The following Guide is optimized for Laravel 7, but it works for Laravel 6.x and Laravel 5.x, too. Differences should only be present in the paths.
A great way to start a simple web project with PHP which needs a login and / or registration form with permissions is by using the widespread Laravel Framework with the Laratrust Package. This yields to a quick set up working system with basic functionalities.
Check out the short version of my StackOverflow answer.
Customize Login Validation
If the project grows, there might be a time where you want to customize the authentication mechanism by defining your own login validation: Perhaps you want to create a new
status field for users to forbid the login for specific values or you want to add a lifetime (
date field) for accounts that will lead to a failed login when the date-value is in the past. Anyway, you have to extend the existing login validation process.
This validation process is made in the
validateCredentials method in the
EloquentUserProvider class, located at
[PROJECTROOT]/vendor/laravel/framework/src/Illuminate/Auth/EloquentUserProvider.php which looks as follows in Laravel 7:
This method must be extended to get things working. As a good and attentive developer, you know that the framework default methods should never be touched to be more stable for future updates and avoid side effects. As a result and a possible solution, a Custom Provider can be defined to override the existing function.
Define Custom Provider and override validateCredentials
First, create a new file called
CustomUserProvider.php (or a better name, for example
AuthValidateStatusServiceProvider.php if you want to check the user status before login) in the
app/Providers directory with the following code:
Add your custom validation and save it, for example
if ($user->status != 'active') return false; if you created a
status attribute for the user.
After this, Laravel must call this provider at the correct execution step. Do this by extending the
boot() method in the
app/Providers/AuthServiceProvider.php file to register it:
Remember to change the provider class name on both points. Furthermore, the code can be shortened with a simple import statement.
We are not done yet! The last step will be in the
config/auth.php file. Scroll to the User Providers part and change it to:
Here again: Don't forget to change the driver name (provider class name)
That's it! Now, your custom login validation should automatically be called after the user hits the Login button.