I am trying to redirect the user to login page if it tries to access dashboard or other user page if they haven't logged in yet.
here is my web.php
Route::group(['middleware'=>'UserAuthChk'], function(){
Route::get('/',[HomeController::class, 'index']) -> name('home.index');
// User Controller
Route::get('/user/dashboard', [UserController::class, 'dashboard']) -> name('user.dashboard');
// User Authentication Controller
Route::get('/auth/user/login', [UserAuthController::class, 'login']) -> name('auth.user.login');
Route::get('/auth/user/signup', [UserAuthController::class, 'signup']) -> name('auth.user.signup');
Route::get('/auth/user/forgotpassword', [UserAuthController::class, 'forgotpass']) -> name('auth.user.forgotpass');
// User Authentication POST
Route::post('/auth/user/registeruser', [UserAuthController::class, 'registerUser']) -> name('auth.user.reguser');
Route::post('/auth/user/loginuser', [UserAuthController::class, 'loginUser']) -> name('auth.user.loginuser');
Route::get('/auth/user/logoutuser', [UserAuthController::class, 'logoutUser']) -> name('auth.user.logoutuser');
});
Here is my middleware UserAuthChk.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class UserAuthChk
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
if (session()->has('userID') && ($request->path()==route('auth.user.login') || $request->path()==route('auth.user.signup') || $request->path()==route('auth.user.forgotpass'))) {
return back();
}
if(!session()->has('userID') && ($request->path()!=route('auth.user.login') || $request->path()!=route('auth.user.signup') || $request->path()!=route('auth.user.forgotpass') || $request->path()!=route('home.index'))) {
return redirect()->route('auth.user.login');
}
return $next($request)->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate')
->header('Pragma','no-cache')
->header('Expires', 'Sat 01 Jan 1990 00:00:00 GMT');
}
}
Here is my kernel.php
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'UserAuthChk' => \App\Http\Middleware\UserAuthChk::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
];
If I haven't logged in and I try to access the login page, signup page, home page, it just keeps loading and then errors saying that it redirected too many times.
When I removed the whole !session()
part and I loggedd in then try to access the login or signup page, it works fine. Any solutions?
My Answer:
The issue in your middleware logic is with the condition in the if statement. The condition `($request->path()!=route('auth.user.login') || $request->path()!=route('auth.user.signup') || $request->path()!=route('auth.user.forgotpass') || $request->path()!=route('home.index'))` will always evaluate to true because a request path cannot be equal to all those routes at the same time.
You should change the condition to check if the request path is not equal to any of those routes using the `&&` operator instead of `||`. Here is the corrected condition:
php
if(!session()->has('userID') && ($request->path() != route('auth.user.login') && $request->path() != route('auth.user.signup') && $request->path() != route('auth.user.forgotpass') && $request->path() != route('home.index'))) {
return redirect()->route('auth.user.login');
}
With this change, the middleware will redirect the user to the login page if they haven't logged in and try to access any route other than the login, signup, forgot password, or home page.
Make sure to clear your browser cache or use an incognito window to test the changes after making this adjustment.
Rate this post
4 of 5 based on 5777 votesComments