Net Tutsplus Com Tutorials Php Authentication With Laravel 4

Post on 25-Oct-2015

333 views 4 download



Net Tutsplus Com Tutorials Php Authentication With Laravel 4.

Transcript of Net Tutsplus Com Tutorials Php Authentication With Laravel 4

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

94,514Twitter Followers

80,346Facebook Fans

21,883Google+ Followers

Tutorial DetailsDifficulty: IntermediateEstimated Completion Time: 30Minutes

View post on Tuts+ Beta

Tuts+ Beta is an optimized,mobile-friendly and easy-to-readversion of the Tuts+ network.

Andrew Perkins on Nov 11th 2013 with 64 Comments

Authentication With Laravel4

Tutorials \ PHP \ Rating:

Tweet Like 144


Authentication is required for virtually any type of web application. In this tutorial, I’d like to show you how


Tutorials Articles Tips Sessions Resources Videos Tuts+ Premium Website Templates

Advertise Write for Us About

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Advertise Here

advertise here

Full-time, Part-time and Contract Jobs

PHP Developer (MVC/EE/Laravel/etc...) at Vector Media Group

Tuts+ CMS & WordPress Editor at Envato

Tuts+ Mobile Dev Editor at Envato

Software Developer at

Application Developer - Android OS at

More on Tuts+ Jobs...

you can go about creating a small authentication application using Laravel 4. We’ll start from the verybeginning by creating our Laravel app using composer, creating the database, loading in the TwitterBootstrap, creating a main layout, registering users, logging in and out, and protecting routes using filters.We’ve got a lot of code to cover, so let’s get started!

InstallationLet’s start off this tutorial by setting up everything that we’ll need in order to build our authenticationapplication. We’ll first need to download and install Laravel plus all of its dependencies. We’ll also utilize thepopular Twitter Bootstrap to make our app look pretty. Then we’ll do a tad bit of configuration, connect toour database and create the required table and finally, start up our server to make sure everything isworking as expected.

DownloadLet’s use composer to create a new Laravel application. I’ll first change directories into my Sites folder asthat’s where I prefer to store all of my apps:

Then run the following command to download and install Laravel (I named my app laravel-auth) and all ofits dependencies:

Add In Twitter BootstrapNow to keep our app from suffering a horrible and ugly fate of being styled by yours truly, we’ll include theTwitter bootstrap within our composer.json file:

1 cd Sites

1 composer create-project laravel/laravel laravel-auth


{ "name": "laravel/laravel", "description": "The Laravel Framework.", "keywords": ["framework", "laravel"], "require": { "laravel/framework": "4.0.*",

Get Email Updates Subscribe via RSS

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Freelance Jobs

iOS App Developer in Anywhere

.NET Form Submission and data capture using JSON in USA

Wordpress Developer with Good Design Skills in Anywhere

Ruby on Rails developer in Anywhere, Remote

Code a mobile site and app in Anywhere

More Freelance Jobs...

Find us on Facebook



80,348 people like Nettuts+.

Facebook social plugin

… and then we can install it:

Now if you open up your app into your text editor, I’m using Sublime, and if you look in the vendor folderyou’ll see we have the Twitter Bootstrap here.

Now by default our Twitter Bootstrap is composed of .less files and before we can compile them into .CSSfiles, we need to install all of the bootstrap dependencies. This will also allow us to use the Makefile that isincluded with the Twitter bootstrap for working with the framework (such as compiling files and running


"laravel/framework": "4.0.*", "twitter/bootstrap": "*" }, // The rest of your composer.json file below ....

1 composer update

Facebook Twitter Google+

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API


Note: You will need npm in order to install these dependencies.

In your terminal, let’s change directories into vendor/twitter/bootstrap and run npm install:

With everything ready to go, we can now use the Makefile to compile the .less files into CSS. Let’s runthe following command:

You should now notice that we have two new folders inside our vendor/twitter/bootstrap directorynamed bootstrap/css which contain our bootstrap CSS files.


cd ~/Sites/laravel-auth/vendor/twitter/bootstrapnpm install

1 make bootstrap-css

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Now we can use the bootstrap CSS files later on, in our layout, to style our app.

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

But, we have a problem! We need these CSS files to be publicly accessible, currently they are located in ourvendor folder. But this is an easy fix! We can use artisan to publish (move) them to ourpublic/packages folder, that way we can link in the required CSS files into our main layout template, whichwe’ll create later on.

