Laravel 5.3 Auth block user

I would do what you're suggesting - use a blocked or active column to indicate if the user should be able to log in. When I've done something similar in the past, to check this value upon login, I moved the out-of-the-box login function into my LoginController and added to it a bit. My login method now looks like this:

/** * Handle a login request to the application. * * @param  \Illuminate\Http\Request  $request * @return \Illuminate\Http\Response */public function login(Request $request){    $this->validateLogin($request);    $user = User::where('email', $request->email)->firstOrFail();    if ( $user && !$user->active ) {        return $this->sendLockedAccountResponse($request);    }    if ($this->hasTooManyLoginAttempts($request)) {        $this->fireLockoutEvent($request);        return $this->sendLockoutResponse($request);    }    if ($this->attemptLogin($request)) {        return $this->sendLoginResponse($request);    }    $this->incrementLoginAttempts($request);    return $this->sendFailedLoginResponse($request);}

I also added these functions to handle users who weren't active:

/** * Get the locked account response instance. * * @param \Illuminate\Http\Request  $request * @return \Illuminate\Http\Response */protected function sendLockedAccountResponse(Request $request){    return redirect()->back()        ->withInput($request->only($this->loginUsername(), 'remember'))        ->withErrors([            $this->loginUsername() => $this->getLockedAccountMessage(),        ]);}/** * Get the locked account message. * * @return string */protected function getLockedAccountMessage(){    return Lang::has('auth.locked')            ? Lang::get('auth.locked')            : 'Your account is inactive. Please contact the Support Desk for help.';}

You can use soft deleting feature.

In addition to actually removing records from your database, Eloquent can also "soft delete" models. When models are soft deleted, they are not actually removed from your database. Instead, a deleted_at attribute is set on the model and inserted into the database. If a model has a non-null deleted_at value, the model has been soft deleted.

step1:

add new field to the User table called ‘status’ (1:enabled, 0:disabed)

step2:

to block the web login , in app/Http/Controllers/Auth/LoginController.php add the follwoing function:/** * Get the needed authorization credentials from the request. * * @param \Illuminate\Http\Request $request * @return array */ protected function credentials(\Illuminate\Http\Request $request) { $credentials = $request->only($this->username(), ‘password’);return array_add($credentials, ‘status’, ‘1’); }

Step3:

to block the user when using passport authentication ( token ) , in the User.php model add the following function :public function findForPassport($identifier) {     return User::orWhere(‘email’, $identifier)->where(‘status’, 1)->first();     }

refer to this link ( tutorial) will help you : https://medium.com/@mshanak/solved-tutorial-laravel-5-3-disable-enable-block-user-login-web-passport-oauth-4bfb74b0c810