i have created a customized login and sign up functions for a user in laravel apart from default one.it works very well and users are able to sign up and sign in very well.but i want to achieve this.upon user creating an account the admin should activate the account first then the user can perfectly be able to log in.i have tried this but still its allowing the login for a user who havent been activated.in my case here the is_approved should be 1 for the user to be activated.

public function loginuser(Request $request)
{
    if(Auth::attempt(['email'=>$data['email'],'password'=>$data['password']])){
        
        $this->validate($request,
        [
            'email'=> 'required|max:255|email',
            'password'=> 'required',
            
        ]);

        $userStatus = Auth::User()->is_approved;
        if($userStatus==1) {
            $message="You have successfully Logged in to Your Account";
            Session::flash('success',$message);
            return redirect()->back();
        }else{
            $message="Your Account hasnt been Activated.Please contact the admin";
            Session::flash('error',$message);
            return redirect()->back();
        }
    }
    else {

        $message="Invalid Email or Password";
        Session::flash('error_message',$message);
        return redirect()->back();
    }

}

what might i be doing it wrong here.

CodePudding user response：

you need to add

Auth::logout();

in here

else{
            $message="Your Account hasnt been Activated.Please contact the admin";
            Auth::logout();
            Session::flash('error',$message);
            return redirect()->back();
        }

because if the Auth attempt is successful, technically the user has been correctly authorised and is in fact signed in. So at this stage you need to log him or her out.