Develop Reference

Laravel 8 How to restrict user login if email is not verified

I am using Bootstrap Starter template package in Laravel 8 that replaces Tailwind CSS framework with Bootstrap CSS framework.
https://packagist.org/packages/shahvirag/laravel-ui-bootstrap
The problem I'm having is that user can sign in after registration without needing to verify account through email. How can I restrict his access until the email is not verified?
I have followed the steps and tried using routes middleware, but there is no such file in App\Http\Controllers\PagesController;
Route::get('/',[PagesController::class, 'index'])->name('users')->middleware('verified'); // this does not work
Any help?
routes/web.php
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\PagesController;
Route::get('/', function () {
return view('main');
});
Route::middleware(['auth'])->group(function() {
Route::get('/home', function() {
return view('home');
})->name('home');
Route::get('/user/profile', function() {
return view('profile');
})->name('profile');
});
Route::get('/',[PagesController::class, 'index'])->name('users')->middleware('verified');
resources/views/auth/login.blade.php
#extends('layouts.app')
#section('content')
<div class="container">
<div class="row justify-content-center">
<div class="col-md-8">
<div class="card">
<div class="card-header">{{ __('Login') }}</div>
<div class="card-body">
<form method="POST" action="{{ route('login') }}">
#csrf
<div class="form-group row">
<label for="email" class="col-md-4 col-form-label text-md-right">{{ __('E-Mail Address') }}</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control #error('email') is-invalid #enderror" name="email" value="{{ old('email') }}" required autocomplete="email" autofocus>
#error('email')
<span class="invalid-feedback" role="alert">
<strong>{{ $message }}</strong>
</span>
#enderror
</div>
</div>
<div class="form-group row">
<label for="password" class="col-md-4 col-form-label text-md-right">{{ __('Password') }}</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control #error('password') is-invalid #enderror" name="password" required autocomplete="current-password">
#error('password')
<span class="invalid-feedback" role="alert">
<strong>{{ $message }}</strong>
</span>
#enderror
</div>
</div>
<div class="form-group row">
<div class="col-md-6 offset-md-4">
<div class="form-check">
<input class="form-check-input" type="checkbox" name="remember" id="remember" {{ old('remember') ? 'checked' : '' }}>
<label class="form-check-label" for="remember">
{{ __('Remember Me') }}
</label>
</div>
</div>
</div>
<div class="form-group row mb-0">
<div class="col-md-8 offset-md-4">
<button type="submit" class="btn btn-primary">
{{ __('Login') }}
</button>
#if (Route::has('password.request'))
<a class="btn btn-link" href="{{ route('password.request') }}">
{{ __('Forgot Your Password?') }}
</a>
#endif
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
#endsection

To use verified middleware, your user model should implement MustVerifyEmail
class User extends Authenticatable implements MustVerifyEmail
{
use Notifiable;
// ...
}

Try this instead
Route::get('/',[PagesController::class, 'index'])->name('users')->middleware(['auth', 'verified']);

You can use the method included with the User model:
$user->hasVerifiedEmail()
Or in the routes middleware(['verified'])

the AJAX ERROR VALIDATION not showing in login page but it showing in developer mode console network in laravel

the problem is when I submit the form the login get success when I do with right creational .But when I login with wrong info the validation message doesn't display error .
<script type="text/javascript">
// Set default CSRF header
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
// Intercept login form
$('#login-form').submit(function(e){
// Prevent normal form submission, we well do in JS instead
e.preventDefault();
// Get form data
var data = {
email: $('[name=email]').val(),
password: $('[name=password]').val(),
remember: $('[name=remember]').val(),
};
// Send the request
$.post($('this').attr('action'), data, function(response) {
if (response.success) {
// If login success, redirect
window.location.replace(response.redirect);
}
});
});
Login Controller from and method here login and registering working very well but the only problem is validation message is not showing .
protected function sendLoginResponse(Request $request)
{
$request->session()->regenerate();
$this->clearLoginAttempts($request);
if($request->ajax()){
// If request from AJAX
return [
'success' => true,
'redirect' => $this->redirectPath() ?: route('home'),
];
} else {
// Normal POST do redirect
return $this->authenticated($request, $this->guard()->user())
?: redirect()->intended($this->redirectPath());
}
}
html form where id am trying to showing or displaying errors when login
<form id="login-form" class="form-horizontal" method="POST" action="{{ route('login') }}">
{{ csrf_field() }}
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label for="email" class="col-md-4 control-label">E-Mail Address</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control" name="email" value="{{ old('email') }}" required autofocus>
#if ($errors->has('email'))
<span class="help-block">
<strong>{{ $errors->first('email') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required>
#if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<div class="checkbox">
<label>
<input type="checkbox" name="remember" {{ old('remember') ? 'checked' : '' }}> Remember Me
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-8 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Login
</button>
<a class="btn btn-link" href="{{ route('password.request') }}">
Forgot Your Password?
</a>
</div>
</div>
</form>

