Logout in-active users and dont respond to resets or logins

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Password;
 
 class ForgotPasswordController extends Controller
 {
@@ -19,4 +21,24 @@ class ForgotPasswordController extends Controller
     */
 
     use SendsPasswordResetEmails;
+
+	public function sendResetLinkEmail(Request $request)
+	{
+		$this->validateEmail($request);
+
+		// If the account is not active, or doesnt exist, we'll send a fake "sent" message.
+		if (! ($x=$this->broker()->getUser($this->credentials($request))) || (! $x->active))
+			return $this->sendResetLinkResponse($request, Password::RESET_LINK_SENT);
+
+		// We will send the password reset link to this user. Once we have attempted
+		// to send the link, we will examine the response then see the message we
+		// need to show to the user. Finally, we'll send out a proper response.
+		$response = $this->broker()->sendResetLink(
+			$this->credentials($request)
+		);
+
+		return $response == Password::RESET_LINK_SENT
+			? $this->sendResetLinkResponse($request, $response)
+			: $this->sendResetLinkFailedResponse($request, $response);
+	}
 }

app/Http/Controllers/Auth/LoginController.php

@@ -4,7 +4,10 @@ namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
 use App\Providers\RouteServiceProvider;
+use Carbon\Carbon;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 
 class LoginController extends Controller
 {
@@ -38,6 +41,25 @@ class LoginController extends Controller
         $this->middleware('guest')->except('logout');
     }
 
+	public function login(Request $request)
+	{
+		$this->validateLogin($request);
+
+		if (Auth::attempt(array_merge($this->credentials($request),['active'=>TRUE]))) {
+			$request->session()->regenerate();
+
+			return $this->sendLoginResponse($request);
+		}
+
+		return $this->sendFailedLoginResponse($request);
+	}
+
+	protected function authenticated(Request $request, $user)
+	{
+		$user->last_on = Carbon::now();
+		$user->save();
+	}
+
 	/**
 	 * Show our themed login page
 	 */

app/Http/Kernel.php

@@ -51,6 +51,7 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
+        'activeuser' => \App\Http\Middleware\ActiveUser::class,
         'auth' => \App\Http\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,

app/Http/Middleware/ActiveUser.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class ActiveUser
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+    	if (Auth::user()->exists && ! Auth::user()->active) {
+    		Auth::logout();
+    		abort(403,'Your account is not active');
+		}
+
+        return $next($request);
+    }
+}

app/Models/User.php

@@ -40,4 +40,6 @@ class User extends Authenticatable implements MustVerifyEmail
     protected $casts = [
         'email_verified_at' => 'datetime',
     ];
+
+    protected $dates = ['last_on'];
 }