欢迎各位兄弟 发布技术文章

这里的技术是共享的

You are here

How to disable registration new user in Laravel 5


I'm trying to make single-user admin panel (which has only one user) in Laravel 5 and I registered that user, so now I want to disable registration for new users, of course the login form must work but no new register from now on. how can I do that?

I use the default user login and register in version 5.

shareimprove this question
 
   
Just remove the register-related methods from your routes.php file. Don’t override the methods with blank ones—it’s a horrible and hack-y approach as you’ve then got to re-add the bodies if you decide to re-enable that feature in the future. – Martin Bean Dec 22 '15 at 23:41
1 
@MartinBean there are no routes in routes.php. To enable the authentication functions, all you do is add Route::auth(); to the file. – miken32 May 26 '16 at 21:23
   
@miken32 My comment was from over five months ago, before the Route::auth() shortcut was advocated. – Martin Bean May 27 '16 at 8:17

14 Answers 正确答案

Just override showRegistrationForm() and register() methods in AuthController:

public function showRegistrationForm()
{
    return redirect('login');
}

public function register()
{

}
shareimprove this answer
 
   
thanks @Lukas for the update! – Limon Monte Dec 22 '15 at 23:35
3 
It might be wise to also change the create() function to: throw new Exception('Registration not possible'); – the JinX Apr 13 '16 at 14:31
1 
or you can add abort(404) on function register() – William Notowidagdo May 23 '16 at 9:04
2 
I wouldn’t advocate this approach, as overloading code to remove a feature is never a good thing. Just don’t register the registration-related routes. – Martin Bean May 27 '16 at 8:18
1 
@MartinBean "overloading code to remove a feature is never a good thing" - why? BTW it's overriding not overloading. – developerbmw Feb 11 at 2:03

If you're using Laravel 5.2 and you installed the auth related functionality with php artisan make:auth then your app/Http/routes.php file will include all auth-related routes by simply calling Route::auth().

The auth() method can be found in vendor/laravel/framework/src/Illuminate/Routing/Router.php. So if you want to do as some people suggest here and disable registration by removing unwanted routes (probably a good idea) then you have to copy the routes you still want from the auth() method and put them in app/Http/routes.php (replacing the call to Route::auth()). So for instance:

<?php
// This is app/Http/routes.php

// Authentication Routes...
Route::get('login', 'Auth\AuthController@showLoginForm');
Route::post('login', 'Auth\AuthController@login');
Route::get('logout', 'Auth\AuthController@logout');

// Registration Routes... removed!

// Password Reset Routes...
Route::get('password/reset/{token?}', 'Auth\PasswordController@showResetForm');
Route::post('password/email', 'Auth\PasswordController@sendResetLinkEmail');
Route::post('password/reset', 'Auth\PasswordController@reset');

If you're using lower version than 5.2 then it's probably different, I remember things changed quite a bit since 5.0, at some point artisan make:auth was even removed IIRC.

shareimprove this answer
 
   
Instead of remove the registration routes, is it possible to enable them only for a particular type of users? – Sefran2 Jun 23 '16 at 18:02
   
@Sefran2 You can achieve this by associating groups with middleware. Check out laravel.com/docs/5.2/routing#route-groups – Rafał G. Jun 24 '16 at 6:08
   
First of all, I tried Route::group(['middleware' => 'auth'], function () { Route::get('register', 'Auth\AuthController@showRegistrationForm'); Route::post('register', 'Auth\AuthController@register'); });, but when the logged user requests /register he is redirected to / – Sefran2 Jun 24 '16 at 9:44
1 
@Sefran2 That's because AuthController calls (via other classes and traits, it's a little convoluted) the middleware App\Http\Middleware\RedirectIfAuthenticated. And that middleware redirects you to /if you're already logged in. Which makes sense, why would you want to register if you're logged in? :-) If you want to only allow some routes to some types of users, you'll need to create your own middleware instead of ['middleware' => 'auth'] – Rafał G. Jun 24 '16 at 12:40
2 
For 5.3 they are different once again, but can still be found in vendor/laravel/framework/src/Illuminate/Routing/Router.php – Matthieu Sep 2 '16 at 10:12

Method 1 for version 5.3

In laravel 5.3 don't have AuthController. to disable register route you should change in constructor of RegisterController like this:

You can change form:

public function __construct()
{

    $this->middleware('guest');

}

to:

public function __construct()
{

    Redirect::to('/')->send();

}

Note: for use Redirect don't forget to user Redirect; So user access to https://host_name/register it's redirect to "/".

