Laravel login redirect issue based on role of user: redirect too many times
Question
I am trying to make code in Laravel using middleware which will redirect user depending on user's role. The issue is I get error: redirected too many times whether user is simple user or admin. I am so far performing check whether user is admin by providing string in middleware, i am not accessing db yet. Any help is greatly appreciated.
Here is my code below:
mid.php (Middleware)
class mid
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if($request->session()->has('user')){
$user = $request->session()->get('user');
if($user == "pujan@pujanovic.com"){
return redirect()->route('adminview');
}else{
return redirect()->route('userview');
}
}else{
return redirect()->route('login')->with('poruka','Niste administrator!');
}
return $next($request);
}
}
Web.php
<?php
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Route::get("/","HomeController@index")->name('index');
Route::get("/login","HomeController@loginview")->name('login');
Route::get("/admin","HomeController@adminview")->name('adminview')->middleware('mid');
Route::post("/login","LoginController@login");
Route::get("/user","HomeController@userview")->name('userview')->middleware('mid');
LoginController.php
<?php
namespace App\Http\Controllers;
use Session;
use Illuminate\Support\Facades\Validator;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\URL;
use App\Models\UserModel;
class LoginController extends Controller
{
//
public function login(Request $request){
$email=$request->input('email');
$password=$request->input('password');
$this->validate($request,[
'email'=>'required',
'password'=>'required'
]);
$pass=md5($password);
$data=DB::SELECT("SELECT * FROM users where email=? and password=?",[$email,$password]);
if (count($data)){
session()->put('user',$email);
$value=session('user');
return redirect()->route('userview');
}else{
return redirect()->route('login')->with('success','wrong data');
}
}
}
1 answers
solution1
0 2020-07-02 18:14:27
Your middleware will redirect a user who isn't "pujan@pujanovic.com" to the userview route. You have this middleware assigned to the userview route.
So if there is a user in the session and they are not "pujan@pujanovic.com" they will get into an endless loop being redirected to the same route, then the middleware will redirect them to the same route again, in a loop.
This is also an issue for when you have this assigned to the adminview . If you are the "admin" and you try to hit that route, you will also end up in an endless loop.
In short you are telling it to redirect endlessly.
This middleware will never let anyone get to the destination route. It can only redirect to somewhere else.
Update:
Here is a rough idea of what you could do for an Admin check middleware
Admin Middleware:
public function handle($request, $next)
{
// an auth middleware could handle this itself
if (! ($email = $request->session()->get('user'))) {
// not logged in at all
return redirect()->route('login');
}
if ($email != 'admin@email.com') {
// not the admin user
// redirect them away
return redirect()->route(...);
}
// let the request pass through as we have determined they are the admin
return $next($request);
}
This middleware would get assigned to a route that you only want the admin to be able to access.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.