I want to know how to logout the desired guard not all guards.
following code will logout all guards:
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
If the user and admin loged in at the same time it will logout both.
I want when admin send logout request to:
Route::get('/admin/logout',function(){
//some codes
})
it logout only admin not the user.
And logout only the user by following route
Route::get('/logout',function(){
})
Related
I want to implement a system where 6 types of users exist. So one is 'customer' who will login by a route like /login and rest of 5 users are admins and only they will be login using another route /system/base-admin. However, 'customer' never login with the /system/base-admin route if anyhow can known this route. And both route have different login form and if they failed to login 'customer' will be redirected /login and admins /system/base-admin.
I know about $guard and middleware check.
Question: How can i implement above scenario and how react professionals with this scenario?
Route::get('/login','CustomerLoginController#processLogin')->name('customer.login');
Route::get('/system/base-admin', 'AdminLoginController#processAdminLogin')->name('system.admin')
My Controller Looks like
public function processLogin(){ return view('customer.login');}
public function processAdminLogin(){ return view('admin.login')}
Thank you in advance.
The only reason I see to have different endpoints for login is to have different views.
Copy your Auth\LoginController, change $redirectTo to redirect to your admin panel. Overwrite AuthenticatesUsers\showLoginForm to show your admin form and update middleware in __construct.
Protect all your admin routes with admin middleware.
Now. Your users CAN login to your panel. BUT nothing will happen since they don't have access.
If you want to show them some kind of message when they try you can overwrite AuthenticatesUsers\login method with something like this
...
if ($this->attemptLogin($request)) {
if(!auth()->user()->isAdmin()){
throw ValidationException::withMessages([
$this->username() => 'You don\'t have access to this page',
]);
}
return $this->sendLoginResponse($request);
}
...
I have a system where Admin will Enter his Client Dashboard with Client's Credentials. Admin has all information of Clients.
---------------------
Client1 Login
Client2 Login
---------------------
Now in my Controller I want to do this action. Admin will go to his Client Dashboard.
Is it possible to do?
public function login(User $user)
{
$credentials = $user->only('email', 'password');
Auth::logout();
// But after logout() it will stop, I know that.
if (Auth::attempt($credentials)) {
// Authentication passed...
return redirect('/');
}
}
Is it possible to Login in two accounts (Admin & Client) at the same time? :-P
for two login in same time in laravel u have to create admin table or client table and make seprate login in admin guard and default login u have to overwrite login with user guard then only u can maintain 2 login in same time in laravel
GUARD doc link here
I am logging in via Laravel API.
Let's say that I am on www.domain.com/login. After login is successful, I put the token into a cookie and redirect to /admin.
Route::get('/admin', function () {
return view('admin');
})->middleware('auth');
The problem is that Laravel doesn't see that the user is logged in, thus redirects me to /login once more.
And, if I declare the route as follows
Route::get('/admin', function () {
return view('admin');
});
Everyone can access www.domain.com/admin
I appreciate any help.
Luca
You need to add auth:api middleware so it can see the auth user
I have overwritten Login and Logout functionality as I need to check many more conditions to authenticate the user like below.
public function login(Request $request)
{
$this->validateLogin($request);
$input=$request->all();
$user=User::where('username',$input['username'])->first();
//If Temp Password is set
if(strlen($user->temp_password)>10)
{
if (Hash::check($input['password'], $user->temp_password))
{
Auth::login($user);
$this->setUserSession($user);
$landing_page=Menu::find($user->landing_page);
return redirect()->route($landing_page->href);
}
else {
session()->put('failure','Invalid Username or Password');
return redirect('/login');
}
}
else{ //If Temp password is not set
if (Hash::check($input['password'], $user->password))
{
Auth::login($user);
$this->setUserSession($user);
$landing_page=Menu::find($user->landing_page);
return redirect()->route($landing_page->href);
}
else {
session()->put('failure','Invalid Username or Password');
return redirect('/login');
}
}
}
Now I need to restrict Same user from login once again in some other screen or place. I have checked Session Data but nothing is stored as Unique for a User.
ie. If a username admin is loged in US the same username admin must not be allowed to login from UK.
Update
Oh bagga, question wasn't quite clear. You are trying to restrict the number of sessions to 1 only. If I get it, then you will have to use a database session driver. Right now, I think you may be using the default driver (file). It only checks the session within the same browser. Using database session may allow you to check for session everywhere, and restrict the number of connections.
First, make sure your routes are within the web middleware so they can access sessions. Then, inside of the web middleware, create a group of routes that are only accessible for users who are not logged in.
Route::group(['middleware' => 'guest'], function () {
Route::get('login', 'LoginController#login');
// any other route
});
Logged in users won't be able to access the login route anymore.
You could also do the check in your login function to see if the user's is already connected by using
if (Auth::check()) {
// user is connected
// redirect them
}
What does this->setUserSession($user) do?
You can do this using login token.
Generate a login token and keep it in database.
And check for it's entry in database while logging in.
If it doesn't exist let log in success.
Else fail.
And delete login token every time user logs out.
Or
you can generate new token on each login success. And deleting old token and invalidating the old login.
But in this case you have to keep that token in session and for each request you have to check that token with database token.
If it matches, allow user
Else logout the user with notice.
I'll prefer the second method personally.
As you can check for the token in the middleware itself.
http://localhost/admin/login
I have logged in then I am redirecting to
localhost/admin/
Now I am open localhost/admin/login
then I want to redirect on
localhost/admin/dashboard not on
localhost/admin/
You need to put it in your auth controller.
protected $redirectTo = '/admin/dashboard';
You can use like this,
header('Location: http://www.example.com/');
You have to check if the user is logged :
if (Auth::check()) {
return Redirect::to('localhost/admin/');
}else{
log-in part
}
You have to simply check for the that particular user is logged into system using below code -
if (Auth::check()) {
return Redirect::to('admin/dashboard');
}else{
return Redirect::to('login/admin');
}
If user is logged in then redirect to dashboard of admin &
If user isn't logged in then redirect to login blade of the project.