I am working on a blogging application in Laravel 8.
There are 4 user roles, among which, the "Super-admin". The super admin can ban all users that are not Super-admins.
The banning happens as follows:
In the users table, there is an active column of type tinyint.
In the UserRightsController controller I have this small function that does the banning:
public function ban_user($id){
User::find($id)->update(['active' => 0]);
return redirect()->back()->with('success', 'The user is now banned');
}
Once a user is banned, she/he will be unable to login. I have achieved this by going to vendor\laravel\ui\auth-backend\AuthenticatesUsers.php and changing this:
protected function credentials(Request $request)
{
return $request->only($this->username(), 'password');
}
to
protected function credentials(Request $request)
{
return array_merge($request->only($this->username(), 'password'), ['active' => 1]);
}
The problem:
Any attempt by a banned user to sign in fails, but the error message is still the default one:
These credentials do not match our records.
EDIT:
In app\Http\Controllers\Auth\LoginController.php, I have overwritten the credentials from AuthenticatesUsers.php:
protected function credentials(Request $request)
{
return array_merge($request->only($this->username(), 'password'), ['active' => 1]);
}
But the issue of a specific message remains :(
Questions:
- How do I add a custom message like: "Your account was suspended"?
- Is there a better alternative to using
return array_merge($request->only($this->username(), 'password'), ['active' => 1])in AuthenticatesUsers.php?
sendFailedLoginResponse() and probably also overwrite the login() function... auth middleware in the application, since I scaffolded the out-of-the-box authentication Laravel 8 comes with. I wish I knew how to change it. Instead of changing the AuthenticatesUsers.php file.