You are receiving a validation error in Ajax Format since your request is an Ajax request.
You can handle the errors in the Javascript directly:
I haven't tested it but it should give you some directions.
$.post($('this').attr('action'), data, function(response) {
if (response.success) {
// If login success, redirect
window.location.replace(response.redirect);
} else {
if (response.errors.email)
$('#email-error').text(response.errors.email[0]);
if (response.errors.password)
$('#password-error').text(response.errors.password[0]);
}
});
And modify your blade template as follow:
<form id="login-form" class="form-horizontal" method="POST" action="{{ route('login') }}">
{{ csrf_field() }}
<div class="form-group">
<label for="email" class="col-md-4 control-label">E-Mail Address</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control" name="email" value="{{ old('email') }}" required
autofocus>
<span class="help-block" id="email-error"></span>
</div>
</div>
<div class="form-group">
<label for="password" class="col-md-4 control-label">Password</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required>
<span class="help-block" id="password-error"></span>
</div>
</div>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<div class="checkbox">
<label>
<input type="checkbox" name="remember" {{ old('remember') ? 'checked' : '' }}> Remember Me
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-8 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Login
</button>
<a class="btn btn-link" href="{{ route('password.request') }}">
Forgot Your Password?
</a>
</div>
</div>
</form>

Catch ONLY the invalid credentials error in a login.blade Laravel

I am using the custom login controller from Laravel. I have the validation messages in a below the input fields.
Everything works fine.
What I want now is to show a message “incorrect credentials” ONLY when user or password are incorrect and in a different div. I mean, if other validation error triggers, this message should not be visible.
The errors->has(‘email’) array catches this error but also the rest, for instance, ‘the field is required’.
Does anybody know how to write a condition that only catches this ‘invalid credentials’ error message?
Below the template.
Thanks in advance for your help!
#extends ('layouts.default')
#section('content')
#if ($errors->has('email')) {{-- I want the credential error here, but only
for credential error is triggered --}}
<div class="warning">
<div class="input-icon">
<i style="font-size:1.5em; color:Tomato; margin-right:5px;" class="fas
fa-exclamation-triangle"></i>
</div>
<p>Usuario o contraseña incorrecta</p>
</div>
#endif
<main class="login-page">
<div class="contact login">
<div class="titulos">
<p>Ingresar</p>
<p>Soy nuevo</p>
</div>
<form method="post">
#csrf
<div class="input-group input-group-icon">
<input type="email" name="email" placeholder="Correo electrónico"
value="{{ old('email') }}" autofocus/>
<div class="input-icon">
<i class="fas fa-envelope"></i>
</div>
<span class="obligatorio" > {{ $errors->first('email') }}</span>
</div>
<div class="input-group input-group-icon">
<input type="password" name="contraseña"
placeholder="Contraseña"/>
<div class="input-icon">
<i class="fas fa-lock"></i>
</div>
<span class="obligatorio" >{{ $errors->first('contraseña') }}
<div class="input-group">
<input type="submit" value="Ingresar" />
<a href="{{ route('password.request') }}">Olvidé mi
contraseña</a>
</div>
<div>
<label>
<input type="checkbox" name="recordar" id="cbox1"
value="recordar" {{ old('recordar') ? 'checked' : '' }}>
<span>Recordar mi usuario</span>
</label>
</div>
</form>
</div>
</main>
#endsection

In an old beginner Project of mine I did it this way:
<div class="form-group{{ $errors->has('text') ? ' has-error' : '' }}">
<label for="name" class="col-md-4 control-label">#lang('views/auth/login.username')</label>
<div class="col-md-6">
<input id="name" type="text" class="form-control" name="name">
#if ($errors->has('text'))
<span class="help-block">
<strong>{{ $errors->first('text') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">#lang('views/auth/login.password')</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password">
#if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
#endif
</div>
</div>
And inside the Controller I just catched the Exceptions:
public function authenticate(Request $request)
{
try {
$this->ldapHelper->checkCredentials($request->name, $request->password);
$ldapUserData = $this->ldapHelper->getFormattedUserData(request('name'));
$this->sessionService->login($ldapUserData);
return redirect()->route('form.formular');
} catch (\Exception $e) {
return back()->withInput()->withErrors([
'message' => $e->getMessage(),
]);
}
}
Maybe it helps!

how login/register from any page in laravel

I'm using Laravel 5.5 and I want to login/register from any page in my application and not to be require to load domain.com/login or domain.com/register for that.
PS: I'm using default authentication php artisan make:auth

