authenticate(); $user = $request->user(); if ($user && ! $user->is_active) { Auth::guard('web')->logout(); throw ValidationException::withMessages([ 'email' => 'Account disattivato. Contatta il super-admin.', ]); } if ($user && $user->registration_status !== 'approved') { Auth::guard('web')->logout(); throw ValidationException::withMessages([ 'email' => 'Registrazione in attesa di approvazione del super-admin.', ]); } $requireEmailVerification = SystemSetting::bool('require_email_verification', true); $isSelfRegistered = $user && ! empty($user->requested_role); if ($user && $isSelfRegistered && $requireEmailVerification && ! $user->hasVerifiedEmail()) { Auth::guard('web')->logout(); throw ValidationException::withMessages([ 'email' => 'Devi confermare la tua email prima di accedere.', ]); } $request->session()->regenerate(); return redirect()->intended(route('dashboard', absolute: false)); } /** * Destroy an authenticated session. */ public function destroy(Request $request): RedirectResponse { Auth::guard('web')->logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return redirect('/'); } }