How to create an admin login in Laravel 11
3 months agoIn this tutorial I'll explain how I wrote an admin login that only requires a username and password. It took me ages to figure out how to do it because I couldn't find any tutorials that didn't use Breeze or something similar so I may as well pass on my barely passable knowledge in an unprofessional way. Is it safe? Maybe?? I haven't been able to break into my own website yet so it's not completely unsafe... (if there's any issues please find my contact information above) But anyway...
Step 1: create the admin model
php artisan make:model Admin -m
This will create the admin model along with a migration.
Step 2: edit the migration
In the database/migrations/xxx_create_admins_table.php file add
public function up(): void
{
Schema::create('admins', function (Blueprint $table) {
$table->id();
$table->string('username')->unique();
$table->string('password');
$table->rememberToken();
$table->timestamps();
});
}
then run
php artisan migrate
Note: I'm not sure if the rememberToken() is needed but I don't want to break anything so you can try if you want to.
Step 3: edit the admin model
In the app/models/Admin.php file add
class Admin extends Authenticable
{
public $fillable = ['username', 'password'];
}
and add
use Illuminate\Foundation\Auth\User as Authenticable;
at the top
Make sure you add extends Authenticable it's important.
Step 4: add guards and providers
In the config/auth.php file add
'admins' => [
'driver' => 'eloquent',
'model' => App\Models\Admin::class,
],
into
'providers' => [
//..
],
then add
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
into
'guards' => [
//..
],
Step 5: create the admin controller
php artisan make:controller AdminController
Step 6: edit the admin controller
In the app/Http/Controllers/AdminController.php file add
public function showLoginForm()
{
return view('admin.login');
}
public function login(Request $request)
{
$credentials = $request->only('username', 'password');
if (Auth::guard('admin')->attempt($credentials)) {
// Authentication passed...
return redirect()->intended('/');
}
// Authentication failed...
return redirect()->back()->withInput($request->only('username'));
}
public function logout()
{
Auth::logout();
return redirect('/admin/login');
}
make sure to add
use Auth;
at the top
Step 7: create the middleware
php artisan make:middleware AdminAuth
Step 8: edit the admin auth middleware
In the app/Http/middleware/AdminAuth.php file add
public function handle(Request $request, Closure $next): Response
{
if (Auth::guard('admin')->check()) {
return $next($request);
} else {
return redirect()->route('admin.login');
}
}
make sure to add
use Auth;
at the top
Step 9: add routes
In the routes/web.php file add
Route::get('/admin/login', [AdminController::class, 'showLoginForm'])->name('admin.login');
Route::post('/admin/login', [AdminController::class, 'login'])->name('admin.login.submit');
Route::post('/admin/logout', [AdminController::class, 'logout'])->name('admin.logout');
make sure to add
use App\Http\Controllers\AdminController;
at the top
Step 10: create login page
In the resources/views folder create a folder called admin and inside the admin folder a file called login.blade.php.
Step 11: edit the login page
In the login.blade.php file you just created add
<form method="POST" action="{{ route('admin.login.submit') }}">
@csrf
<input type="text" name="username" value="{{ old('username') }}" required autofocus placeholder="Username">
<input type="password" name="password" required placeholder="Password">
<button type="submit">Login</button>
</form>
Note: Make sure to add the @csrf.
Step 12: apply middleware to routes you want to protect
In the routes/web.php file add
Route::middleware(AdminAuth::class)->group(function () {
//Routes you want to protect
});
make sure to add
use App\Http\Middleware\AdminAuth;
at the top
Step 13: add admin user
In your prefered database client add a new row into the admins table. The username should be, well, the username but the password should use the bcrypt() function.
To get your encrypted password run
php artisan tinker
and run
bcrypt("password")
and copy what's in between the double quotes. Insert the row and you should be all set.
Conclusion
And that's it, as said before I don't know how secure this is so use at your own risk.