First, we’ll change back into the root of our Laravel application and then run artisan to move the files:

The artisan command asset:publish allows us to provide a --path option for which files we want to moveinto our public/packages directory. In this case, we tell it to publish all of the CSS files that we compiledearlier and place them inside of two new folders named bootstrap/css. Your public directory should nowlook like the screenshot below, with our Twitter Bootstrap CSS files now publicly accessible:


cd ~/Sites/laravel-authphp artisan asset:publish --path="vendor/twitter/bootstrap/bootstrap/css" bootstrap

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Set PermissionsNext we need to ensure our web server has the appropriate permissions to write to our applicationsapp/storage directory. From within your app, run the following command:

1 chmod -R 755 app/storage

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Connect To Our DatabaseNext, we need a database that our authentication app can use to store our users in. So fire up whicheverdatabase you are more comfortable using, personally, I prefer MySQL along with PHPMyAdmin. I’ve createda new, empty database named: laravel-auth.

Now let’s connect this database to our application. Under app/config open up database.php. Enter inyour appropriate database credentials, mine are as follows:


// Default Database Connection Name 'default' => 'mysql', // Database Connections 'connections' => array( 'mysql' => array( 'driver' => 'mysql', 'host' => '', 'database' => 'laravel-auth', 'username' => 'root', 'password' => '',

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Create the Users TableWith our database created, it won’t be very useful unless we have a table to store our users in. Let’s useartisan to create a new migration file named: create-users-table:

Let’s now edit our newly created migration file to create our userstable using the Schema Builder. We’llstart with the up() method:

This will create a table named users and it will have an id field as the primary key, firstname andlastname fields, an email field which requires the email to be unique, and finally a field for the password(must be at least 64 characters in length) as well as a few timestamps.

Now we need to fill in the down() method in case we need to revert our migration, to drop the users table:

And now we can run the migration to create our users table:

Start Server & Test It Out


'password' => '', 'charset' => 'utf8', 'collation' => 'utf8_unicode_ci', 'prefix' => '', ), // the rest of your database.php file's code ...

1 php artisan migrate:make create-users-table


public function up(){ $table->increments('id'); $table->string('firstname', 20); $table->string('lastname', 20); $table->string('email', 100)->unique(); $table->string('password', 64); $table->timestamps();}


public function down(){ Schema::drop('users');}

1 php artisan migrate

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Alright, our authentication application is coming along nicely. We’ve done quite a bit of preparation, let’sstart up our server and preview our app in the browser:

Great, the server starts up and we can see our home page:

Making the App Look PrettyBefore we go any further, it’s time to create a main layout file, which will use the Twitter Bootstrap to give ourauthentication application a little style!

Creating a Main Layout File

1 php artisan serve

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Under app/views/ create a new folder named layouts and inside it, create a new file namedmain.blade.php and let’s place in the following basic HTML structure:

Linking In the CSS FilesNext, we need to link in our bootstrap CSS file as well as our own main CSS file, in our head tag, right belowour title:

Now we just need to create this main.css file where we can add our own customized styling for our app.Under the public directory create a new folder named css and within it create a new file named main.css.


<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Authentication App With Laravel 4</title> </head> <body> </body></html>


<head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Authentication App With Laravel 4</title> {{ HTML::style('packages/bootstrap/css/bootstrap.min.css') }} {{ HTML::style('css/main.css')}}</head>

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Finishing the Main LayoutInside of our body tag, let’s create a small navigation menu with a few links for registering and logging in toour application:


<body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container"> <ul class="nav"> <li>{{ HTML::link('users/register', 'Register') }}</li> <li>{{ HTML::link('users/login', 'Login') }}</li> </ul> </div> </div> </div>

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Notice the use of several Bootstrap classes in order to style the navbar appropriately. Here we’re just usinga couple of DIVs to wrap an unordered list of navigation links, pretty simple.

For our application, we’re going to want to give our users simple flash messages, like a success messagewhen the user registers. We’ll set this flash message from within our controller, but we’ll echo out themessage’s value here in our layout. So let’s create another div with a class of .container and display anyavailable flash messages right after our navbar:

To display the flash message, I’ve first used a Blade if statement to check if we have a flash message todisplay. Our flash message will be available in the Session under message. So we can use theSession::has() method to check for that message. If that evaluates to true, we create a paragraph withthe Twitter bootstrap class of alert and we call the Session::get() method to display the message’svalue.

