with('user') ->where('token_hash', hash('sha256', $token)) ->where('purpose', 'login') ->first(); if (! $magicLink || ! $magicLink->user) { return redirect()->route('login')->with('status', __('The magic login link is invalid.')); } if ($magicLink->consumed_at !== null || $magicLink->expires_at->isPast()) { return redirect()->route('login')->with('status', __('The magic login link has expired or was already used.')); } if (! $magicLink->user->is_active) { return redirect()->route('login')->with('status', __('Your account is not active.')); } $magicLink->update([ 'consumed_at' => now(), 'ip_consumed' => $request->ip(), ]); $magicLink->user->update([ 'last_login_at' => now(), 'last_login_ip' => $request->ip(), ]); Auth::guard('web')->login($magicLink->user); $request->session()->regenerate(); $home = $magicLink->user->canAccessAdmin() ? route('dashboard', absolute: false) : route('me.dashboard', absolute: false); return redirect()->intended($home); } }