We Keep Coding

Laravel middleware doesnt work to filter logged users

Im trying to use middleware to filter users who hasnt logged in. Somehow users who has logged out still can get inside the routes that are protected by the middleware. I dont know which is the problem here. Here are the files
my route
Route::view("/",'loginmhs');
Route::get('/loginmhs', function () {
return view('loginmhs');
});
Route::post("mhslogin",[LoginController::class,'mhslogin']);
Route::get('/logout',[LoginController::class,'logout']);
Route::group(['middleware'=>['protectedPage']], function(){
Route::get('/dashboard', function () {
return view('dashboardmhs');
});
Route::get('/profil', function () {
return view('profil');
});
});
LoginController
public function mhslogin(Request $req){
$datareq = $req->input();
$data = DB::table('tbl_mahasiswa')
->join('tbl_prodi', 'tbl_mahasiswa.id_prodi', '=', 'tbl_prodi.id_prodi')
->where('nim', $req->nim)->first();
if(!$data){
return redirect('/loginmhs')->with('alert','NIM tidak ditemukan...Cek kembali NIM anda.')->with('cek','dikirim');
}
if($req->password == $data->password){
$req->session()->put('nim', $data->nim);
$req->session()->put('nama', $data->nama);
$req->session()->put('email', $data->email);
$req->session()->put('password', $data->password);
$req->session()->put('stambuk', $data->stambuk);
$req->session()->put('id_prodi', $data->id_prodi);
$req->session()->put('nama_prodi', $data->nama_prodi);
return redirect('/profil');
}
return redirect('/loginmhs')->with('alert','Password anda salah!');
}
public function logout(){
if(session()->has('nim')||session()->has('nip')){
session()->forget('nim');
session()->forget('nama');
session()->forget('email');
session()->forget('password');
session()->forget('stambuk');
session()->forget('id_prodi');
session()->forget('nama_prodi');
session()->save();
}
return redirect('/');
}
Middleware loginSessionCheck
public function handle(Request $request, Closure $next)
{
if(!session()->has('nim')){
return redirect('/')
}
return $next($request);
}
kernel
'protectedPage' => [
\App\Http\Middleware\loginSessionCheck::class,
],

The reason is that for the routes you are trying to protect doesn't have access to session. You must also include web middleware group to the group containing protected routes.
Route::middleware(['web', 'protectedPage'])
->group(function() {
Route::get('/dashboard', function () {
return view('dashboardmhs');
});
Route::get('/profil', function () {
return view('profil');
});
});

Laravel 7 - Redirects to the main page when the optional parameter is empty

I have a route with an optional parameter in web.php:
my web.php: (the route that has the problem is marked with a comment)
Route::middleware(['auth', 'dashboard'])->group(function () {
Route::get('/', 'DashboardController#home')->name('root');
Route::prefix('/drivers')->group(function () {
Route::view('/', 'dashboard.driver.main');
Route::post('/', 'UserController#addDriver');
Route::get('/{id}', function ($id) {
if (Auth::user()->can('view_user')) {
$user = User::find($id);
return view('dashboard.user.view', ['user' => $user]);
}
return view('pages.403');
});
//----------------------------------------
// My route with the problem
// ---------------------------------------
Route::get('/driver-dropdown/{q?}', function ($q=null){
return $q;
})->name('driver.dropdown');
});
});
and it is my dashboard middleware:
public function handle($request, Closure $next)
{
if(!in_array(\Auth::user()->getOriginal('role'), ['superadmin', 'admin', 'supporter']) )
{
return abort(403);
}
return $next($request);
}
When I enter the host-name/drivers/driver-dropdown/jo URL, I get jo
BUT When I enter the host-name/drivers/driver-dropdown/ URL, I will be redirected to the host-name/ that means root route!
Edit: updated web.php

You should reorder your routes like this:
Route::get('/driver-dropdown/{q?}', function ($q=null){
return $q;
})->name('driver.dropdown');
Route::get('/{id}', function ($id) {
if (Auth::user()->can('view_user')) {
$user = User::find($id);
return view('dashboard.user.view', ['user' => $user]);
}
return view('pages.403');
});
Currently, when you go to host-name/drivers/driver-dropdown/, it will match the /{id} route.

If I’m correct the URL’s in your routes which are grouped shouldn’t start with a /, except for the main route of course. I’ve had this issue too.
Should be like this:
Route::middleware(['auth', 'dashboard'])->group(function () {
Route::get('/', 'DashboardController#home')->name('root');
Route::prefix('drivers')->group(function () {
Route::get('driver-dropdown/{q?}', function ($q=null){
return $q;
})->name('driver.dropdown');
});
});

Don't working authentication in laravel 5.2

Don't working authentication. I create authentication manually.
My AdminController:
class AdminController extends Controller
{
public function signin() {
return view('admin.signin');
}
public function index(Request $request) {
dd(Auth::check());
if (Auth::check())
return view('admin.index.index', ['login' => Auth::user()->name]);
else
return redirect()->action('AdminController#signin');
}
public function login() {
$data = Input::all();
if (Auth::attempt(['name' => $data['login'], 'password' => $data['password']])) {
return redirect()->intended('/admin');
} else {
return redirect()->intended('/admin/signin');
}
}
public function logout() {
if (Auth::logout() ) {
return Redirect::to('/admin');
}
}
}
My routes.php file:
//GET
Route::get('/', 'IndexController#index');
Route::get('/admin/signin', 'AdminController#signin');
Route::get('/admin', 'AdminController#index');
Route::get('/admin/logout', 'AdminController#logout');
//POST
Route::post('/admin/auth', 'AdminController#login');
dd(Auth::check()); returned false
What I doing wrong?