Now lastly, at least for our layout file, let’s echo out a $content variable, right after our flash message. Thiswill allow us to tell our controller to use this layout file, and our views will be displayed in place of this$content variable, right here in the layout:


</div> </body>


<body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container"> <ul class="nav"> <li>{{ HTML::link('users/register', 'Register') }}</li> <li>{{ HTML::link('users/login', 'Login') }}</li> </ul> </div> </div> </div> <div class="container"> @if(Session::has('message')) <p class="alert">{{ Session::get('message') }}</p> @endif </div> </body>


<body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container">

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Custom StylingNow that we have our layout complete, we just need to add a few small custom CSS rules to our main.cssfile to customize our layout a little bit more. Go ahead and add in the following bit of CSS, it’s pretty selfexplanatory:

I added just a small amount of padding to the top of the body tag in order to prevent our navbar fromoverlapping our main content. Then I target the Bootstrap’s .form-signup and .form-signin classes,which we’ll be applying to our register and login forms in order to set their width and center them on thepage.

Creating the Register Page


<div class="container"> <ul class="nav"> <li>{{ HTML::link('users/register', 'Register') }}</li> <li>{{ HTML::link('users/login', 'Login') }}</li> </ul> </div> </div> </div> <div class="container"> @if(Session::has('message')) <p class="alert">{{ Session::get('message') }}</p> @endif {{ $content }} </div> </body>


body { padding-top: 40px;} .form-signup, .form-signin { width: 400px; margin: 0 auto;}

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

It’s now time to start building the first part of our authentication application and that is our Register page.

The Users ControllerWe’ll start by creating a new UsersController within our app/controllers folder and in it, we define ourUsersController class:

Next, let’s tell this controller to use our main.blade.php layout. At the top of our controller set the $layoutproperty:

Now within our UsersController, we need an action for our register page. I named my actiongetRegister:

Here we just set the content layout property (this is the $content variable we echo’d out in our layout file)to display a users.register view file.

The Users Controller RoutesWith our controller created next we need to setup the routes for all of the actions we might create within ourcontroller. Inside of our app/routes.php file let’s first remove the default / route and then add in thefollowing code to create our UsersController routes:

Now anytime that we create a new action, it will be available using a URI in the following format:


<?php class UsersController extends BaseController { }?>


<?php class UsersController extends BaseController { protected $layout = "layouts.main";}?>


public function getRegister() { $this->layout->content = View::make('users.register');}

1 Route::controller('users', 'UsersController');

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

/users/actionName. For example, we have a getRegister action, we can access this using the followingURI: /users/register.

Note that we don’t include the “get” part of the action name in the URI, “get” is just the HTTPverb that the action responds to.

Creating the Register ViewInside of app/views create a new folder named users. This will hold all of our UsersController‘s viewfiles. Inside the users folder create a new file named register.blade.php and place the following codeinside of it:

Here we use the Form class to create our register form. First we call the open() method, passing in anarray of options. We tell the form to submit to a URI of users/create by setting the url key. This URI willbe used to process the registration of the user. We’ll handle this next. After setting the url we then give theform a class of form-signup.

After opening the form, we just have an h2 heading with the .form-signup-heading class.

Next, we use a @foreach loop, looping over all of the form validation error messages and displaying each$error in the unordered list.

After the form validation error messages, we then we create several form input fields, each with a class ofinput-block-level and a placeholder value. We have inputs for the firstname, lastname, email,


{{ Form::open(array('url'=>'users/create', 'class'=>'form-signup')) }} <h2 class="form-signup-heading">Please Register</h2> <ul> @foreach($errors->all() as $error) <li>{{ $error }}</li> @endforeach </ul> {{ Form::text('firstname', null, array('class'=>'input-block-level', 'placeholder' {{ Form::text('lastname', null, array('class'=>'input-block-level', 'placeholder' {{ Form::text('email', null, array('class'=>'input-block-level', 'placeholder' {{ Form::password('password', array('class'=>'input-block-level', 'placeholder' {{ Form::password('password_confirmation', array('class'=>'input-block-level' {{ Form::submit('Register', array('class'=>'btn btn-large btn-primary btn-block'{{ Form::close() }}

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

password, and password confirmation fields. The second argument to the text() method is set to null,since we’re using a placeholder, we don’t need to set the input fields value attribute, so I just set it to nullin this case.

After the input fields, we then create our submit button and apply several different classes to it so the Twitterbootstrap handles the styling for us.

Lastly, we just close the form using the close() method.

Make sure to start up your server, switch to your favorite browser, and if we browse tohttp://localhost:8000/users/register you should see your register page:

Processing the Register Form SubmissionNow if you tried filling out the register form’s fields and hitting the Register button you would have been

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

greeted with a NotFoundHttpException, and this is because we have no route that matches theusers/create URI, because we do not have an action to process the form submission. So that’s our nextstep!

