Recently they clarified to me how to prevent an inactive user from accessing with their credentials. In the login()
controller method LoginController
I was suggested to override the method credentials()
, like so:
protected function credentials(Request $request)
{
$credenciales = $request->only($this->username(), 'password');
//añadimos el valor de activo a S, para que sea correcto
$credenciales = array_add($credenciales, 'activo', 'S');
return $credenciales ;
}
It works to block the user, but it is insufficient for what I intend. I try that if a user is inactive, it redirects him to a page informing him of his situation, and does not allow him to access. In addition, if the user is deactivated by an administrator when they are already logged in, any link they click or what they do from that moment on should log them out and redirect them to the page where they are informed that they have been deactivated.
From what I've read, I think this can be done with middleware, but frankly I don't know where to start.
The best way to do this is with middleware, which allows you to evaluate the PHP request before it reaches the controller. For this case you can create a new middleware or by modifying app/Http/Middleware/Authenticate.php
In case you create a new one, you will have to apply it to the same routes that use the auth middleware.
In the middleware you would have something like this:
you can do authentication this other way.