Adding a condition to Auth login

It's mentioned here: http://laravel.com/docs/5.1/authentication#authenticating-users

if ( Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1]) ) {
    // The user is active, not suspended, and exists.
}

Instead of 'active', you could use 'enabled' => 1

@trh88 you can append conditionals when attempting to log-in a user. The following paragraph and code is taken directly from the documentation.

If you wish, you also may add extra conditions to the authentication query in addition to the user's e-mail and password. For example, we may verify that user is marked as "active":

if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
    // The user is active, not suspended, and exists.
}

Argh, sorry - completely missed that in the docs...

This doesn't seem to be taken into account when clicking on login on the default laravel auth pages, it logs in again even though I have set the active field to 0 in the database for the user...

I think you need to create new controllers when using this

https://laravel.com/docs/5.3/authentication#authenticating-users

The best way to add new conditions in your login is to override the AuthenticateUsers class.

On your LoginController class try this.

protected function credentials(Request $request)
{

    return array_merge($request->only($this->username(), 'password'), ['active' => 1]);
    
}

in which function we add this in the Login controller :

if ( Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1]) ) { // The user is active, not suspended, and exists. } ???

Heres what ive done which seems to work. Im not sure if its the correct method mind!

Auth/AuthController.php

/**
     * Handle an authentication attempt.
     *
     * @return Response
     */
    public function authenticate(Request $request)
    {
       $credentials = array(
            'email' => $request->get('email'),
            'password' => $request->get('password'),
            'active' => 1
        );

        if (Auth::attempt($credentials)) 
        {
            return redirect()->intended('dashboard');
        }
        else
        {
            // if fails
        }
    }

And then in the routes:

Route::post('login', 'Auth\AuthController@authenticate')->name('login');

Hope this helps. Please let me know if this is the wrong way of doing it :)

Don't forget to add quotes around the "1" value for the "active" field. This is needed in some cases.

What if the additional condition checks for a NULL value on a column? I've tried this but that doesn't work

protected function credentials(Request $request)
{
    return array_merge(
        $request->only($this->username(), 'password'),
        ['my-column' => null]
    );
}

I found another solution for this situation. My case requires separate message for blocked users. So I can't use provided approaches, because users will get message that credentials are wrong. It can be confusing.

There is an authenticated() method which will be called after credential are checked. Inside you can perform any checks for additional conditions on $user. And if something is wrong - logout user and provide specific message.

Auth/LoginController.php

protected function authenticated(Request $request, $user)
    {
        if ($user->status !== 1) {
            Auth::logout();

            return redirect(route('login'))->withErrors(['common' => trans('auth.blocked')]);
        }
    }

Where do you place this code:

if ( Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1]) ) {
    // The user is active, not suspended, and exists.
}

No one here has mentioned it and neither does the documentation mention it

in what file can I do that?