Laravel Auth Login Solution

3
votes

I create postSignIn Method and want to verified : email, password, verifiedFlag First there was no problem for create postSignIn Method, like :

public function postSignIn(){
    if(Auth::attempt(array('email' => Input::get('email'),'password' => Input::get('password'),'verifiedFlag'=>1))){
            return Redirect::route('home-view');
    }
    else{
        return "Email/Password wrong or Your Account not verified by Admin";
    }
}

But now I try to make it more user friendly by Separate Alert for

  • Account not Verified, and
  • Email/Password Wrong

and now I try to make it like this:

    if(Auth::attempt(array('nim' => Input::get('nim'),'password' => Input::get('password')))){
        Auth::logout();
        if(Auth::attempt(array('nim' => Input::get('nim'),'password' => Input::get('password'),'verified' => 1))){
            return Redirect::route('home-view');
        }
        else{
            return "Your Account not verfied. Please wait until admin verified your account or contact your admin";

        }
    }
    else{
        return "NIM/Password wrong";
    }

there was no problem, but I think I need other solution so Auth don't need to Login(Attempt) Twice

2
laravellaravel-4

2 Answers

3
votes

You can use the validate method. This would work:

public function postSignIn(){
    if(Auth::attempt(array('email' => Input::get('email'),'password' => Input::get('password'),'verifiedFlag'=>1))){
            return Redirect::route('home-view');
    }
    elseif(Auth::validate(array('email' => Input::get('email'),'password' => Input::get('password')))){
           return "Your Account not verified by Admin";
    }
    else
    {
        return "Email/Password wrong";
    }
}
0
votes

Filters are the way to go. It's easy and clean to solve this problem, see my example below.

if user is inactive at any point it will logout user, you can redirect user with Session flash message, your login code works as it is.

Route::filter('auth', function()
{
    if (Auth::guest())
    {
         if (Request::ajax())
         {
             return Response::make('Unauthorized', 401);
         }
         else
         {
            return Redirect::guest('login');
         }
 }
else
{
    // If the user is not active any more, immidiately log out.
    if(Auth::check() && !Auth::user()->verifiedFlag)
    {
        Auth::logout();
        Session::flash('message','Your account is not active, please contact your administrator             to active your account');

        // redirect to login page
        return Redirect::to('/');
    }
}
});