In Laravel 5.2 you need to define routes using web middleware to make sessions work, so your routes.php file should look like this:
Route::group(['middleware' => ['web']], function () {
//GET
Route::get('/', 'IndexController#index');
Route::get('/admin/signin', 'AdminController#signin');
Route::get('/admin', 'AdminController#index');
Route::get('/admin/logout', 'AdminController#logout');
//POST
Route::post('/admin/auth', 'AdminController#login');
});

Laravel 5.1 page authentication using routes

I'm working on a site that needs an admin panel. I am currently trying to set up the authentication of that panel, though I can not find a way to deny access from any guest users (non-admins). I have a login page, of course, and after login, it routes to the admin page, though you can also go to /admin when you're not logged in.
routes.php :
Route::get('home', function(){
if (Auth::guest()) {
return Redirect::to('/');
} else {
return Redirect::to('admin');
}
});
Route::get('admin', function () {
return view('pages.admin.start');
});
MainController.php :
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
class MainController extends Controller {
public function getIndex() {
return view('pages.index');
}
public function getAbout() {
return view('pages.about');
}
public function getPortfolio() {
return view('pages.portfolio');
}
public function getShop() {
return view('pages.shop');
}
public function getContact() {
return view('pages.contact');
}
/*public function getAdmin() {
return view('pages.admin.start');
}*/
}
I could really use some help here, because I'm totaly stuck, and yes, I have read the documentation, though maybe I'm just missing something.

Assuming you have a line like this:
'auth' => 'App\Http\Middleware\Authenticate',
in your app/Http/Kernel.php file:
put all the routes you need "authenticated" inside the grouping, but keep the "guest" routes outside of them :
Route::get('home', function(){
if (Auth::guest()) {
return Redirect::to('/');
} else {
return Redirect::to('admin');
}
});
Route::group( ['middleware' => 'auth' ], function(){
Route::get('admin', function () {
return view('pages.admin.start');
});
Route::just-another-route()...;
Route::just-another-route()...;
});
Documentation: http://laravel.com/docs/5.1/routing#route-groups

You should use a Middleware to handle authentication of your users
1) First you have to create a middleware that will check if the user requiring the page is an admin, and if not you have to redirect; something like this:
class AdminMiddleware
{
public function handle(Request $request, Closure $next )
{
//if User is not admin
//redirect to no permess
return $next($request);
}
}
2) Then you have to bind the middleware to the routes you want to be accessible only from an admin user:
//bind the middleware to all the routes inside this group
Route::group( ['middleware' => 'adminmiddleware' ], function()
{
Route::get('admin', function () {
return view('pages.admin.start');
});
//other routes
});

Routing confusion on two admin in laravel 4

I have following routes:
// For user
Route::controller('/', 'LoginController');
//For admin
Route::group(array('prefix' => 'admin'), function() {
Route::get('/', 'admin\LoginController#index');
Route::get('/dashboard', 'admin\LoginController#show');
Route::get('/Logout','admin\LoginController#logout');
Route::resource('/setting','admin\SettingController');
});
I have user panel without prefix.
In logincontroller contain authorization codes.
I have found 'Controller method not found.' error when i open admin.but when i comment to user route then admin is working fine but user panel found same error.please help sir..thanks
Yes Here is LoginController of user
<?php
class LoginController extends BaseController {
public function getIndex()
{
if(Auth::check())
{
return Redirect::to('/user/home');
}
return View::make('login.index');
}
public function postIndex()
{
$username = Input::get('username');
$password = Input::get('password');
if (Auth::attempt(['username' => $username, 'password' => $password]))
{
return Redirect::intended('/user/home');
}
return Redirect::back()
->withInput()
->withErrors('Sorry,Username or password is incorrect');
}
public function getLogin()
{
return Redirect::to('/');
}
public function getLogout()
{
Auth::logout();
return Redirect::to('/');
}
}
Admin Login Controller
<?php
namespace admin;
class LoginController extends \BaseController {
public function showLogin() {
return \View::make('admin.login');
}
public function index()
{
return \View::make('admin.index');
}
public function store()
{
$username = \Input::get('username');
$password = md5(\Input::get('password'));
if ($mm=\DB::select('select * from admin where uname = ? and password = ?', array($username, $password)))
{
\Session::put('admin', $mm);
return \Redirect::intended('/admin/dashboard');
}
else
{
\Session::flush('admin');
return \Redirect::back()
->withInput()
->withErrors('Sorry,Unauthorized admin please try again');
}
}
public function postIndex()
{
echo 'Demo of post index';exit;
}
public function show()
{
$tt=\Session::get('admin');
return \View::make('admin.dashboard');
}
public function Logout()
{
\Session::flush('admin');
return \Redirect::to('/admin');
}
}

The problem is that Route::controller('/') is catching all requests that only have one segment. that means /admin as well. It then tries to find a getAdmin() method in the user LoginController which obviously doesn't exist.
You basically have two options here.
1. Change the route order
Routes are searched in the order you register them. If you place the admin group before the other route everything will work as expected:
Route::group(array('prefix' => 'admin'), function() {
Route::get('/', 'admin\LoginController#index');
Route::get('/dashboard', 'admin\LoginController#show');
Route::get('/Logout','admin\LoginController#logout');
Route::resource('/setting','admin\SettingController');
});
Route::controller('/', 'LoginController');
2. Make explicit routes
Instead of using Route::controller('/') you could specify each route:
Route::get('/', 'LoginController#getIndex');
Route::get('login', 'LoginController#getLogin');
// etc...
Route::group(array('prefix' => 'admin'), function() {
Route::get('/', 'admin\LoginController#index');
Route::get('/dashboard', 'admin\LoginController#show');
Route::get('/Logout','admin\LoginController#logout');
Route::resource('/setting','admin\SettingController');
});