How to Ban/Suspend Users in Laravel 8

Laravel 8 does not include the auth system by default now, You can install it By using laravel/ui package.
The common feature of ban any user from authentication is major missing in Laravel.

Here is What the login form Will looks like after banning any user from the application.

Steps To Achieve the outcome

Step 1 - Add New Column 'status' in the users table

Create a migration by running the command below

  php artisan make:migration add_status_to_users_table

After Migration File created update the following code in the up() function.

      Schema::table('users', function (Blueprint $table) {
         $table->integer('status')->default(1);
      });

Add 'status' in Fillable in app\Models\User.php

      protected $fillable = [
        'name',
        'email',
        'password',
        'status'
    ];

Step 2 - Create a Middleware - CheckBanned

Create a middleware by running the command below.

      php artisan make:middleware CheckBanned

Replace the handle method in app/Http/CheckBanned.php

    public function handle(Request $request, Closure $next)
    {
        if(auth()->check() && (auth()->user()->status == 0)){
            Auth::logout();

            $request->session()->invalidate();

            $request->session()->regenerateToken();

            return redirect()->route('login')->with('error', 'Your Account is suspended, please contact Admin.');

        }

        return $next($request);
    }

Step 3 - Register the Middleware - app/Http/Kernel.php

IN 'web' Middleware group register the CheckBanned Middleware by putting the code below.

    \App\Http\Middleware\CheckBanned::class,

Step 4 - Display The Error on the log in page.

Open login blade 'resources/views/auth/login.blade.php'

Add The following code to display the error message.

  @if (session('error'))
     <div class="alert alert-danger">
         {{ session('error') }}
     </div>
  @endif

The Output result will look like

You Can Watch the video for detail explanation

Thanks for reading.
Reach out to me
Twitter
Instagram

Comments

[kevin waxi]

i think i would prefer saving banned users with time

[Cyrill Kalita]

Second that; there is a common pattern, where a binary state (active/inactive, deleted/ not deleted, archived/not-archived) could be achieved with a timestamp - which in our case not only tells the admin since when the user is banned, but also allows for un-banning after, say a month.

And then the name of the field becomes banned_at and the rest of inspiration should come from SoftDeletes trait

I understand this is a Middleware example, so 1/0 is a good starting point; it just can be extended.

[shani singh]

Well That's correct Thanks for detailed comment. @cyrillkalita

[shani singh]

I think this is Just for starting point, you can always extend it according to your use case.