I am new to Laravel and I am facing the following problem. I have a panel where all registered users are shown (which can be controlled by the admin user). Users have a "state" field and if the field is 1 they can enter the system, and if it is 0 they cannot enter the system. Therefore, the admin user has the ability to activate or deactivate a user. The part to validate the user in the login is already solved from LoginController:

public function username(){
    return 'username';
}

protected function credentials(\Illuminate\Http\Request $request)
{
    return [
        'username' => $request->{$this->username()},
        'password' => $request->password,
        'state' => 1
    ];
}

But, if the admin user deactivates a user, and your session is active, what should he do for his next request? , redirect it outside the application

I've read about it, but I think I'm saturated and I don't know where to start

CodePudding user response：

You could write a middleware that redirects the user to a page that says their account has been deactivated.

create a middleware php artisan make:middleware EnsureActiveState

edit it as below

<?php
 
namespace App\Http\Middleware;
 
use Closure;
 
class EnsureActiveState
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (Auth::check() && Auth::user()->state==0) {
            return redirect('/disabled');
        }

        return $next($request);
    }
}

Create a route /disabled that returns a view to let the user know their account is disabled.

Add the middleware to the 'web' stack in App/Http/Kernel.php

    \App\Http\Middleware\EnsureActiveState::class,