如果未验证电子邮件,如何限制用户在Laravel中登录

时间:2016-10-19 14:41:24

标签: php laravel email-verification

我正在使用' jrean'在Laravel中打包以验证注册用户的电子邮件。 https://packagist.org/packages/jrean/laravel-user-verification

我目前面临的问题是,即使用户已注册,如何在未验证电子邮件之前限制其访问权限。我已经按照包教程中给出的所有步骤来实现注册。但他们没有列出任何限制登录访问的步骤。有什么想法吗?

6 个答案:

答案 0 :(得分:2)

您可以create simple middleware并检查是否在那里验证了电子邮件。例如,如果verifiedusers表中是布尔值,则可以执行以下操作:

public function handle($request, Closure $next)
{
    return auth()->user() && auth()->user()->verified
        ? $next($request); // Will pass user.
        : redirect('/'); // Will redirect user to the main page if email is not verified.
    }      
}

不要忘记register middleware并将其应用于您想要保护的路线。

答案 1 :(得分:2)

您可以覆盖您的登录方式。在L5.2和asumming中,您在users表中有一个已验证的字段,它是布尔值,您可以执行以下操作:

在您的app / Http / Controllers / Auth / AuthController.php中添加如下内容:

use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Support\Facades\Auth;

    /**
       * Handle a login request to the application.
       *
       * @param  \Illuminate\Http\Request  $request
       * @return \Illuminate\Http\Response
       */
      public function login(Request $request)
      {
        $this->validateLogin($request);
        $throttles = $this->isUsingThrottlesLoginsTrait();
        if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
          $this->fireLockoutEvent($request);
          return $this->sendLockoutResponse($request);
        }
        $credentials = $this->getCredentials($request);
        if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
          if (Auth::user()->verified == true) { // This is the most important part for you
            return $this->handleUserWasAuthenticated($request, $throttles);
          } else {
            Auth::logout();
            return $this->sendFailedLoginResponse($request, "Some message here");
          }
        }
        if ($throttles && !$lockedOut) {
          $this->incrementLoginAttempts($request);
        }
        return $this->sendFailedLoginResponse($request);
      }

您还需要在User eloquent模型中添加已验证字段,以便在修改后的登录方法中使用它。

希望它有所帮助!

答案 2 :(得分:2)

将经过验证的中间件应用于URL,它将阻止访问URL,直到用户验证其电子邮件为止。 Route::get('/users', 'UserController@index')->name('users')->middleware('verified');

答案 3 :(得分:1)

使用此:

    public function __construct() {
        $user = Auth::guard('api')->user();
        if(!$user->hasVerifiedEmail()) {
            abort($this->respondUnauthorized(trans('response.email_not_verified')));
        }
    }

hasVerifiedEmail() Determine if the user has verified their email address.

它将检查控制器中的所有路由/方法

答案 4 :(得分:0)

public function handle($request, Closure $next, $guard = null)
    {
        if (Auth::guard($guard)->check()) {
            return redirect('/');
        }

        return $next($request);
    }

答案 5 :(得分:0)

public function handle(Request $request, Closure $next)
{
    if (\App\Models\User::where('email', $request->input('email'))->first()->email_verified_at != null) {
        return $next($request);
    } else {
        return redirect('/login')->with('email_not_verified', 'Email not verified, Please check your email to validate it');
    }
}
相关问题
最新问题