I have made a login/signup page in Laravel and it works fine but I want to protect routes by allowing authenticated users alone to access the url.
This is my web.php :
Route::get('/', [
'uses' => 'UserController@getLogin',
'as' => 'login'
]);
Route::get('/signup', [
'uses' => 'UserController@getSignup',
'as' => 'signup'
]);
Route::get('/logout', [
'uses' => 'UserController@getLogout',
'as' => 'logout'
]);
Route::group(['prefix' => 'app'], function(){
Route::post('/newuser', [
'uses' => 'UserController@postSubmitSignup',
'as' => 'submitsignup'
]);
Route::post('/submitsignup', [
'uses' => 'UserController@postSubmitLogin',
'as' => 'submitlogin'
]);
Route::get('/home', [
'uses' => 'UserController@getDashboard',
'as' => 'dashboard'
])->middleware('auth');
// I also tried 'middleware' => 'auth', ends in same thing
});
In my UserController.php :
public function getSignup(){
$organizations = Organizations::all()->where('deleted', '0')->all();
return view('pages.signup', ['organizations' => $organizations]);
}
public function getLogin(){
return view('pages.login');
}
public function getDashboard(){
return view('pages.dashboard');
}
public function getLogout(){
Auth::logout();
return redirect()->route('login');
}
public function postSubmitSignup(Request $request){
$newuser = new User();
$newuser->firstname = $request['firstname'];
$newuser->lastname = $request['lastname'];
$newuser->username = $request['username'];
$newuser->email = $request['email'];
$newuser->password = bcrypt($request['password']);
$newuser->passwordhint = $request['passwordhint'];
$newuser->organization = $request['organization'];
$newuser->location = $request['location'];
$newuser->phone = $request['phone'];
$newuser->signupnote = $request['remarks'];
$newuser->save();
return redirect()->route('login');
}
public function postSubmitLogin(Request $request){
if(Auth::attempt(["username" => $request['username'], "password" => $request['password']])){
return redirect()->route('dashboard');
}
session()->flash('invalid', 'Bad Credentials');
return redirect()->back()->withInput();
}
And when I try to login with valid credentials, I get the following error message and the url seems to be http://website.com/login but the login page is located at http://website.com/:
Sorry, the page you are looking for could not be found.
1/1 NotFoundHttpException in RouteCollection.php line 161:
in RouteCollection.php line 161
at RouteCollection->match(object(Request)) in Router.php line 780
at Router->findRoute(object(Request)) in Router.php line 610
at Router->dispatchToRoute(object(Request)) in Router.php line 596
at Router->dispatch(object(Request)) in Kernel.php line 267
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request)) in Pipeline.php line 53
When I try to access the dashboard url directly, I get the same error. How should I do it properly and would be great if someone can explain why this happens.
You need to group your routes like below
Route::group(['middleware' => 'auth'], function(){
Route::get('/logout', [
'uses' => 'UserController@getLogout',
'as' => 'logout'
]);
// and your other routes which you wanna protect
}
Now the logout route and other routes which you will add in there will be only accessible to the authenticated users, in simple words user who is logged in.