Authentication System

Middleware: Only allow authenticated users to access a given route. For protecting/restricting routes, we need to use Middleware.

Middleware Steps:

1. Creating

2. Registering

3. Uses

#01 Creating:

php artisan make:middleware AuthenticationMiddleware


return $next($request);


return redirect('/login');


#02 Registering:

got to http/kernel.php and find out $routeMiddleware for register newly created middleware and of course we will see auth and guest default basic middlewares already for us.

Add the following at the end of the $routeMiddleware array: 

'authenticated' => \App\Http\Middleware\ AuthenticationMiddleware::class


#03 Uses:

Go to the web.php and add as follows:

Route::get('/home', 'AdminUserController@index')->middleware('authenticated');

We can use the default auth as well as:

Route::get('/home', 'AdminUserController@index')->middleware('auth');


Route Groups:

If we want to authenticate 100 routes every single time we have to add middleware it’s more costly. Hence we have to use route group as follows:


Route::group(['middleware'=>'authenticated'], function(){

Route::get('/home', 'AdminUserController@index');

Route::get('/about', 'AdminUserController@about');



We can use another middleware as follows:

Route::group(['middleware'=> ['authenticated', 'anotherMiddleware']], function(){

Route::get('/home', 'AdminUserController@index');

Route::get('/about', 'AdminUserController@about');



We can check rout list as follows:

php artisan route:list


Basic Authentication for login, logout, register, forget/change password:

php artisan make:auth

Login url:


After login url:


But we can customize the redirect location by defining a redirectTo property on the LoginController, RegisterController, and ResetPasswordController as follows:

protected $redirectTo = '/';

Logout url:


Register url:


Forget/reset password url:


If we want to rename default url like localhost:8000/login to localhost:8000/alogin.

In routes\web.php file, replace the Auth::routes(); with the following and change like you do:

// Authentication Routes...

$this->get('login', 'Auth\LoginController@showLoginForm')->name('login');

$this->post('login', 'Auth\LoginController@login');

$this->post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...


$this->post('register', 'Auth\RegisterController@register');

// Password Reset Routes...




$this->post('password/reset', 'Auth\ResetPasswordController@reset');


Retrieving The Authenticated User:

// Get the currently authenticated user...

$user = Auth::user();

// Get the currently authenticated user's ID...

$id = Auth::id();


If The Current User Is Authenticated:

if (Auth::check()) {

// The user is logged in...



Manually Authenticating Users:

$credentials = $request->only('email', 'password');

if (Auth::attempt($credentials)) {

// Authentication passed...

return redirect()->intended('dashboard');


The attempt method takes an array and check it manually if valid then return true else false.

if (Auth::attempt(['email' => $email, 'password' => $password, 'active' => 1])) {

   // The user is active, and exists.



Forgot Password:

Artisan command:

php artisan vendor:publish --tag=laravel-notifications

The above command will publish the below file where you can change your mail text.


Artisan command:

php artisan vendor:publish --tag=laravel-mail

The above command will publish views/vendor/mail/somefiles where you can style your mail.

Default App name (Laravel) Change:

First of all Laravel checks .env file and then config/mail.php

So, go to .env file and change APP_NAME=Your_app_name and you can also change APP_ENV=production,

And then, in the mail body text, the Laravel text will be replaced by Your_app_name, the Reset password’s button link will be

  • 249
  • 308
  • By Bablu Ahmed
  • Posted 1 year ago