We Keep Coding

Laravel middleware doesnt work to filter logged users

Im trying to use middleware to filter users who hasnt logged in. Somehow users who has logged out still can get inside the routes that are protected by the middleware. I dont know which is the problem here. Here are the files
my route
Route::view("/",'loginmhs');
Route::get('/loginmhs', function () {
return view('loginmhs');
});
Route::post("mhslogin",[LoginController::class,'mhslogin']);
Route::get('/logout',[LoginController::class,'logout']);
Route::group(['middleware'=>['protectedPage']], function(){
Route::get('/dashboard', function () {
return view('dashboardmhs');
});
Route::get('/profil', function () {
return view('profil');
});
});
LoginController
public function mhslogin(Request $req){
$datareq = $req->input();
$data = DB::table('tbl_mahasiswa')
->join('tbl_prodi', 'tbl_mahasiswa.id_prodi', '=', 'tbl_prodi.id_prodi')
->where('nim', $req->nim)->first();
if(!$data){
return redirect('/loginmhs')->with('alert','NIM tidak ditemukan...Cek kembali NIM anda.')->with('cek','dikirim');
}
if($req->password == $data->password){
$req->session()->put('nim', $data->nim);
$req->session()->put('nama', $data->nama);
$req->session()->put('email', $data->email);
$req->session()->put('password', $data->password);
$req->session()->put('stambuk', $data->stambuk);
$req->session()->put('id_prodi', $data->id_prodi);
$req->session()->put('nama_prodi', $data->nama_prodi);
return redirect('/profil');
}
return redirect('/loginmhs')->with('alert','Password anda salah!');
}
public function logout(){
if(session()->has('nim')||session()->has('nip')){
session()->forget('nim');
session()->forget('nama');
session()->forget('email');
session()->forget('password');
session()->forget('stambuk');
session()->forget('id_prodi');
session()->forget('nama_prodi');
session()->save();
}
return redirect('/');
}
Middleware loginSessionCheck
public function handle(Request $request, Closure $next)
{
if(!session()->has('nim')){
return redirect('/')
}
return $next($request);
}
kernel
'protectedPage' => [
\App\Http\Middleware\loginSessionCheck::class,
],

The reason is that for the routes you are trying to protect doesn't have access to session. You must also include web middleware group to the group containing protected routes.
Route::middleware(['web', 'protectedPage'])
->group(function() {
Route::get('/dashboard', function () {
return view('dashboardmhs');
});
Route::get('/profil', function () {
return view('profil');
});
});

Laravel 7 - Redirects to the main page when the optional parameter is empty

I have a route with an optional parameter in web.php:
my web.php: (the route that has the problem is marked with a comment)
Route::middleware(['auth', 'dashboard'])->group(function () {
Route::get('/', 'DashboardController#home')->name('root');
Route::prefix('/drivers')->group(function () {
Route::view('/', 'dashboard.driver.main');
Route::post('/', 'UserController#addDriver');
Route::get('/{id}', function ($id) {
if (Auth::user()->can('view_user')) {
$user = User::find($id);
return view('dashboard.user.view', ['user' => $user]);
}
return view('pages.403');
});
//----------------------------------------
// My route with the problem
// ---------------------------------------
Route::get('/driver-dropdown/{q?}', function ($q=null){
return $q;
})->name('driver.dropdown');
});
});
and it is my dashboard middleware:
public function handle($request, Closure $next)
{
if(!in_array(\Auth::user()->getOriginal('role'), ['superadmin', 'admin', 'supporter']) )
{
return abort(403);
}
return $next($request);
}
When I enter the host-name/drivers/driver-dropdown/jo URL, I get jo
BUT When I enter the host-name/drivers/driver-dropdown/ URL, I will be redirected to the host-name/ that means root route!
Edit: updated web.php

You should reorder your routes like this:
Route::get('/driver-dropdown/{q?}', function ($q=null){
return $q;
})->name('driver.dropdown');
Route::get('/{id}', function ($id) {
if (Auth::user()->can('view_user')) {
$user = User::find($id);
return view('dashboard.user.view', ['user' => $user]);
}
return view('pages.403');
});
Currently, when you go to host-name/drivers/driver-dropdown/, it will match the /{id} route.

