laravel 5.4, adding second authentication (admin panel)

Question

i want to create a second authentication in laravel 5.4 for an administration page.

---

First of all let me describe my problem: I have a functionable user login (default laravel auth) via 'web'-guard. Now i want to create a second authentication for the admin panel. I have another table which is storing the name, a token (which is something like a password) and an authority level.

The second/separate table is a dependency given by the system the page is developed for so i can't change that.

I have the login page for the administration panel but when i try to authenticate i get redirected back to the login everytime.

---

I already googled the whole thing and came across some good examples:

1. https://jamesmcfadden.co.uk/custom-authentication-in-laravel-with-guards-and-user-service-providers

   • other links are in the controller paste on pastebin (link down below)

But i wasn't able to figure it out.

---

Here's what i did already:

• Added a second guard named ' admin ' in config/auth.php

   'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'admin' => [ 'driver' => 'session', 'provider' => 'admin', ] ], 'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\\User::class, ], 'admin' => [ 'driver' => 'eloquent', 'model' => App\\Admin::class, ] ], 

• Added the needed model

   namespace App; use Illuminate\\Notifications\\Notifiable; use Illuminate\\Foundation\\Auth\\User as Authenticatable; class Admin extends Authenticatable { use Notifiable; protected $fillable = [ 'mID', 'mAccount', 'mName', 'mServerIP', 'mAuthority', 'mToken' ]; protected $hidden = [ 'mContactIP', 'mToken' ]; protected $table = 'administration'; protected $connection = 'common'; public $timestamps = false; public function getAuthIdentifierName() { return 'mAccount'; } } 

• Added necessary routes in routes/web.php

   Route::group(['prefix' => 'admin'], function () { Route::get('/login','Auth\\ElevationController@showLoginForm')->middleware('web'); Route::post('/login','Auth\\ElevationController@elevate'); Route::get('/logout','Auth\\ElevationController@demote'); Route::get('/', function (){return redirect('admin/dashboard');}); Route::get('/dashboard', 'AdminController@index'); }); 

• Added a new middleware under app/Http/Middleware named ' RedirectIfElevated ' via the command ' php artisan make:middleware '

   public function handle($request, Closure $next, $guard = 'admin') { if (!Auth::guard($guard)->check()) { if(!Auth::guard('web')->check()) { return redirect('/'); } return redirect('/admin/login'); } return $next($request); } 

• and in Kernel.php

   protected $routeMiddleware = [ . . . 'admin' => \\WarShape\\Http\\Middleware\\RedirectIfElevated::class, ]; 

• finally i created my Controller : https://pastebin.com/s6iJgFAB

• and created the view

   @extends('layouts.app') @section('content') <div class="container"> <div class="row"> <div class="col-md-8 col-md-offset-2"> <div class="panel panel-default"> <div class="panel-heading">Elevation</div> <div class="panel-body"> <form class="form-horizontal" role="form" method="POST" action="{{ url('/admin/login') }}"> {{ csrf_field() }} <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}"> <label for="mToken" class="col-md-4 control-label">Token</label> <div class="col-md-6"> <input id="mToken" type="password" class="form-control" name="mToken" required> @if ($errors->has('password')) <span class="help-block"> <strong>{{ $errors->first('password') }}</strong> </span> @endif </div> </div> <div class="form-group{{ $errors->has('g-recaptcha-response') ? ' has-error' : '' }}"> <label for="recaptcha" class="col-md-4 control-label">Solve Captcha <br> & Elevate!</label> <div class="col-md-6"> {!! app('captcha')->display($attributes = [], $lang = app()->getLocale()) !!} @if ($errors->has('g-recaptcha-response')) <span class="help-block"> <strong>{{ $errors->first('g-recaptcha-response') }}</strong> </span> @endif </div> </div> <input type="hidden" name="mAccount" value="{{ Auth::guard('web')->user()->login }}"> <div class="form-group"> <div class="col-md-8 col-md-offset-4"> <button type="submit" class="btn btn-primary"> Elevate </button> </div> </div> </form> </div> </div> </div> </div> </div> @endsection 

---

So the question i need an answer to is:

1. Where did i miss something? Where did i mess up?

---

I hope you can help me with this & thanks for your help!

Answer 1

很抱歉，如果我没有回答您的问题，但是您不能在用户表中添加一个简单的列，例如is_admin并仅授权is_admin = 1用户使用中间件访问管理面板，而不是两次登录？

Answer 2

I fixed that with the following custom login method:

public function elevate(Request $request)
{
    // login
    $this->validateLogin($request);
    $admin = Admin::where('mAccount', '=', Auth::guard('web')->user()->login)
       ->where('mToken', '=', $request->input('mToken'))->first();
    if($admin){
       Auth::guard('admin')->login($admin);
        return redirect('/admin/dashboard');
    }
    else{
        throw new \ErrorException('Elevation failed!');
    }
}

protected function validateLogin(Request $request)
{
    $this->validate($request, [
        'mToken' => 'required|string|min:8',
        'g-recaptcha-response' => 'required|captcha'
    ]);
}