Creating a postCreate ActionInside of your UsersController let’s create another action named postCreate:

Now this action needs to handle processing the form submission by validating the data and either displayingvalidation error messages or it should create the new user, hashing the user’s password, and saving theuser into the database.

Form ValidationLet’s start with validating the form submission’s data. We first need to create our validation rules that we’llvalidate the form data against. I prefer storing my validation rules in my model as that’s the convention I’mused to, from working with other frameworks. By default, Laravel ships with a User.php model alreadycreated for you.


The Swiss Army Knife of Testing.Start a Free SoapUI Pro TrialToday


public function postCreate() { }

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Make sure you don’t delete this User model or remove any of the preexisting code, as itcontains new code that is required for Laravel 4′s authentication to work correctly. Your Usermodel must implement UserInterface and RemindableInterface as well as implementthe getAuthIdentifier() and getAuthPassword() methods.

Under app/models open up that User.php file and at the top, add in the following code:

Here I’m validating the firstname and lastname fields to ensure they are present, only contain alphacharacters, and that they are at least two characters in length. Next, I validate the email field to ensure thatit’s present, that it is a valid email address, and that it is unique to the users table, as we don’t want to haveduplicate email addresses for our users. Lastly, I validate the password and password_confirmationfields. I ensure they are both present, contain only alpha-numeric characters and that they are between sixand twelve characters in length. Additionally, notice the confirmed validation rule, this makes sure that thepassword field is exactly the same as the matching password_confirmation field, to ensure users haveentered in the correct password.

Now that we have our validation rules, we can use these in our UsersController to validate the formsubmission. In your UsersController‘s postCreate action, let’s start by checking if the data passesvalidation, add in the following code:

We start by creating a validator object named $validator by calling the User::validate() method. Thisaccepts the two arguments, the submitted form input that should be validated and the validation rules thatthe data should be validated against. We can grab the submitted form data by calling the Input::all()method and we pass that in as the first argument. We can get our validation rules that we created in ourUser model by accessing the static User::$rules property and passing that in as the second argument.


public static $rules = array( 'firstname'=>'required|alpha|min:2', 'lastname'=>'required|alpha|min:2', 'email'=>'required|email|unique:users', 'password'=>'required|alpha_num|between:6,12|confirmed', 'password_confirmation'=>'required|alpha_num|between:6,12' );


public function postCreate() { $validator = Validator::make(Input::all(), User::$rules); if ($validator->passes()) { // validation has passed, save user in DB } else { // validation has failed, display error messages }}}

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

User model by accessing the static User::$rules property and passing that in as the second argument.

Once we’ve created our validator object, we call its passes() method. This will return either true or falseand we use this within an if statement to check whether our data has passed validation.

Within our if statement, if the validation has passed, add in the following code:

As long as the data that the user submits has passed validation, we create a new instance of our Usermodel: new User; storing it into a $user variable. We can then use the $user object and set each of theuser’s properties using the submitted form data. We can grab the submitted data individually using theInput::get('fieldName') method. Where fieldName is the field’s value you want to retrieve. Herewe’ve grabbed the firstname, lastname, and email fields to use for our new user. We also grabbed thepassword field’s value, but we don’t just want to store the password in the database as plain text, so we usethe Hash::make() method to hash the submitted password for us before saving it. Lastly, we save the userinto the database by calling the $user object’s save() method.

After creating the new user, we then redirect the user to the login page (we’ll create the login page in a fewmoments) using the Redirect::to() method. This just takes in the URI of where you’d like to redirect to.We also chain on the with() method call in order to give the user a flash message letting them know thattheir registration was successful.

Now if the validation does not pass, we need to redisplay the register page, along with some validation errormessages, with the old input, so the user can correct their mistakes. Within your else statement, add in thefollowing code:


if ($validator->passes()) { $user = new User; $user->firstname = Input::get('firstname'); $user->lastname = Input::get('lastname'); $user->email = Input::get('email'); $user->password = Hash::make(Input::get('password')); $user->save(); return Redirect::to('users/login')->with('message', 'Thanks for registering!'} else { // validation has failed, display error messages }


if ($validator->passes()) { $user = new User; $user->firstname = Input::get('firstname'); $user->lastname = Input::get('lastname'); $user->email = Input::get('email'); $user->password = Hash::make(Input::get('password')); $user->save(); return Redirect::to('users/login')->with('message', 'Thanks for registering!'

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Here we just redirect the user back to the register page with a flash message letting them know some errorshave occurred. We make sure to display the validation error messages by calling thewithErrors($validator) method and passing in our $validator object to it. Finally, we call thewithInput() method so the form remembers what the user originally typed in and that will make it nice andeasy for the user to correct the errors.

Adding In the CSRF Before FilterNow we need to make sure to protect our POST actions from CSRF attacks by setting the CSRF before filterwithin our UsersController‘s constructor method. At the top of your UsersController add in thefollowing code:

Within our constructor, we call the beforeFilter() method and pass in the string csrf, as the firstargument. csrf is the filter that we want to apply to our actions. Then we pass in an array as the secondargument and tell it to only apply this filter on POST requests. By doing this, our forms will pass along aCSRF token whenever they are submitted. This CSRF before filter will ensure that all POST requests to ourapp contain this token, giving us confidence that POST requests are not being issued to our applicationfrom other external sources.

Creating the Login PageBefore you run off and try out your register page, we first need to create the Login page so that when ourregister form submission is successful, we don’t get an error. Remember, if the form validation passes, wesave the user and redirect them to the login page. We currently don’t have this login page though, so let’screate it!

Still inside of your UsersController, create a new action named getLogin and place in the followingcode:


return Redirect::to('users/login')->with('message', 'Thanks for registering!'} else { return Redirect::to('users/register')->with('message', 'The following errors occurred'}


public function __construct() { $this->beforeFilter('csrf', array('on'=>'post'));}

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

This will display a users.login view file. We now need to create that view file. Under app/views/userscreate a new file named login.blade.php and add in the following code:

This code is very similar to the code we used in our register view, so I’ll simplify the explanation this timeto only what is different. For this form, we have it submit to a users/signin URI and we changed the form’sclass to .form-signin. The h2 has been changed to say “Please Login” and its class was also changed to.form-signin-heading. Next, we have two form fields so the user can enter in their email and password,and then finally our submit button which just says “Login”.

Let’s Register a New User!We’re finally at a point to where we can try out our registration form. Of course, the login functionalitydoesn’t work just yet, but we’ll get to that soon enough. We only needed the login page to exist so that ourregister page would work properly. Make sure your server is still running, switch into your browser, and visithttp://localhost:8000/users/register. Try entering in some invalid user data to test out the formvalidation error messages. Here’s what my page looks like with an invalid user:


public function getLogin() { $this->layout->content = View::make('users.login');}


{{ Form::open(array('url'=>'users/signin', 'class'=>'form-signin')) }} <h2 class="form-signin-heading">Please Login</h2> {{ Form::text('email', null, array('class'=>'input-block-level', 'placeholder' {{ Form::password('password', array('class'=>'input-block-level', 'placeholder' {{ Form::submit('Login', array('class'=>'btn btn-large btn-primary btn-block'{{ Form::close() }}

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Now try registering with valid user data. This time we get redirected to our login page along with our successmessage, excellent!

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Logging InSo we’ve successfully registered a new user and we have a login page, but we still can’t login. We now needto create the postSignin action for our users/signin URI, that our login form submits to. Let’s go backinto our UsersController and create a new action named postSignin:

Now let’s log the user in, using the submitted data from the login form. Add the following code into yourpostSignin() action:


public function postSignin() { }


if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password' return Redirect::to('users/dashboard')->with('message', 'You are now logged in!'

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Here we attempt to log the user in, using the Auth::attempt() method. We simply pass in an arraycontaining the user’s email and password that they submitted from the login form. This method will returneither true or false if the user’s credentials validate. So we can use this attempt() method within an ifstatement. If the user was logged in, we just redirect them to a dashboard view page and give them asuccess message. Otherwise, the user’s credentials did not validate and in that case we redirect them backto the login page, with an error message, and display the old input so the user can try again.

Creating the DashboardNow before you attempt to login with your newly registered user, we need to create that dashboard pageand protect it from unauthorized, non logged in users. The dashboard page should only be accessible tothose users who have registered and logged in to our application. Otherwise, if a non authorized userattempts to visit the dashboard we’ll redirect them and request that they log in first.

While still inside of your UsersController let’s create a new action named getDashboard:

And inside of this action we’ll just display a users.dashboard view file:

Next, we need to protect it from unauthorized users by using the auth before filter. In ourUsersController‘s constructor, add in the following code:

This will use the auth filter, which checks if the current user is logged in. If the user is not logged in, they getredirected to the login page, essentially denying the user access. Notice that I’m also passing in an array asa second argument, by setting the only key, I can tell this before filter to only apply it to the provided


return Redirect::to('users/dashboard')->with('message', 'You are now logged in!'} else { return Redirect::to('users/login') ->with('message', 'Your username/password combination was incorrect') ->withInput();}


public function getDashboard() { }


public function getDashboard() { $this->layout->content = View::make('users.dashboard');}


public function __construct() { $this->beforeFilter('csrf', array('on'=>'post')); $this->beforeFilter('auth', array('only'=>array('getDashboard')));}

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

actions. In this case, I’m saying to protect only the getDashboard action.

