Auth Login: how to check more than just email/password?

Notice. Article updated in February 2018 for latest Laravel 5.6 version.

Laravel default authentication is awesome. But by default it works by checking two fields – email and password. What if we have some additional fields to check? For example, if user is approved?

Let’s say that in our users table we have a field approved with value 0 or 1. How to add that to login function?

First things first – authentication happens in file app/Http/Controllers/Auth/LoginController.php. If you look at its code, you won’t actually see any login function, but it uses a trait:

use AuthenticatesUsers;

That trait is loading some functions into the class and it’s a part of Illuminate\Foundation so we cannot easily change that trait. But what we can do is override its functions in our class and make any changes we want. So we’re interested in that trait’s function credentials(), which looks like this:

    protected function credentials(Request $request)
    {
        return $request->only($this->username(), 'password');
    }

As I said before, we can just copy-paste that function into our LoginController.php (we have to also add use Illuminate\Http\Request; at the top of file) and make the changes we want, including adding more fields into authentication.

In this case, we need to change function to this:

    public function credentials(Request $request)
    {
        $credentials = $request->only($this->username(), 'password');
        $credentials = array_add($credentials, 'approved', '1');
        return $credentials;
    }

As a result, logging in will happen with this SQL query:

select * from `users` where `email` = [your_email] and `approved` = 1 limit 1
Like our articles?
Check out our Laravel online courses!

8 COMMENTS

  1. Please note that this will not return a proper error for the user if the user exists but is not approved. If you don’t mind this, go ahead, your user will see something along the lines of “No matching credentials” when trying to log in.

    If you require a more precise error, you can just check it yourself and return redirect()->back()->withErrors([ … ]);

    • Hii
      i have one problem . i want to do changes in authentication file means i want to change login condition but i dont get that file which i want to change .i use laravel 5.2 v.
      please any one help mi.

  2. Hello All,
    There is a more perfect way of doing this in laravel 5.2.

    If you see in AuthenticatesUsers.php there is a method handleUserWasAuthenticated, inside which it checks i

    if (method_exists($this, ‘authenticated’)) {
    return $this->authenticated($request, Auth::guard($this->getGuard())->user());
    }

    So you can simply define a authenticate method in AuthController.php and add you own logic to check for is_active or any other conditions. I think this is the only reason the ‘authenticate’ method is checked in ‘handleUserWasAuthenticated’ before being redirected to intend page.

    Thanks 🙂

  3. hi i want to change the login credential like in users table there is one more column user_type 1,2,3,4.
    i want to change the message according to the user_type if user not exist in their type.

LEAVE A REPLY

Please enter your comment!
Please enter your name here