堆栈内存溢出
  简体   繁体   English

Laravel 在用户的学校处于活动状态时对用户进行身份验证

[英]Laravel authenticate users when their school is active

 原文  2019-09-25 08:06:55       php/ mysql/ laravel/ authentication

问题描述

We are making a laravel project that is for schools.我们正在为学校制作一个 laravel 项目。 We got a database for schools and inside it are the the users like teachers,staffs ect.我们有一个学校数据库,里面有教师、员工等用户。 My problem is how do I prevent the specific user from a specific school from logging in where their school status is marked = 0 or as inactive in our database?我的问题是如何防止来自特定学校的特定用户登录他们的学校状态标记为 = 0或在我们的数据库中为非活动状态?

Schools table +--------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | UNI | NULL | | | description | text | NO | | NULL | | | logo | varchar(191) | YES | | NULL | | | status | int(11) | NO | | 1 | | | updated_by | varchar(191) | YES | | NULL | | | created_at | timestamp | YES | | NULL | | | updated_at | timestamp | YES | | NULL | | +--------------+------------------+------+-----+---------+----------------+学校表+--------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | UNI | NULL | | | description | text | NO | | NULL | | | logo | varchar(191) | YES | | NULL | | | status | int(11) | NO | | 1 | | | updated_by | varchar(191) | YES | | NULL | | | created_at | timestamp | YES | | NULL | | | updated_at | timestamp | YES | | NULL | | +--------------+------------------+------+-----+---------+----------------+ +--------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | UNI | NULL | | | description | text | NO | | NULL | | | logo | varchar(191) | YES | | NULL | | | status | int(11) | NO | | 1 | | | updated_by | varchar(191) | YES | | NULL | | | created_at | timestamp | YES | | NULL | | | updated_at | timestamp | YES | | NULL | | +--------------+------------------+------+-----+---------+----------------+

Users table +-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+用户表+-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+ +-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+

LoginController.php登录控制器.php

class LoginController extends Controller
{

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    // protected $redirectTo = '/admin';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        // $this->middleware('guest')->except('logout');
    }



}```

User model用户 model

  public function schools()
    {
        return $this->belongsTo('App\School', 'school_id');
    }

School model学校model

 public function users(){
        return $this->hasMany(User::class);
    }

My LoginController only uses the AuthenticateUsers function and I dont know a way how to override it or make a new function for me.我的 LoginController 仅使用AuthenticateUsers function,我不知道如何覆盖它或为我制作新的 function。 Thanks in advance.提前致谢。

4 个解决方案

解决方案1
 1  2019-09-25 08:09:50

I suggest creating a middleware to the login route, that will look after the user's status value for his school.我建议为登录路由创建一个中间件,该中间件将为他的学校处理用户的状态值。 If it's not valid, you should handle it for example, that you throw an exception back to user, that the school is inactive.如果它无效,您应该处理它,例如,您向用户抛出异常,学校处于非活动状态。

More about it here: https://laravel.com/docs/master/middleware更多关于它的信息: https://laravel.com/docs/master/middleware

Updated:更新:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Guard;

class Authenticate
{
    /**
     * The Guard implementation.
     *
     * @var Guard
     */
    protected $auth;

    /**
     * Create a new filter instance.
     *
     * @param \Illuminate\Contracts\Auth\Guard $auth
     */
    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure                 $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($this->auth->schools()->status == 0) {
            return response('School is inactive!', 401);
        }

        return $next($request);
    }
}

And add the newly created middleware to the App\Http Kernel.php class.并将新创建的中间件添加到App\Http Kernel.php class。

Add the following line to the variable $routeMiddleWare :将以下行添加到变量$routeMiddleWare

'auth'                => \TIM\Http\Middleware\Authenticate::class,

Now the last thing to do is to add the 'auth' key to the Route group .现在要做的最后一件事是将'auth'键添加到Route group

Route::group([
    'middleware' => ['auth'],
], function () {
// your routes
}

解决方案2
 1  2019-09-25 08:10:35

You could override the attemptLogin function to also check for this field.您可以覆盖attemptLogin以检查此字段。

protected function attemptLogin(Request $request)
{
    //
    // Query the school status here and return false if status === 0.
    //

    return $this->guard()->attempt(
        $this->credentials($request), $request->filled('remember')
    );
}

解决方案3
 1 已采纳  2019-09-25 08:11:50

In LoginController you can override the authenticated method, this function fires when the user has successfully signed in.LoginController中,您可以覆盖已authenticated的方法,当用户成功登录时,此 function 会触发。

public function authenticated(Request $request, $user)
{
    if ($user->schools()->status === 0) {
        Auth::logout($user);

        abort(403, 'Your school is not active.');
    }
}
  1. I'm assuming here that you've setup relationships, if not then just select the school which the user is enrolled and check from that.我在这里假设您已经设置了关系,如果不是那么只是 select 用户注册的学校并从中检查。
  2. The reason why I suggest to override the authenticated method as opposed to other methods is that at this point you know the user has signed in correctly so it is the correct place to handle it as opposed to the attemptLogin .我建议重写已authenticated方法而不是其他方法的原因是,此时您知道用户已正确登录,因此与attemptLogin相反,它是处理它的正确位置。

解决方案4
 1  2019-09-25 08:13:57

use join query.使用连接查询。 just add school_id in users table.只需在 users 表中添加 school_id 。 for example例如

self::where('users.school_id', $id)->where('schools.status',0)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Laravel 5.1:如何仅对活动用户进行身份验证 - Laravel 5.1: How to authenticate only active users Laravel 获得学校用户 - Laravel get school users 使用Active Directory对Intranet站点上的用户进行身份验证 - Using active directory to authenticate users on intranet site 当每个租户在laravel中有多个用户时,如何对多租户网站中的用户进行身份验证 - How to authenticate users in multi-tenant website when each tenant have multiple users in laravel Laravel 5 通过外部 API 对用户进行身份验证 - Laravel 5 authenticate users through external API Laravel-如何分别验证管理员和用户 - Laravel - How to authenticate admin and users separately Laravel:如何在没有数据库的情况下对用户进行身份验证 - Laravel: How to authenticate users without DB 如何在不使用用户名和密码的情况下使用Active Directory在PHP中对用户进行身份验证 - How to authenticate users in PHP using Active Directory without username and password 从 laravel 8 api 中的两个以上表对用户进行身份验证 - Authenticate users from more than two tables in laravel 8 api 如何在 Laravel 5.3 的模块结构中对用户进行身份验证 - How do I authenticate users in module structures in Laravel 5.3
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM