I have write a custom login functionality in an old fashioned way.
1.If the email or password is incorrect it will shows the correct error message (ie invalid email,invalid password,account blocked)
2.If login is ok set a session user with corresponding row from the user table.
3.redirect to different url's according to usertype
Here is the implementation
public function login(Request $request)
{
$matches=['email'=>$request->email];
$users =User::where($matches)->first();
if($users == FALSE)
{
$request->session()->flash(
'errors',
'Invalid Email');
return redirect('adminlogin');
}
else if($users->account_status==0)
{
$request->session()->flash(
'errors',
'Account is blocked please contact admin');
return redirect('adminlogin');
}
else if (!Hash::check($request->password,$users->user_password))
{
$request->session()->flash('errors', 'Invalid Password');
return redirect('adminlogin');
}
else
{
$request->session()->put('user',$users);
if($users->user_type == 1)
{
$url = 'index';
}
else if($users->user_type == 3)
{
$url = 'index/package-home';
}
else
{
return view('errors.404');
}
return redirect($url);
}
}
Also in every page i've checked the user authentication with session value,if user session is not set it will redirect to login screen.
public function index(Request $request,$page='admin-home',$id=null)
{
if(!$request->session()->has('user'))
{
$request->session()->flash('errors', 'Session is expired');
return redirect('adminlogin');
}
//load dashboard
}
So my question is my method is correct for a custom authentication or do i need to anything else??
Note:
I don't like to use laravel default auth system,because it dosen't provide a way for custom error message or redirect to differnt url's based on usertype (ie admin,super admin etc)
Aucun commentaire:
Enregistrer un commentaire