How to manage Login/Logout in laravel using Auth

Question

I have create one login module in laravel,what i have done yet is i have manually authenticated the user successfully and redirect on dashboard page but my issue is when user logged out from the application and again if they try to open that dashboard url then it is showing error MethodNotAllowedHttpException in RouteCollection at this time what i want is if user is not authenticated then it will directly redirect on our login page.I have also tried to put some logic in my LoginController Constructor but it is also not working.Below is my code with file path.

laravelproject\\app\\Http\\routes.php

Route::auth();
Route::post('/login-submit', 'LoginController@loginSubmit');
Route::get('/log-out',[
    'uses'=>'LoginController@logOut',
    ]);

laravelproject\\app\\Http\\Controllers\\LoginController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Support\Facades\Auth;

//to take input from user
use App\Http\Requests;
use Illuminate\Http\Request;
//end

class LoginController extends Controller
{


    public function loginSubmit(Request $request)
    {

         $email=$request->email;
         $password=$request->password;

         //var_dump($credentials);die;
        if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
            // Authentication passed...

             return view('dashboard');
        }
        else
        {
             return view('auth/login');
        }    
    }

    public function logOut() {


        Auth::logout();

        return view('auth/login');

    }
}

Error after getting logout and trying to accessing dashboard url MethodNotAllowedHttpException in RouteCollection

Answer 1

You need to utilize middleware here. Create a middleware in App\\Http\\middleware

class administrator
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ( Auth::check() && Auth::user()->isAdmin() )
        {
            return $next($request);
        }

        return redirect('signin');
    }
}

And now in the web.php you assign this middleware to the dashboard route so that dashboard is only accessible by adminisitrator

Route::get('/', 'Dashboard@dashboard')->middleware(['administrator']);

And for Auth::user()->isAdmin() define a boolean field in users table as 'admin' then define method isAdmin in User model like this:

public function isAdmin()
{
    return $this->admin;
}

now the process will be stream lined. whichever route you assign middleware administrator it will authenticate that route for admin. on authentication failure it will send the user to login page

Answer 2

maintain a session for your user, and in loginsubmit() function first check if use session exist then return to dashboard view. in logout action flush the user session as

public function loginSubmit(Request $request)
{
     if (Session::has('user')) {
        return view('dashboard');
     }
     $email=$request->email;
     $password=$request->password;

     //var_dump($credentials);die;
    if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {
        // Authentication passed...
        $authData = Auth::user();
        $userData = $authData['original'];
        Session::put('user', $authData['original']);
        return view('dashboard');
    }
    else
    {
         return view('auth/login');
    }    
}

public function logOut() {


    Auth::logout();
    Session::forget('user');
    return view('auth/login');

}