If I’m correct the URL’s in your routes which are grouped shouldn’t start with a /, except for the main route of course. I’ve had this issue too.
Should be like this:
Route::middleware(['auth', 'dashboard'])->group(function () {
Route::get('/', 'DashboardController#home')->name('root');
Route::prefix('drivers')->group(function () {
Route::get('driver-dropdown/{q?}', function ($q=null){
return $q;
})->name('driver.dropdown');
});
});

Laravel change main page after login

I would like show other main page after login to the user.
Route::get('/', 'PagesController#getIndex');
Route::group(['middleware' => 'auth'], function () {
Route::get('/', 'BlogController#getUserBlog');
});
When user is log in I would like to show BlogController#getUserBlog it's working but, when user is not authenticated laravel shows /login page not PagesController#getIndex. How to correct this for:
Auth user: BlogController#getUserBlog
Guest: PagesController#getIndex

Make changes in this Middleware RedirectIfAuthenticated
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
//Logged In
return redirect()->route('getUserBlog');
}
// Not Logged In
return redirect()->route('getIndex');
}
and make the necessary change in your routes file
Route::get('/', 'PagesController#getIndex')->name('getIndex');
Route::get('/', 'BlogController#getUserBlog')->name('getUserBlog');

Or you can do it without middleware :
Route::group(['prefix' => '/'], function()
{
if ( Auth::check() )
{
Route::get('/', 'BlogController#getUserBlog');
} else{
Route::get('/', 'PagesController#getIndex');
}
});

Redirecting user to a specific page

I'm using Laravel 5.3 and Auth by default with this roles package. How can i do the normal user redirection after the user login if i have similar roles and also pages for them. For example i have AdminRole and after the Login i want to redirect user to /admin/dashboard.
I have tried something like this in the LoginController but it doesn't make sense:
protected function redirectTo()
{
if (Auth::user()->isRole('admin'))
return redirect()->route('admin');
return redirect()->route('home');
}
Or maybe there is a better way to use middleware for redirecting?
Here is my routes (web.php):
Route::get('/', function () {
return view('welcome');
});
Auth::routes();
Route::get('/home', 'HomeController#index');
Route::resource('company', 'CompanyController');
Route::group(['prefix' => 'admin'], function () {
Route::get('login', function () {
return view('admin.pages.admin-login');
});
Route::group(['middleware' => 'role:admin'], function () {
Route::get('/', function () {
return view('admin.admin-main');
});
});
});

use it like this way:
return Redirect::to('admin');
And note that:
route:Route::get('company', 'CompanyController#show');
controller:
this works fine:
function show(){
return Redirect::to('home');
}
but this not
function show(){
$this->redirectto();
}
function redirectto()
{
return Redirect::to('home');
}

route.php
Route::get('home', ['as' => 'admin_home', 'uses' => 'HomeController#index']);
Route::get('login'['as'=>'admin_login','uses'=>'LoginController#admin_login']);
LoginController.php
use Illuminate\Support\Facades\Redirect;
public function index(){
$User=new User();
if(isset(AUTH::user()->id)){
$User->id=AUTH::user()->id;
$auth_user_role=$User->auth_user_role();
$rl_title=$auth_user_role[0]->rl_title;
if(isset(Auth::user()->id) && isset($rl_title) && $rl_title == 'Admin'){
return view('home.admin',$this->param);
}
else if(isset(Auth::user()->id) && isset($rl_title) && $rl_title == 'Moderator'){
return view('home.moderator',$this->param);
}
else{
return Redirect::route('admin_login');
}
}else{
return Redirect::route('admin_login');
}
}
Views
-> views
-> home
-> admin.blade.php
-> member.blade.php

I needed to do something like this in Auth/LoginController:
protected function authenticated()
{
if(Auth::user()->isRole('admin')) {
return redirect()->intended('/admin');
}
return redirect()->intended('/home');
}

Don't working authentication in laravel 5.2

Don't working authentication. I create authentication manually.
My AdminController:
class AdminController extends Controller
{
public function signin() {
return view('admin.signin');
}
public function index(Request $request) {
dd(Auth::check());
if (Auth::check())
return view('admin.index.index', ['login' => Auth::user()->name]);
else
return redirect()->action('AdminController#signin');
}
public function login() {
$data = Input::all();
if (Auth::attempt(['name' => $data['login'], 'password' => $data['password']])) {
return redirect()->intended('/admin');
} else {
return redirect()->intended('/admin/signin');
}
}
public function logout() {
if (Auth::logout() ) {
return Redirect::to('/admin');
}
}
}
My routes.php file:
//GET
Route::get('/', 'IndexController#index');
Route::get('/admin/signin', 'AdminController#signin');
Route::get('/admin', 'AdminController#index');
Route::get('/admin/logout', 'AdminController#logout');
//POST
Route::post('/admin/auth', 'AdminController#login');
dd(Auth::check()); returned false
What I doing wrong?

In Laravel 5.2 you need to define routes using web middleware to make sessions work, so your routes.php file should look like this:
Route::group(['middleware' => ['web']], function () {
//GET
Route::get('/', 'IndexController#index');
Route::get('/admin/signin', 'AdminController#signin');
Route::get('/admin', 'AdminController#index');
Route::get('/admin/logout', 'AdminController#logout');
//POST
Route::post('/admin/auth', 'AdminController#login');
});