I have the following table
id email password role
1 someemail password admin
2 someemail password guest
Guest is the one who can access few privileged section of front end (eg: commenting blog post etc)
Guest is normally registered via facebook using oauth. I have blocked guest from admin login like below
if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password'),'role'=>'admin'))) {
But problem is that , when ever user login from facebook , the session is shared and can access admin as well.
facebook login code is as below
//$result hold facebook information
$user->firstname = $result['first_name'];
$user->lastname = $result['last_name'];
$user->email = $result['email'];
$user->password ='sample';
$user->role='facebook';
//check user with same email is already there
$usr = User::where('email', '=', $result['email'])->count();
if($usr==0)
$user->save();
//automatically login the registered user
$user = User::where('email', '=', $user->email)->where('role', '=', 'facebook')->first();
Auth::login($user);
Now in each controller i have called following function on constructor
public function __construct() {
$this->beforeFilter('auth');
}
This is not sufficient to stop the session sharing from guest user.. any help will be appreciated
Create a new filter in app/filters.php
that checks if the user is an admin.
Route::filter('auth.admin', function()
{
if (Auth::guest())
return Redirect::guest('/');
if (Auth::user()->role != 'admin')
return Redirect::to('/');
});
Now in your admin controllers call the new filter
public function __construct()
{
$this->beforeFilter('auth.admin');
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.