Reputation: 331
Can't prevent users going back to the admin page after logging out - Laravel 4
I'm facing a weird issue while developing a very basic application using Laravel 4. I have created the functionality following the documentation of laravel 4's user authenticating docs where users can sign up to ask different questions and only the registered users can access to the secret/admin page. Everything works well so far except that I'm getting this weird issue where even after logging out users can still access to the precious page or in other word the admin page. I'm not sure it has something to do with Laravel but still I couldn't figure out what's the issue and how to prevent or force the browser to reload or something so that they can't see the admin page even if they click on the back arrow in browser. Although it may not be relavent but I'm still attaching the codes I have. In routes.php I have this
<?php
Route::get('/', array('as'=>'home', 'uses'=>'QuestionController@getindex'));
Route::get('register', array('as'=>'register', 'uses'=>'UserController@getnew'));
Route::get('login', array('as'=>'login', 'uses'=>'UserController@getlogin'));
Route::get('logout', array('as'=>'logout', 'uses'=>'UserController@getlogout'));
Route::post('register', array('before'=>'csrf', 'uses'=>'UserController@postcreate'));
Route::post('login', array('before'=>'csrf', 'uses'=>'UserController@postlogin'));
And in userController I have this
<?php
class UserController extends BaseController {
public function getNew() {
return View::make('users.new')
->with('title', 'Snappy Q&A - Register');
}
public function postCreate() {
$validator = Member::validate(Input::all());
if ( $validator->passes() ) {
$user = User::create( array (
'username' => Input::get('username'),
'password' => Hash::make(Input::get('password'))
));
Auth::login($user);
return Redirect::route('home')->with('message', 'Thanks for registering!');
} else {
return Redirect::route('register')->withErrors($validator)->withInput();
}
}
public function getLogin() {
return View::make('users.login')
->with('title', 'Snappy Q&A - Login');
}
public function postLogin() {
$user_creds = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
if( Auth::attempt($user_creds) ) {
return Redirect::route('home')
->with('message', 'Yep, you are now logged in');
} else {
return Redirect::route('login')
->with('message', 'Shit man! The creds are not authorised!')
->withInput();
}
}
public function getLogout() {
if( Auth::check() ) {
Auth::logout();
return Redirect::route('login')
->with('message', 'You are now logged out!');
} else {
return Redirect::route('home');
}
}
}
This new.blade.php is responsible for creating a new user
@extends('master.master')
@section('content')
@if( $errors->has() )
<p>The following erros has occured: </p>
<ul class="form-errors">
{{ $errors->first('username', '<li>:message</li>') }}
{{ $errors->first('password', '<li>:message</li>') }}
{{ $errors->first('password_confirmation', '<li>:message</li>') }}
</ul>
@endif
{{ Form::open( array('route'=>'register', 'method'=>'post')) }}
{{ Form::token() }}
{{ Form::label('username', 'Username') }}
{{ Form::text('username', Input::old('username')) }}
{{ Form::label('password', 'Password') }}
{{ Form::password('password') }}
{{ Form::label('password_confirmation', 'Confirm Password') }}
{{ Form::password('password_confirmation') }}
{{ Form::submit('Register', array('class'=>'btn btn-success')) }}
{{ Form::close() }}
@stop
This one is for logging in a user:
@extends('master.master')
@section('content')
{{ Form::open( array('route'=>'login', 'method'=>'post') ) }}
{{ Form::token() }}
{{ Form::label('username', 'Username') }}
{{ Form::text('username', Input::old('username')) }}
{{ Form::label('password', 'Password') }}
{{ Form::password('password') }}
{{ Form::submit('Login', array('class' => 'btn btn-success')) }}
{{ Form::close() }}
@stop
TO make it clear, I don't have anything special yet for the admin page except the condition in the navigation with the method Auth::check(); to make sure that only logged in user can see the logout navigation. I will create the functionality later after I'm done with this problem. The admin page view will be in a folder called questions. I hope this makes sense now.
How do I take care of that? Please ask if you still need any other instance of my code. And I believe many of the newbies in Laravel world face more or less the same issue while developing functionality like that. I'm hoping this is a good question and will help others as well as me.
Upvotes: 0
Views: 2068
Answers (1)
Reputation: 504
Try to use filters in routes
Route::get('/', array('before' => 'auth', function()
{
}));
More: http://laravel.com/docs/routing#route-filters
Upvotes: 1
Related Questions
- Prevent Browser's Back Button Login After Logout in Laravel 5
- Laravel 9 - How to prevent showing login page after user is logged-in and hit browser back button
- Custom logout redirection in laravel for admin guard
- Laravel redirect with logout not working
- Laravel 5.4 return to login page after auth session expire
- Laravel 5.3 Redirect to admin page after login only if user is admin
- Prevent logout auth laravel
- Laravel - Redirect back to login page after login
- How to prevent displaying the home page after logging out
- How to stay on the same page after a logout in Laravel