Build custom Backend/Admin authentication in Laravel

We will build a custom authentication guard allowing admin to login and logout separately from the default user guard.

First, we will create Admin model and migration by artisan:

php artisan make:model Models\Admin -m

Add code into database/migrations/XXXX_XX_XX_XXXXXX_create_admins_table.php

<?phpuse Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class CreateAdminsTable extends Migration
{
public function up()
{
Schema::create('admins', function (Blueprint $table) {
$table->tinyIncrements('id');
$table->string('name');
$table->string('type');
$table->string('mobile');
$table->string('email')->unique();
$table->timestamp('email_verified_at')->nullable();
$table->string('password');
$table->string('picture')->nullable();
$table->boolean('status')->default(0);
$table->rememberToken();
$table->timestamps();
});
}
public function down()
{
Schema::dropIfExists('admins');
}
}

Edit app/Models/Admin.php

<?phpnamespace App\Models;use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
class Admin extends Authenticatable
{
use Notifiable;
protected $guard = 'admin'; protected $fillable = [
'name', 'email', 'password', 'type', 'mobile', 'picture', 'status',
];
protected $hidden = [
'password', 'remember_token',
];
}

Run artisan command:

php artisan migrate

Create and add code into database/seeds/AdminSeeder.php

php artisan make:seeder AdminSeeder<?phpuse App\Models\Admin;
use Illuminate\Database\Seeder;
use Illuminate\Support\Facades\Hash;
class AdminSeeder extends Seeder
{
public function run()
{
Admin::truncate();
$admin = Admin::create([
'name' => 'Admin',
'type' => 'admin',
'password' => Hash::make('secret'),
'email' => 'admin@yourdomain.com',
'mobile' => '0909778899',
'picture' => '',
'status' => 1,
]);
}
}

Add AdminSeeder class into database/seeds/DatabaseSeeder.php

<?phpuse Illuminate\Database\Seeder;class DatabaseSeeder extends Seeder
{
public function run()
{
$this->call(AdminSeeder::class);
}
}

Run db:seed artisan command:

php artisan db:seed

Now we need to change somewhere in config/auth.php

<?phpreturn [
// ..
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'admin' => [
'driver' => 'session',
'provider' => 'admins',
],
// ..
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'admins' => [
'driver' => 'eloquent',
'model' => App\Models\Admin::class,
],
// ..
],
];

Create AdminAuth middleware:

php artisan make:middleware AdminAuth<?phpnamespace App\Http\Middleware;use Auth;
use Closure;
class AdminAuth
{
public function handle($request, Closure $next)
{
if (!Auth::guard('admin')->check()) {
return redirect()->route('admin.login');
}
return $next($request);
}
}

Create AuthController class by artisan

php artisan make:controller Backend\AuthController<?phpnamespace App\Http\Controllers\Backend;use App\Http\Controllers\Controller;
use Auth;
use Illuminate\Http\Request;
class AuthController extends Controller
{
public function login(Request $request)
{
if (Auth::guard('admin')->check()) {
return redirect()->route('admin.dashboard');
}
if ($request->isMethod('post')) {
$rules = [
'email' => 'required|email|max:255',
'password' => 'required',
];
$messages = [
'email.required' => 'Email Address is required',
'email.email' => 'Valid Email is required',
'password.required' => 'Password is required',
];
$this->validate($request, $rules, $messages);
if (Auth::guard('admin')->attempt(['email' => $request->email, 'password' => $request->password])) {
return redirect()->route('admin.dashboard');
} else {
return redirect()->back()->with('error', 'Invalid Email or Password');
}
}
return view('backend.modules.auth.login')->withTitle('Login');
}
public function logout()
{
Auth::guard('admin')->logout();
return redirect()->route('admin.login');
}
}

Add admin routes:

<?php// routes/web.phpuse Illuminate\Support\Facades\Route;Route::match(['get', 'post'], '/', 'AuthController@login')->name('login');
Route::middleware('auth:admin')->group(function () {
Route::get('dashboard', 'DashboardController@dashboard')->name('dashboard');
Route::get('logout', 'AuthController@logout')->name('logout');

});

Happy Coding:)

Full-Stack web developer.