Method 2 for version 5.3

When we use php artisan make:auth it's added Auth::route(); automatically. Please Override Route in /routes/web.php. You can change it's like this: * you need to comment this line: Auth::routes();

    <?php

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| This file is where you may define all of the routes that are handled
| by your application. Just tell Laravel the URIs it should respond
| to using a Closure or controller method. Build something great!
|
*/


// Auth::routes();
Route::get('/login', 'Auth\LoginController@showLoginForm' );
Route::post('/login', 'Auth\LoginController@login');
Route::post('/logout', 'Auth\LoginController@logout');

Route::get('/home', 'HomeController@index');

Thanks! I hope it's can solve your problems.

shareimprove this answer
 
   
I would add route names like specified in vendor/laravel/framework/src/Illuminate/Routing/Router.php Route::get('login', 'Auth\LoginController@showLoginForm')->name('login'); Route::post('login', 'Auth\LoginController@login'); Route::post('logout', 'Auth\LoginController@logout')->name('logout'); – Luciano Fantuzzi Dec 20 '16 at 15:32
1 
Thanks for this. This worked for me as I'm using Laravel 5.4 :) – marknt15 Feb 27 at 1:04
   
Redirect class missed on the first method, but changing to $this->middleware('auth'); - works! – Gediminas Mar 10 at 10:40

For Laravel 5.3 and 5.4, here is the proper way to do it:

You have to change:

public function __construct()
    {
        $this->middleware('guest');
    }

to

public function __construct()
    {
        $this->middleware('auth');
    }

in app/Http/Controller/Auth/RegisterController.php

shareimprove this answer
 
1 
nice job! I think this way also protects from POST request for creating user via post? – Gediminas Mar 10 at 10:42
1 
love this solution – louisav May 29 at 11:10
1 
this is the easiest solution i have found good job. – Ajay Deepak Kumar Jun 12 at 14:52
   
this will allow registered users to see the registration page which you would not want – ahmed Jul 20 at 16:56
1 
Thank you @Yassin ! and Congrats on 1000 :) +1 – Sanchit Gupta Jul 31 at 8:13

Overwriting the getRegister and postRegister is tricky - if you are using git there is a high possibility that .gitignore is set to ignore framework files which will lead to the outcome that registration will still be possible in your production environment (if laravel is installed via composer for example)

Another possibility is using routes.php and adding this line:

Route::any('/auth/register','HomeController@index');

This way the framework files are left alone and any request will still be redirected away from the Frameworks register module.

shareimprove this answer
 
2 
The classes that override the framework methods are not in the framework (they would be in the app folder) and would be stored by git. Overriding methods does not mean you change them in the framework files. – datashaman Jan 13 '16 at 6:42

The AuthController.php @limonte has overwrite is in App\Http\Controllers\Auth, not in the vendor directory, so Git doesn't ignore this change.

I have added this functions:

public function register() {
    return redirect('/');
}

public function showRegistrationForm() {
    return redirect('/');
}

and it works correctly.

shareimprove this answer
 

The following method works great:

Copy all the routes from /vendor/laravel/framework/src/Illuminate/Routing/Router.php and paste it into web.php and comment out or delete Auth::routes().

Then setup a conditional to enable and disable registration from .env. Duplicate the 503.blade.php file in views/errors and create a 403 forbidden or whatever you like.

Add ALLOW_USER_REGISTRATION= to .env and control user registration by setting its value to true or false.

