Laravel 5.3 授权阻止用户
Laravel 5.3 Auth block user
我有一个问题,我目前正在使用 Laravel 5.3 开发一个小网站,我正在使用他们的 Basic Auth 供用户注册和登录。
现在我想要以下内容:每个人都可以注册和登录,但是如果我点击一个按钮(作为管理员),我可以 "block" 一个特定的用户(例如,如果他做了一些不允许的事情) ,我没有完全删除数据库中的行,但以某种方式确保如果用户尝试登录,他会收到一条消息,内容为 "you can't login any more, your account is blocked, contact admin for more info" 或类似内容。问题是:最好的方法是什么?我没有找到内置的东西,如果我错了请纠正我......
当然,我可以只更改用户 table 并添加一个名为 "blocked" 的列,通常设置为 false,然后使用按钮将其设置为 true,然后在登录时以某种方式检查此值和(如果它是真的)显示此消息并且不允许登录。这是执行此操作的最佳方法吗?如果是,我必须在哪里检查这个值,然后如何显示消息?如果没有,有什么更好的方法?
您可以使用 soft deleting 功能。
In addition to actually removing records from your database, Eloquent can also "soft delete" models. When models are soft deleted, they are not actually removed from your database. Instead, a deleted_at attribute is set on the model and inserted into the database. If a model has a non-null deleted_at value, the model has been soft deleted.
我会按照您的建议进行 - 使用 blocked 或 active 列来指示用户是否应该能够登录。当我过去做过类似的事情时,为了在登录时检查这个值,我将开箱即用的登录功能移到了我的 LoginController 中并添加了一些。我的登录方法现在如下所示:
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function login(Request $request)
{
$this->validateLogin($request);
$user = User::where('email', $request->email)->firstOrFail();
if ( $user && !$user->active ) {
return $this->sendLockedAccountResponse($request);
}
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
我还添加了这些功能来处理不活跃的用户:
/**
* Get the locked account response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function sendLockedAccountResponse(Request $request)
{
return redirect()->back()
->withInput($request->only($this->loginUsername(), 'remember'))
->withErrors([
$this->loginUsername() => $this->getLockedAccountMessage(),
]);
}
/**
* Get the locked account message.
*
* @return string
*/
protected function getLockedAccountMessage()
{
return Lang::has('auth.locked')
? Lang::get('auth.locked')
: 'Your account is inactive. Please contact the Support Desk for help.';
}
已解决:此link(教程)将帮助您:https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
第一步:
add new field to the User table called ‘status’ (1:enabled, 0:disabed)
第 2 步:
to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(\Illuminate\Http\Request $request)
{
$credentials = $request->only($this->username(), ‘password’);
return array_add($credentials, ‘status’, ‘1’);
}
第 3 步:
to block the user when using passport authentication ( token ) , in the User.php model add the following function :
public function findForPassport($identifier) {
return User::orWhere(‘email’, $identifier)->where(‘status’, 1)->first();
}
完成:)
第一步:
add new field to the User table called ‘status’ (1:enabled, 0:disabed)
第 2 步:
to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(\Illuminate\Http\Request $request)
{
$credentials = $request->only($this->username(), ‘password’);
return array_add($credentials, ‘status’, ‘1’);
}
第 3 步:
to block the user when using passport authentication ( token ) , in the User.php model add the following function :
public function findForPassport($identifier) {
return User::orWhere(‘email’, $identifier)->where(‘status’, 1)->first();
}
参考这篇link(教程)会对你有所帮助:https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
有一个软件包不仅可以阻止用户,还可以让您在决定是否阻止他们之前监控他们。
Laravel 监控: https://github.com/neelkanthk/laravel-surveillance
我有一个问题,我目前正在使用 Laravel 5.3 开发一个小网站,我正在使用他们的 Basic Auth 供用户注册和登录。
现在我想要以下内容:每个人都可以注册和登录,但是如果我点击一个按钮(作为管理员),我可以 "block" 一个特定的用户(例如,如果他做了一些不允许的事情) ,我没有完全删除数据库中的行,但以某种方式确保如果用户尝试登录,他会收到一条消息,内容为 "you can't login any more, your account is blocked, contact admin for more info" 或类似内容。问题是:最好的方法是什么?我没有找到内置的东西,如果我错了请纠正我...... 当然,我可以只更改用户 table 并添加一个名为 "blocked" 的列,通常设置为 false,然后使用按钮将其设置为 true,然后在登录时以某种方式检查此值和(如果它是真的)显示此消息并且不允许登录。这是执行此操作的最佳方法吗?如果是,我必须在哪里检查这个值,然后如何显示消息?如果没有,有什么更好的方法?
您可以使用 soft deleting 功能。
In addition to actually removing records from your database, Eloquent can also "soft delete" models. When models are soft deleted, they are not actually removed from your database. Instead, a deleted_at attribute is set on the model and inserted into the database. If a model has a non-null deleted_at value, the model has been soft deleted.
我会按照您的建议进行 - 使用 blocked 或 active 列来指示用户是否应该能够登录。当我过去做过类似的事情时,为了在登录时检查这个值,我将开箱即用的登录功能移到了我的 LoginController 中并添加了一些。我的登录方法现在如下所示:
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function login(Request $request)
{
$this->validateLogin($request);
$user = User::where('email', $request->email)->firstOrFail();
if ( $user && !$user->active ) {
return $this->sendLockedAccountResponse($request);
}
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
我还添加了这些功能来处理不活跃的用户:
/**
* Get the locked account response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function sendLockedAccountResponse(Request $request)
{
return redirect()->back()
->withInput($request->only($this->loginUsername(), 'remember'))
->withErrors([
$this->loginUsername() => $this->getLockedAccountMessage(),
]);
}
/**
* Get the locked account message.
*
* @return string
*/
protected function getLockedAccountMessage()
{
return Lang::has('auth.locked')
? Lang::get('auth.locked')
: 'Your account is inactive. Please contact the Support Desk for help.';
}
已解决:此link(教程)将帮助您:https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
第一步:
add new field to the User table called ‘status’ (1:enabled, 0:disabed)
第 2 步:
to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(\Illuminate\Http\Request $request)
{
$credentials = $request->only($this->username(), ‘password’);
return array_add($credentials, ‘status’, ‘1’);
}
第 3 步:
to block the user when using passport authentication ( token ) , in the User.php model add the following function :
public function findForPassport($identifier) {
return User::orWhere(‘email’, $identifier)->where(‘status’, 1)->first();
}
完成:)
第一步:
add new field to the User table called ‘status’ (1:enabled, 0:disabed)
第 2 步:
to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(\Illuminate\Http\Request $request)
{
$credentials = $request->only($this->username(), ‘password’);
return array_add($credentials, ‘status’, ‘1’);
}
第 3 步:
to block the user when using passport authentication ( token ) , in the User.php model add the following function :
public function findForPassport($identifier) {
return User::orWhere(‘email’, $identifier)->where(‘status’, 1)->first();
}
参考这篇link(教程)会对你有所帮助:https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810
有一个软件包不仅可以阻止用户,还可以让您在决定是否阻止他们之前监控他们。
Laravel 监控: https://github.com/neelkanthk/laravel-surveillance