Customizing FiltersBy default the auth filter will redirect users to a /login URI, this does not work for our application though.We need to modify this filter so that it redirects to a users/login URI instead, otherwise get an error. Openup app/filters.php and in the Authentication Filters section, change the auth filter to redirect tousers/login, like this:

Creating the Dashboard ViewBefore we can log users into our application we need to create that dashboard view file. Underapp/views/users create a new file named dashboard.blade.php and insert the following snippet ofcode:

Here I’m displaying a very simple paragraph to let the user know they are now in their Dashboard.

Let’s Login!We should now be able to login. Browse to http://localhost:8000/users/login, enter in your user’scredentials, and give it a try.


/*|--------------------------------------------------------------------------| Authentication Filters|--------------------------------------------------------------------------|| The following filters are used to verify that the user of the current| session is logged into this application. The "basic" filter easily| integrates HTTP Basic authentication for quick, simple checking.|*/ Route::filter('auth', function(){ if (Auth::guest()) return Redirect::guest('users/login');});


<h1>Dashboard</h1> <p>Welcome to your Dashboard. You rock!</p>

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API


Displaying the Appropriate NavigationLinksOk, we can now register and login to our application, very cool! But we have a little quirk here, if you look atour navigation menu, even though we’re logged in, you can see that the register and login buttons are stillviewable. Ideally, we want these to only display when the user is not logged in. Once the user does loginthough, we want to display a logout link. To make this change, let’s open up our main.blade.php fileagain. Here’s what our navbar code looks like at the moment:


<div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container">

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Let’s modify this slightly, replacing our original navbar code, with the following:

All I’ve done is wrapped our li tags for our navbar in an if statement to check if the user is not logged in,using the !Auth::check() method. This method returns true if the user is logged in, otherwise, false. Soif the user is not logged in, we display the register and login links, otherwise, the user is logged in and wedisplay a logout link, instead.


<div class="container"> <ul class="nav"> <li>{{ HTML::link('users/register', 'Register') }}</li> <li>{{ HTML::link('users/login', 'Login') }}</li> </ul> </div> </div></div>


<div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container"> <ul class="nav"> @if(!Auth::check()) <li>{{ HTML::link('users/register', 'Register') }}</li> <li>{{ HTML::link('users/login', 'Login') }}</li> @else <li>{{ HTML::link('users/logout', 'logout') }}</li> @endif </ul> </div> </div></div>

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Logging OutNow that our navbar displays the appropriate links, based on the user’s logged in status, let’s wrap up thisapplication by creating the getLogout action, to actually log the user out. Within your UsersControllercreate a new action named getLogout:

Now add in the following snippet of code to log the user out:


public function getLogout() { }


public function getLogout() { Auth::logout(); return Redirect::to('users/login')->with('message', 'Your are now logged out!'}

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Here we call the Auth::logout() method, which handles logging the user out for us. Afterwards, weredirect the user back to the login page and give them a flash message letting them know that they havebeen logged out.

ConclusionAnd that concludes this Laravel 4 Authentication tutorial. I hope you’ve found this helpful in setting up authfor your Laravel apps. If you have any problems or questions, feel free to ask in the comments and I’ll try mybest to help you out. You can checkout the complete source code for the small demo app that we builtthroughout this tutorial on Github. Thanks for reading.

144 people like this. Sign Up to see w hat your friends like.Like

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Note: Want to add some source code? Type <pre><code> before it and </code></pre> after it. Find out more


Load Testing

Essential Tips for Testers &Developers. Grab this eBookNow.

Tags: authentication

Enjoyed this Post?Subscribe to our RSS Feed, Follow us on Twitteror simply recommend us to friends andcolleagues!

Tweet 144Like

Premium MembersSource Files, Bonus Tutorials & More for all relevantTuts+ sites in one subscription. Join Now

Sign In

By Andrew PerkinsRollover to read this author's bioor click through to see a full list ofposts by this author.

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Join the discussion…

Best Community Share

• Reply •

Andrew Cairns • 10 days agoI wouldn't use composer for including twitter bootstrap, I think that's more of a job for bower.Nice tutorial though, thanks for sharing.


• Reply •

Euan T. • 3 days ago Andrew CairnsCame to the comments to say the same thing. That's one stupidly over complicated process for installingsomething which should never be installed using a backend package manager anyway.

