Support the ongoing development of →
Authentication Security Validation
Last updated 9 months ago.

Whoops. I re-read the post and my brain completely mis-interpreted what was wanted.

Can you show us the associated code? afaik when you redirect it will go through the auth filter just the same. A Redirect sends a 302 (or 303) to the browser with the new URL, so it will still go through the router and filter layers as normal with the newly authed user.

Last updated 9 months ago.

This is login part:

if(Auth::attempt(["username" => Input::get("username"), "password" => Input::get("password")])){
				return Redirect::intended('main');
				return Redirect::back()->with("message", "Your account is not activated!");
			return Redirect::back()->with("message", "Invalid credentials. Please try again!");

These are my routes:

Route::when('admin/*', 'admin');

Route::group(["before" => "auth"], function(){
	Route::get("/admin/", ["uses" => "[email protected]"]);
	Route::get("/admin/overview", ["uses" => "[email protected]"]);
	Route::get("/admin/users/all", ["uses" => "[email protected]"]);
	Route::get("/admin/users/banned", ["uses" => "[email protected]"]);
	Route::get("/admin/users/{id}/edit", ["uses" => "[email protected]"]);
	Route::get("/admin/user/add", ["uses" => "[email protected]"]);
	Route::get("/admin/posts/all", ["uses" => "[email protected]"]);
	Route::get("/admin/posts/drafts", ["uses" => "[email protected]"]);
	Route::get("/admin/posts/add", ["uses" => "[email protected]"]);
	Route::get("/admin/posts/edit/{id}", ["uses" => "[email protected]"]);

And this is my filter:

Route::filter('admin', function()
        return Redirect::to("/");

So when I log in as normal user and then I try to visit protected route then I get redirected properly. But if I try to visit protected routes while I'm not logged in I get redirected to login route as I should, but when I log in as a normal user I still can see protected route which I intended to visit.

Last updated 9 months ago.

Nothing is immediately popping out at me as incorrect with this code. It should work just fine.

The redirector is sending a redirect with a 302 status. So it should run through a whole new request cycle.

Last updated 9 months ago.

I solved it. Instead of protecting admin routes like this:

Route::when('admin/*', 'admin');

I protected them like this:

Route::group(["before" => "auth|admin"], function(){
// routes
Last updated 9 months ago.

Sign in to participate in this thread!

Full Stack Europe

Your banner here too?

alenn-m alenn-m Joined 5 Mar 2014


We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2023 - All rights reserved.