4

Sometimes, we'd like to separate users and admins in different 2 tables.
I think it is a good practice.

I am looking if that is possible in Laravel 5.

Improve this question
1
  • @DerGolem I had post the solution when this question was raised. cannot see it? Commented Mar 22, 2015 at 12:24

2 Answers 2

Reset to default
7

Before reading the following, you are supposed to have basic knowledge on ServiceProvider, Facade and IoC in Laravel 5. Here we go.

According to the doc of Laravel, you could find the Facade 'Auth' is refering to the Illuminate\Auth\AuthManager, which has a magic __call(). You could see the major function is not in AuthManager, but in Illuminate\Auth\Guard

Guard has a Provider. This provider has a $model property, according to which the EloquentUserProvider would create this model by "new $model". These are all we need to know. Here goes the code.

1.We need to create a AdminAuthServiceProvider.

public function register(){
    Auth::extend('adminEloquent', function($app){
        // you can use Config::get() to retrieve the model class name from config file
        $myProvider = new EloquentUserProvider($app['hash'], '\App\AdminModel') 
        return new Guard($myProvider, $app['session.store']);
    })
    $app->singleton('auth.driver_admin', function($app){
        return Auth::driver('adminEloquent');
    });
}

2.Facade:

class AdminAuth extends Facade {
        protected static function getFacadeAccessor() { return 'auth.driver_admin'; }
    }

3. add the alias to Kernel:

'aliases' => [
    //has to be beneath the 'Auth' alias
    'AdminAuth' => '\App\Facades\AdminAuth'
]

Hope this could be helpful.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I think there may be a security issue. If admin part of your website shares sessions with the user part, if an authenticated normal user tries to access the admin panel, he may get the right to access if there's an admin whose id is the same as this normal user.
Is there really a security issue with this method?
If I'm understanding this correctly, the 'admin' and 'non-admin' users would be in separate tables. In this case, you would querying 'admin' table for the admin area, and 'users' for the non-admin areas. So users with overlapping IDs should not be a problem, as you would only look for 'admin' users in the 'admin' table. Even if you know a user's ID, you have to have a matching username and password in order to set a session, so there should be no issue here. The session, not the user id, is the 'key', and that is guaranteed unique by PHP (assuming best practices).
@yixiang The is potential security breach after all. I've implemented another work around for multi auth but still having the same issue as If admin and normal user id matches It would allow user to be logged in as an admin.
2

I have created a laravel package where you can handle multiple authentication.

Step 1 : Composer require

Firstly, composer require the multiauth package

composer require sarav/laravel-multiauth dev-master

Step 2 : Replacing default auth service provider

Replace

Illuminate\Auth\AuthServiceProvider::class

with

Sarav\Multiauth\MultiauthServiceProvider

in your config/app.php file

Step 3 : Modify auth.php

Modify your config/auth.php file to something like this

'multi' => [
    'user' => [
        'driver' => 'eloquent',
        'model'  => App\User::class,
        'table'  => 'users'
    ],
'admin' => [
    'driver' => 'eloquent',
    'model'  => App\Admin::class,
    'table'  => 'admins'
   ]
],

Thats it! Now you can try multiple authentication by passing the user as first parameter. For example

\Auth::loginUsingId("user", 1); // Login user with id 1

\Auth::loginUsingId("admin", 1); // Login admin with id 1

// Attempts to login user with email id [email protected] 
\Auth::attempt("user", ['email' => '[email protected]', 'password' => 'password']);

// Attempts to login admin with email id [email protected]
\Auth::attempt("admin", ['email' => '[email protected]', 'password' => 'password']);

For more detailed documentation

http://sarav.co/blog/multiple-authentication-in-laravel/

http://sarav.co/blog/multiple-authentication-in-laravel-continued/

Improve this answer

4 Comments

It is working but how to check if an admin is logged in or not.
I am Getting Illuminate/Auth/Gaurd not found. :( added all the provideers still. please help
Illuminate/Auth/Gaurd not found. this library never worked. dont use this library
seems doesn't work under laravel 7…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.