• Reply •

codedungeon • 7 days ago Andrew CairnsI completely agree! Using the approach here really over complicates matters (and perhaps scares somefolks away) Using bower, it makes it so simple to include these types of assets (even more so withJavaScript)

A simple

$ bower install bootstrap

And you are done!!!

• Reply •

Rafael Marques • 2 days ago codedungeonHi. I'm new to Laravel 4 and did get pass the bootstrap install as it is in the tutorial. I saw yourcomment here and want to know if i should do the "bower install bootstrap" comand over the npminstall. Is that ok to continue with the tutorial?

• Reply •

dojoVader • 7 days ago Andrew CairnsNormally i would have said all those are Hype tools but after using Bower, everything frontend goes to Bowerand Yoeman. its just too superb

• Reply •

Asep Edi Kurniawan • 8 days ago Andrew CairnsAgree.


Share ›

Share ›

Share ›

Share ›

Share ›

Share ›

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

• Reply •

• Reply •

Robclancy • 9 days agoThis tutorial should be taken down, edited to remove the TERRIBLE decision to use composer to bring in bootstrapand then put back up. I like to think of Nettuts as one of the only places I can send people for PHP due to so muchbad information out there about it. When a tutorial suggests that you install composer with bootstrap I have toseriously reconsider that.


• Reply •

Andrew Perkins • 9 days ago RobclancyHi Robclancy, thanks for the feedback. I just think it's easier to include Bootstrap from Composer, install it,compile, and publish it. I'm sorry you feel so strongly about something that is just my personal preference,feel free to include Bootstrap in whichever way you'd like.


• Reply •

Robclancy • 9 days ago Andrew PerkinsI don't care if you do it on your own stuff (do it wrongly that is, because that is exactly what it is). Butyou are doing it on nettuts. People are going to think it is normal and #laravel IRC is going to havepeople do it and I am going to tell them not to and so on.

You already pull in npm but use composer for bootstrap? Crazy stuff...


• Reply •

codedungeon • 7 days ago Andrew PerkinsAs a terminal whiz, I would think you would show the easiest way (ie bower) as opposed to composer.Heck, I had never even considered going this route (seems so laborious). I would agree with Rob andfeel as Nettuts content, you would show the easiest (arguably best) method and use bower.

I think the message here is for the "new" users who dont know about tools such as bower, it would bein Netttus best interest to show them the way (the modern way)

• Reply •

thefairystamp • 10 days agoUsing Laravel - lets use Bootstrap - lets use composer. Thanks for the Content on Laravel, but all I really wanted, isexactly that. Not using composer or using bootstrap. Seems like I am the only person in this world, that doesn't usebootstrap nowadays - but people really liked these parts of your tutorial. No hate, I just wanted to drop those lines,cause it really bugs me :x

8 1

• Reply •

nebulousWeb • 10 days ago thefairystampYou are not alone :P. Also, I don't understand all the hype about command line stuff.


Share ›


Share ›

Share ›

Share ›

Share ›


Share ›

Share ›

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

• Reply • 5

• Reply •

Jesus Bejarano • 10 days ago nebulousWebHype that have been around before we were born.


• Reply •

codedungeon • 7 days ago nebulousWebI dont think it is hype at all, just preference. There are thousands of developers around that have beenusing terminal since day one. I for one am much more productive using terminal as it is MUCH fasterto get tasks done with typing than using mouse.

• Reply •

Web Man • 10 days ago thefairystampFeeling you bro. I only use bootstrap when I test something out and don't want the fuzz to add css. But neverever used it in an client project.


• Reply •

Andrew Perkins • 9 days ago thefairystampThanks thefairystamp, I appreciate your feedback.

garethhallnz • 11 days agoMigration error 123456789public function up(){$table->increments('id');$table->string('firstname', 20);$table->string('lastname', 20);$table->string('email', 100)->unique();$table->string('password', 64);$table->timestamps();}

Should be

Share ›

Share ›

Share ›

Share ›

Share ›


pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

• Reply •

see more


• Reply •

rex • 10 days ago garethhallnzI believe you need to wrap the code in the Schema builder.

For example,

Schema::create('users', function($table) {


$table->string('firstname', 20);

$table->string('lastname', 20);

$table->string('email', 100)->unique();

$table->string('password', 64);



This works for me.


• Reply •

wguerrero • 10 days ago garethhallnzOnly a small mistake, the tutorial is really helpful.


• Reply •

rex • 11 days agoHi there, when I tried to run the command "make bootstrap-css", terminal gave me this error: "make: *** No rule tomake target `bootstrap-css'. Stop."

