Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Web site authentication with Laravel

Friday, July 3rd, 2015 by Servage

authenticationThe ability to register and login is the basis for many features on most websites. Therefore authentication is an issue which developers are confronted with in almost every single project. Thankfully the Laravel developers have realized this, and therefore made it very easy to implement authentication. Actually default Laravel installations ship with the required pieces already available. You just need to move a few things into place to make it work for your project.

Laravel provides the required controllers for the authentication procedure, but there are no routes active for this purpose by default. This is to avoid opening your web site to authentication unless you want it. Therefore simply add the following to your routes file.

// Add routes for user registration & authentication
Route::get('auth/register', 'Auth\AuthController@getRegister');
Route::post('auth/register', 'Auth\AuthController@postRegister');
Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::post('auth/login', 'Auth\AuthController@postLogin');
Route::get('auth/logout', 'Auth\AuthController@getLogout');

Laravel does not provide views for the steps during the authentication process. That is because usually the views are very custom from web site to web site, and therefore you would most likely need to customize them so heavily anyway, that you might as well start from scratch. Below is a sample login form with the most basic elements included.

<!-- Place this in "resources/views/auth/login.blade.php" -->
<form method="POST" action="/auth/login">
  {!! csrf_field() !!}
  <div>Email <input type="email" name="email" value="{{ old('email') }}"></div>
  <div>Password <input type="password" name="password" id="password"></div>
  <div><input type="checkbox" name="remember"> Remember Me</div>
  <div><button type="submit">Login</button></div>
</form>

The following is a sample registration form.

<!-- Place this is "resources/views/auth/register.blade.php" -->
<form method="POST" action="/auth/register">
  {!! csrf_field() !!}
  <div class="col-md-6">Name <input type="text" name="name" value="{{ old('name') }}"></div>
  <div>Email <input type="email" name="email" value="{{ old('email') }}"></div>
  <div>Password <input type="password" name="password"></div>
  <div class="col-md-6">Confirm Password <input type="password" name="password_confirmation"></div>
  <div><button type="submit">Register</button></div>
</form>

Laravel does not know where you want users to go after a successful login. Therefore you must specify it in the Auth controller like below.

protected $redirectTo = '/account_page';

Working with the user model

After login you can get the currently logged in users’ model-instance via the Auth facade.

$user = Auth::user();

It also provides a simple check to see if the current user is logged in.

if (Auth::check())
{
  // Yes, the user is logged in.
  // Do secret stuff here ...
}

Since you probably implemented authentication for a reason, you can now protect your routes and controllers in two ways. The first option is to restrict the route directly:

Route::get('profile', ['middleware' => 'auth', function()
{
  // Only authenticated users may enter...
}]);

Another way is to restrict via the controller:

Route::get('profile', [
  'middleware' => 'auth',
  'uses' => 'ProfileController@show'
]);

Remember me function

The “remember me” feature is widely known and appreciated. Nothing bothers more than having to re-login again and again. Laravel provides the basic “remember me” functionality to enable this function easily. Just implement an auth attempt like below.

if (Auth::attempt(['email' => $email, 'password' => $password], $remember))
{
  // Now the user is being remembered
}

You can even determine if the user was “remembered”, and thereby trigger some extra check before allowing sensitive operations like changing the password.

if (Auth::viaRemember())
{
  // Yep, this one was remembered.
}

This should get you well on the way with authentication. Have fun with all the special features you can provide to your visitors behind a login now.

Web site authentication with Laravel, 4.3 out of 5 based on 4 ratings
Categories: Guides & Tutorials

Keywords: , ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.