Now you have full control of routes and Vendor files remain untouched.

web.php

//Auth::routes();

// Authentication Routes...
Route::get('login', 'Auth\LoginController@showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController@login');
Route::post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...
if (env('ALLOW_USER_REGISTRATION', true))
{
    Route::get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
    Route::post('register', 'Auth\RegisterController@register');
}
else
{
    Route::match(['get','post'], 'register', function () {
        return view('errors.403');
    })->name('register');
}

// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController@reset');

This is a combination of some previous answers notably Rafal G. and Daniel Centore.

shareimprove this answer
 

In routes.php, just add the following:

if (!env('ALLOW_REGISTRATION', false)) {
    Route::any('/register', function() {
        abort(403);
    });
}

Then you can selectively control whether registration is allowed or not in you .env file.

shareimprove this answer
 

I had to use:

public function getRegister()
{
    return redirect('/');
}

Using Redirect::to() gave me an error:

Class 'App\Http\Controllers\Auth\Redirect' not found
shareimprove this answer
 
   
Thank you, yes this is new version feature, you can use this function or use preceding class, but preceding class needs \ before it, I means \Redirect::to('destination'); – Milad Mar 25 '15 at 18:13

In Laravel 5.4

You can find all routes which are registered through Auth::routes() in the class \Illuminate\Routing\Router in the method auth()

it looks like this:

/**
 * Register the typical authentication routes for an application.
 *
 * @return void
 */
public function auth()
{
    // Authentication Routes...
    $this->get('login', 'Auth\LoginController@showLoginForm')->name('login');
    $this->post('login', 'Auth\LoginController@login');
    $this->post('logout', 'Auth\LoginController@logout')->name('logout');

    // Registration Routes...
    $this->get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
    $this->post('register', 'Auth\RegisterController@register');

    // Password Reset Routes...
    $this->get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
    $this->post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
    $this->get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
    $this->post('password/reset', 'Auth\ResetPasswordController@reset');
}

Just copy the routes that you want/need and you are fine!

shareimprove this answer
 

Heres my solution as of 5.4:

//Auth::routes();
// Authentication Routes...
Route::get('login', 'Auth\LoginController@showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController@login');
Route::post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...
//Route::get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
//Route::post('register', 'Auth\RegisterController@register');

// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController@reset');

Notice I've commented out Auth::routes() and the two registration routes.

Important: you must also make sure you remove all instances of route('register') in your app.blade layout, or Laravel will throw an error.

shareimprove this answer
 
   
^ this. In case these routes ever change, simply copy/paste them from the Auth routes bundle located @ github.com/laravel/framework/blob/… and comment out the registration routes. – pbond Aug 4 at 14:15

In order not too change the code as it is, just create a middleware to detect if the request url is url('register'), then redirect to 404 or do wherever.

shareimprove this answer
 

In laravel 5.3, you should override the default showRegistrationForm() by including the code below into the RegisterController.php file in app\Http\Controllers\Auth

    /**
     * Show the application registration form.
     *
     * @return \Illuminate\Http\Response
     */
    public function showRegistrationForm()
    {
        //return view('auth.register');
         abort(404);  //this will throw a page not found exception
    }

since you don't want to allow registration, it's better to just throw 404 error so the intruder knows he is lost. And when you are ready for registraation in your app, uncomment //return view('auth.register'); then comment abort(404);

\\\\\\\\\\\\\\\\\\\\JUST AN FYI///////////////////////////////

If you need to use multiple authentication like create auth for users, members, students, admin, etc. then i advise you checkout this hesto/multi-auth its an awesome package for unlimited auths in L5 apps.

You can read more abouth the Auth methodology and its associated file in this writeup.

shareimprove this answer
 

add

use \Redirect;

at the top of the file

shareimprove this answer
 
   
You mean use \Redirect; – Mike Miller May 17 '15 at 8:39
   
This is not a complete answer. – Martin Bean Dec 22 '15 at 23:42
   
at the top of which file? the solution is incomplete and confusing. – Adepoju-Conde Adesegun Chris. Dec 15 '16 at 23:17

来自 https://stackoverflow.com/questions/29183348/how-to-disable-registration-new-user-in-laravel-5


普通分类: