Most of the times, the authentication system provided by Laravel 6 is enough for adding login and registration to your web application.
The auth scaffolding which is now moved to a separate laravel/ui
package provides out of the box routes and views for the LoginController
, RegisterController
, and ResetPasswordController
which are included in your project and are responsible for providing the functionality of the auth system.
If you take a look at the app/Http/Controllers/Auth/LoginController.php
file, for example, you would find the following code:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
use AuthenticatesUsers;
protected $redirectTo = '/home';
public function __construct()
{
$this->middleware('guest')->except('logout');
}
}
You can see that a $redirectTo
variable exists and has the value of /home
where users are redirected after they are logged in.
In the Laravel built-in authentication system, you can customize many sides such as the redirection route using the $redirectTo
variable which exists in both the login and registration controllers.
If you want to redirect your users to different routes other than the default ones after they register or login, you simply need to change the value of $redirectTo
.
Now, what if you want to redirect users to a route depending on some user criteria such as their role?
The Laravel auth system also covers that by providing a redirectTo()
method that you can use instead of a $redirectTo
variable.
Let’s take this example of the LoginController
of our CRM application by adding the redirectTo()
method to redirect the admin users to a different route other than the /home
route:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
use AuthenticatesUsers;
protected $redirectTo = '/home';
protected function redirectTo()
{
if (auth()->user()->role == 'admin') {
return '/admin';
}
return '/home';
}
public function __construct()
{
$this->middleware('guest')->except('logout');
}
}
We also need to do that in the registration controller. Open the app/Http/Controllers/Auth/RegisterController.php
file and update it as follows:
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use Illuminate\Foundation\Auth\RegistersUsers;
class RegisterController extends Controller
{
use RegistersUsers;
protected $redirectTo = '/home';
protected function redirectTo()
{
if (auth()->user()->role == 'admin') {
return '/admin';
}
return '/home';
}
public function __construct()
{
$this->middleware('guest');
}
protected function validator(array $data)
{
return Validator::make($data, [
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
'password' => ['required', 'string', 'min:8', 'confirmed'],
]);
}
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
]);
}
}
You can either remove the $redirectTo
variable or leave it as it will be simply overridden by the redirectTo()
method.
Now, all you need is to create an /admin
route along with an AdminController
. Head back to your terminal and run the following artisan command:
$ php artisan make:controller AdminController
Next, open the app/Http/Controllers/AdminController.php
file and update it as follows:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class AdminController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
return "Hello, admin!";
}
}
Next, open the routes/web.php
file and add a route to the admin controller as follows:
Route::get('/admin', 'AdminController@index')->name('admin');
In this tutorial, we’ve implemented redirection in our Laravel 6 CRM app so admin users are redirected to a different route while the normal users are redirected to the home route. Redirection doesn’t enforce any security rules because the normal users will still be able to visit the /admin
route. We need to prevent that using a middleware which is the subject of the next tutorial.
#laravel #security #php