我正在尝试使用明显的电子邮件和密码验证用户,以及如果数据库中的ban_status设置为0。
我看过最新的laravel文档,我在AuthenticateUsers.php中尝试过这种方式
protected function validateLogin(Request $request)
{
$this->validate($request, [
$this->username() => 'required', 'password' => 'required', 'ban_status' => '0',
]);
}
就我所知,这没有做任何事情,无论禁止状态是否为0,都会登录用户,我应该在哪里做这个额外的条件?
答案 0 :(得分:3)
基于tam的回答,我添加了一个基于失败"禁止"的重定向。状态,因为否则我仍然会登录,即使条件是错误的。这里是对我有用的登录功能的覆盖,放在LoginController.php中:
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$credentials = $this->credentials($request);
if ($this->guard()->attempt($credentials, $request->has('remember')))
{
if ($this->guard()->user()->ban_status === 0) { // ADDED THIS CHECK
return $this->sendLoginResponse($request);
} else { // logout and redirect if failed
$this->guard()->logout();
return redirect()->back()
->withInput($request->only($this->username(), 'remember'))
->withErrors([
$this->username() => 'You have been banned',
]);
}
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
答案 1 :(得分:1)
总而言之,您在发布的代码中实际尝试做的是检查ban_status传入的$request值,或者换句话说登录表单
我对你的问题的理解是,这不是你想要的。
相反,试试这个:
在login中定义AuthenticatesUsers LoginController ban_status方法,并添加以下少量内容以检查public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($lockedOut = $this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
$credentials = $this->credentials($request);
if ($this->guard()->attempt($credentials, $request->has('remember'))) {
if ($this->guard()->user()->ban_status === 0) { // ADDED THIS CHECK
return $this->sendLoginResponse($request);
}
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if (! $lockedOut) {
$this->incrementLoginAttempts($request);
}
return $this->sendFailedLoginResponse($request);
}
:
input.form-control(type="text", name="names[]", autocomplete="off")
答案 2 :(得分:1)
您也可以手动验证用户身份:
public function authenticate(Request $request)
{
$password=$request->get('password');
$email=$request->get('email');
if (Auth::attempt(['email' => $email, 'password' => $password,'ban_status'=>0]) )
{
return redirect()->intended('/');
}
else
{
return redirect('/login');
}
}
答案 3 :(得分:1)
与其像接受的答案中那样覆盖login()函数,还不如覆盖credentials()函数。该函数应该返回一个值数组,以在数据库中进行检查。
当与原始问题中的固定值进行比较时,只需创建一个数组并将其合并到:
protected function credentials(Request $request)
{
return array_merge(
$request->only($this->username(), "password"),
["ban_status" => 0]
);
}
或者,要与动态值(例如,登录表单中有<input type="hidden" name="your_field" value="42"/>)进行比较,则只需将其添加到返回的请求字段列表中即可。
protected function credentials(Request $request)
{
return $request->only($this->username(), "password", "your_field");
}
为什么这样更好?用户永远不会在系统中进行身份验证–除非所有条件都匹配,否则数据库查询将不会返回结果。在接受的答案中,用户最初会通过登录尝试。作为user3703567 found out,这可能会导致问题。