::get('auth.locked')
: 'Your account is inactive. Please contact the Support Desk for help.';
}
回答by Alexey Mezenin
You can use soft deletingfeature.
您可以使用软删除功能。
In addition to actually removing records from your database, Eloquent can also "soft delete" models. When models are soft deleted, they are not actually removed from your database. Instead, a deleted_at attribute is set on the model and inserted into the database. If a model has a non-null deleted_at value, the model has been soft deleted.
除了从数据库中实际删除记录之外,Eloquent 还可以“软删除”模型。当模型被软删除时,它们实际上并没有从数据库中删除。相反,在模型上设置了一个 Deleted_at 属性并插入到数据库中。如果模型具有非空的 deleted_at 值,则该模型已被软删除。
回答by Mahdi
step1:
第1步:
add new field to the User table called ‘status' (1:enabled, 0:disabed)
step2:
第2步:
to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(\Illuminate\Http\Request $request)
{
$credentials = $request->only($this->username(), ‘password');
return array_add($credentials, ‘status', ‘1');
}
Step3:
第三步:
to block the user when using passport authentication ( token ) , in the User.php model add the following function :
public function findForPassport($identifier) {
return User::orWhere(‘email', $identifier)->where(‘status', 1)->first();
}
refer to this link ( tutorial) will help you : https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
请参阅此链接(教程)将帮助您:https: //medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
回答by Mahdi
Solved: this link ( tutorial) will help you : https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
已解决:此链接(教程)将帮助您:https: //medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
step1:
第1步:
add new field to the User table called ‘status' (1:enabled, 0:disabed)
step2:
第2步:
to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(\Illuminate\Http\Request $request)
{
$credentials = $request->only($this->username(), ‘password');
return array_add($credentials, ‘status', ‘1');
}
Step3:
第三步:
to block the user when using passport authentication ( token ) , in the User.php model add the following function :
public function findForPassport($identifier) {
return User::orWhere(‘email', $identifier)->where(‘status', 1)->first();
}
Done :)
完毕 :)
