For Laravel 5.3 and above
Check Scott's answer below.
For Laravel 5 up to 5.2
Simply put,
On auth middleware:
// redirect the user to "/login"
// and stores the url being accessed on session
if (Auth::guest()) {
return redirect()->guest('login');
}
return $next($request);
On login action:
// redirect the user back to the intended page
// or defaultpage if there isn't one
if (Auth::attempt(['email' => $email, 'password' => $password])) {
return redirect()->intended('defaultpage');
}
For Laravel 4 (old answer)
At the time of this answer there was no official support from the framework itself. Nowadays you can use the method pointed out by bgdrl below this method: (I've tried updating his answer, but it seems he won't accept)
On auth filter:
// redirect the user to "/login"
// and stores the url being accessed on session
Route::filter('auth', function() {
if (Auth::guest()) {
return Redirect::guest('login');
}
});
On login action:
// redirect the user back to the intended page
// or defaultpage if there isn't one
if (Auth::attempt(['email' => $email, 'password' => $password])) {
return Redirect::intended('defaultpage');
}
For Laravel 3 (even older answer)
You could implement it like this:
Route::filter('auth', function() {
// If there's no user authenticated session
if (Auth::guest()) {
// Stores current url on session and redirect to login page
Session::put('redirect', URL::full());
return Redirect::to('/login');
}
if ($redirect = Session::get('redirect')) {
Session::forget('redirect');
return Redirect::to($redirect);
}
});
// on controller
public function get_login()
{
$this->layout->nest('content', 'auth.login');
}
public function post_login()
{
$credentials = [
'username' => Input::get('email'),
'password' => Input::get('password')
];
if (Auth::attempt($credentials)) {
return Redirect::to('logged_in_homepage_here');
}
return Redirect::to('login')->with_input();
}
Storing the redirection on Session has the benefit of persisting it even if the user miss typed his credentials or he doesn't have an account and has to signup.
This also allows for anything else besides Auth to set a redirect on session and it will work magically.
If you are using laravel Auth class you can create an authorized route group. All routes that are defined there will be redirected if the user isn't logged in. Your router file will look something like this:
Route::get('/', array('as' => 'intro', 'uses' => 'intro@index'));
Route::get( 'login', array('as' => 'login', 'uses' => 'user@login'));
Route::get( 'logout', array('as' => 'logout', 'uses' => 'user@logout'));
// PROTECTED
Route::group(array('before' => 'auth'), function()
{
Route::get('dashboard', array('as' => 'dashboard', 'uses' => 'user@dashboard'));
});
// AUTH FILTER
Route::filter('auth', function()
{
if (Auth::guest()) return Redirect::to('login');
});
Best Answer
Replace
Route::get()
withRoute::filter('pattern: admin/*', 'check_roles');
.Now every time a request contains this pattern will be calling your check_roles filter. I think that this is what you currently need and not a
Route::get()
,You could use
Route::get()
on individual pages likeRoute::get('supersecret', array('before' => 'check_roles'), function() { return View::make('mysecret') });
For more info Routing - Filters
Updating to reflect my suggestion on the comment.
You can create an
Admin_Controller
that will extends yourBase_Controller
and have your auth filter in the__construct()
.Have this contoller registered in your start.php (search for Autoloader, where your base_controller is mapped).
And you could now extends your
Admin_Controller
whenever you want to protected your area.Hope that helps