How to use authentication for multiple tables in Laravel 5

Question

Sometimes, we'd like to separate users and admins in different 2 tables.
I think it is a good practice.

I am looking if that is possible in Laravel 5.

@DerGolem I had post the solution when this question was raised. cannot see it? — JasonW, Mar 22 '15 at 12:24

score 7 · Accepted Answer · edited Apr 10 '15 at 05:23

7

Before reading the following, you are supposed to have basic knowledge on ServiceProvider, Facade and IoC in Laravel 5. Here we go.

According to the doc of Laravel, you could find the Facade 'Auth' is refering to the Illuminate\Auth\AuthManager, which has a magic __call(). You could see the major function is not in AuthManager, but in Illuminate\Auth\Guard

Guard has a Provider. This provider has a $model property, according to which the EloquentUserProvider would create this model by "new $model". These are all we need to know. Here goes the code.

1.We need to create a AdminAuthServiceProvider.

public function register(){
    Auth::extend('adminEloquent', function($app){
        // you can use Config::get() to retrieve the model class name from config file
        $myProvider = new EloquentUserProvider($app['hash'], '\App\AdminModel') 
        return new Guard($myProvider, $app['session.store']);
    })
    $app->singleton('auth.driver_admin', function($app){
        return Auth::driver('adminEloquent');
    });
}

2.Facade:

class AdminAuth extends Facade {
        protected static function getFacadeAccessor() { return 'auth.driver_admin'; }
    }

3. add the alias to Kernel:

'aliases' => [
    //has to be beneath the 'Auth' alias
    'AdminAuth' => '\App\Facades\AdminAuth'
]

Hope this could be helpful.

edited Apr 10 '15 at 05:23

Hasib Mahmud

806
1
10
29

answered Mar 22 '15 at 08:51

JasonW

453
1
9
16

4

I think there may be a security issue. If admin part of your website shares sessions with the user part, if an authenticated normal user tries to access the admin panel, he may get the right to access if there's an admin whose id is the same as this normal user. – yixiang Aug 05 '15 at 07:38
Is there really a security issue with this method? – user3201500 May 21 '16 at 09:59
1

If I'm understanding this correctly, the 'admin' and 'non-admin' users would be in separate tables. In this case, you would querying 'admin' table for the admin area, and 'users' for the non-admin areas. So users with overlapping IDs should not be a problem, as you would only look for 'admin' users in the 'admin' table. Even if you know a user's ID, you have to have a matching username and password in order to set a session, so there should be no issue here. The session, not the user id, is the 'key', and that is guaranteed unique by PHP (assuming best practices). – cmpreshn Jun 17 '16 at 17:35
@yixiang The is potential security breach after all. I've implemented another work around for multi auth but still having the same issue as If admin and normal user id matches It would allow user to be logged in as an admin. – Basheer Kharoti Jul 28 '17 at 10:36

score 2 · Answer 2 · edited Oct 28 '18 at 08:13

I have created a laravel package where you can handle multiple authentication.

Step 1 : Composer require

Firstly, composer require the multiauth package

composer require sarav/laravel-multiauth dev-master

Step 2 : Replacing default auth service provider

Replace

Illuminate\Auth\AuthServiceProvider::class

with

Sarav\Multiauth\MultiauthServiceProvider

in your config/app.php file

Step 3 : Modify auth.php

Modify your config/auth.php file to something like this

'multi' => [
    'user' => [
        'driver' => 'eloquent',
        'model'  => App\User::class,
        'table'  => 'users'
    ],
'admin' => [
    'driver' => 'eloquent',
    'model'  => App\Admin::class,
    'table'  => 'admins'
   ]
],

Thats it! Now you can try multiple authentication by passing the user as first parameter. For example

\Auth::loginUsingId("user", 1); // Login user with id 1

\Auth::loginUsingId("admin", 1); // Login admin with id 1

// Attempts to login user with email id johndoe@gmail.com 
\Auth::attempt("user", ['email' => 'johndoe@gmail.com', 'password' => 'password']);

// Attempts to login admin with email id johndoe@gmail.com
\Auth::attempt("admin", ['email' => 'johndoe@gmail.com', 'password' => 'password']);

For more detailed documentation

http://sarav.co/blog/multiple-authentication-in-laravel/

http://sarav.co/blog/multiple-authentication-in-laravel-continued/

It is working but how to check if an admin is logged in or not. — Utkarsh Vishnoi, Oct 16 '16 at 09:49
I am Getting Illuminate/Auth/Gaurd not found. :( added all the provideers still. please help — DAOdAppDev, Mar 14 '17 at 07:52
Illuminate/Auth/Gaurd not found. this library never worked. dont use this library — Zahan Safallwa, Jul 09 '17 at 19:16

How to use authentication for multiple tables in Laravel 5

2 Answers2

Linked

Related