Just copy the form content of login/Register page and paste it in your laravel page.
<form class="form-horizontal" role="form" method="POST" action="{{ url('/login') }}">
{{ csrf_field() }}
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label for="email" class="col-md-4 control-label">E-Mail Address</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control" name="email" value="{{ old('email') }}" required autofocus>
#if ($errors->has('email'))
<span class="help-block">
<strong>{{ $errors->first('email') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required>
#if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<div class="checkbox">
<label>
<input type="checkbox" name="remember" {{ old('remember') ? 'checked' : ''}}> Remember Me
</label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-8 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Login
</button>
<a class="btn btn-link" href="{{ url('/password/reset') }}">
Forgot Your Password?
</a>
</div>
</div>
</form>

Laravel form displayed as raw text

My problem is probably related to server configuration problem. This is the issue. I am developing a Laravel website that works fine when developing on my local machine (using the laradock docker environment).
I wanted to run it on a small local machine so I turned on a fresh Ubuntu 16.04 server and installed docker on it. Checked out my code and ran composer install.
After going to the main registration page, I see that parts of the registration form are displayed as raw text :
I don't see any errors when using the developers page and also no errors in the php-fpm, workspace or nginx container from laradock that hosts the website.
Any idea?
code:
<?php
$ip = get_ip_address();
$countries = [
"Afghanistan" => "Afghanistan",
"Albania" => "Albania",
"Zimbabwe" => "Zimbabwe"
];
?>
#extends('layouts.app')
#section('content')
<div class="container">
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-heading">Register</div>
<div class="panel-body">
<form class="form-horizontal" role="form" method="POST" action="{{ route('register') }}">
{{ csrf_field() }}
<div class="form-group{{ $errors->has('name') ? ' has-error' : '' }}">
<label for="name" class="col-md-4 control-label">Name</label>
<div class="col-md-6">
<input id="name" type="text" class="form-control" name="name" value="{{ old('name') }}" required autofocus>
#if ($errors->has('name'))
<span class="help-block">
<strong>{{ $errors->first('name') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
<label for="email" class="col-md-4 control-label">E-Mail Address</label>
<div class="col-md-6">
<input id="email" type="email" class="form-control" name="email" value="{{ old('email') }}" required>
#if ($errors->has('email'))
<span class="help-block">
<strong>{{ $errors->first('email') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-4 control-label">Password</label>
<div class="col-md-6">
<input id="password" type="password" class="form-control" name="password" required>
#if ($errors->has('password'))
<span class="help-block">
<strong>{{ $errors->first('password') }}</strong>
</span>
#endif
</div>
</div>
<div class="form-group">
<label for="password-confirm" class="col-md-4 control-label">Confirm Password</label>
<div class="col-md-6">
<input id="password-confirm" type="password" class="form-control" name="password_confirmation" required>
</div>
</div>
<div class="form-group">
<label for="country" class="col-md-4 control-label">Select your country</label>
<div class="col-md-6">
{{Form::select("country", $countries, null, ['type' => 'text','class' => 'form-control','placeholder' => 'Pick your country...'])}}
</div>
#if ($errors->has('country'))
<span class="help-block">
<strong>{{ $errors->first('country') }}</strong>
</span>
#endif
</div>
{{ Form::hidden('ip', $ip) }}
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Register
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
#endsection
<?php
function get_ip_address() {
// check for shared internet/ISP IP
if (!empty($_SERVER['HTTP_CLIENT_IP']) && validate_ip($_SERVER['HTTP_CLIENT_IP'])) {
return $_SERVER['HTTP_CLIENT_IP'];
}
// check for IPs passing through proxies
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// check if multiple ips exist in var
if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',') !== false) {
$iplist = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($iplist as $ip) {
if (validate_ip($ip))
return $ip;
}
} else {
if (validate_ip($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
}
if (!empty($_SERVER['HTTP_X_FORWARDED']) && validate_ip($_SERVER['HTTP_X_FORWARDED']))
return $_SERVER['HTTP_X_FORWARDED'];
if (!empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']) && validate_ip($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']))
return $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
if (!empty($_SERVER['HTTP_FORWARDED_FOR']) && validate_ip($_SERVER['HTTP_FORWARDED_FOR']))
return $_SERVER['HTTP_FORWARDED_FOR'];
if (!empty($_SERVER['HTTP_FORWARDED']) && validate_ip($_SERVER['HTTP_FORWARDED']))
return $_SERVER['HTTP_FORWARDED'];
// return unreliable ip since all else failed
return $_SERVER['REMOTE_ADDR'];
}
?>

All the values echoed with {{ }} are sent through the htmlentities function of PHP. If you want to skip that, than you should use another notation:
{!! $unescaped_html !!}
Source