Any ideas why? I'm using mac. Thanks.


Hemant Singh • 10 days ago rexNo need to create Makefile or something related, just copy "vendor/twitter/bootstrap/dist/css" and paste it intoyour "public/packages/" folder or simply run

php artisan asset:publish --path="vendor/twitter/bootstrap/dist/css" bootstrap/css

Share ›

Share ›

Share ›


Share ›

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

• Reply •

it worked for me.


• Reply •

Ben Morgan • 9 days ago Hemant SinghLife saver. Thank you!

• Reply •

Bretticus • 10 days ago Hemant SinghThanks! Had the same issue with the make command. asset:publish did the trick!

• Reply •

EasyScrip • 10 days agoNice written. Excellent combination of Laravel, Bootstrap, Composer and of course Artisan cli. Brilliant. Please, writemore tutorial like this and include unit or functional test if You can. Very good tutorial. Teaching for future.


• Reply •

garethhallnz • 11 days agoI have been following the steps but when I run #>make bootstrap-css I get the following: make: *** No rule to maketarget `bootstrap-css'. Stop.


• Reply •

codedungeon • 7 days ago garethhallnzDo yourself a huge favor and learn to use bower :-)

Then, a simple call to "bower install bootstrap" and you are DONE (path location may vary)

Also, consider having a look at this tutorial on

• Reply •

Para Friv • 8 days agoThank you very much@#$ I have been following the steps but when I run #>make bootstrap-css Iget the following: make: *** No rule to make target `bootstrap-css'. Stop.


Christoph Rumpel • 9 days agoHey, thx for the good article. Though Laravel 4 is not new to me, i learned new stuff.

Share ›

Share ›

Share ›


Share ›


Share ›

Share ›


Share ›


pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

• Reply •

Hey, thx for the good article. Though Laravel 4 is not new to me, i learned new stuff.I would recommend to mention that you are using Bootstrap 2, because now the version 3 is included automaticallyand the styles do not work this way in this tutorial. Additionally i am not sure if anyone could complete this tutorial in30min unless he already knows everything mentioned here=)


• Reply •

evanxg852000 • 9 days agolaravel is great but just using blade withing a php app is not really worth for me as php was designed originally to sitnext to html. you may say let's move on but this is one of the fact that makes php simpler than things like python-django. Also using a form generator from a framework will alwayse get you out of control even though you getvalidation binding . these are things I never use in such framework. let html do the form and css presentation. the phpjust for the processing. ask yourself why did you learn html if you are still learning the laravel syntax to generateforms. have heard all those lines on blogs: more productive, standard, clean code. these are things that makes youwaste time learning what is not essential. please teach us the core components of laravel not components that dowhat we can do already.


• Reply •

dojoVader • 7 days ago evanxg852000I agree on the aspect of learning an alternative form of template when PHP php files already suffice, i won'tsay Blade is unnecessary but to me i see no added advantage, an example is the Zend Framework 2, whichallows me to use plain html files, as for the form generation i seriously disagree, especially in terms ofBusiness Solutions, i work for a company and honestly Form handling is a pain, Client Side Validation +Server Validation, Form Styling which is why i find the Zend Framework 2 Form API very appealing, theseframeworks allows us to do what we love doing better and faster.

• Reply •

Robclancy • 9 days ago evanxg852000I think you are mixing up blade and the form builder. Blade is fine as it is, it is just a nice little lightweighttemplating language. However when it comes to the form builder or the html "builder" I completely agree. Andevery time someone in IRC shows me some code and they are using PHP to write their HTML I cringe andwill most likely get into an argument about it.

• Reply •

Miguel Stevens • 9 days ago RobclancyIs IRC still used ? Where? I would like to find some chat-apps for developers :)

• Reply •

Robclancy • 9 days ago Miguel Stevens



Share ›


Share ›

Share ›

Share ›

Share ›

Share ›

pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

• Reply •

Hemant Singh • 9 days ago evanxg852000I think Evan you are talking about Single Page Application (SPA) in which we want to do most of browser stuff( form, html rendering etc) on client side and backend should be responsible for sending raw data (JSON) --complete separation of concern (even I love it)

I am agree with you, being a front end developer I don't want to touch any backend code also backenddeveloper won't feel good to create html form.

Now I am looking for a tutorial ( you can say SPA tutorial) where backend developer should be responsible forsending raw data (JSON) to frontend doing so front end developer will be more then happy to play with JSONon front end side and backend developer will also be happy because he have no need to worry about styling,form building etc front end stuff.

while dealing with SPA I am facing little problem with authentication and initial page rendering that's why Icreated this stack overflow

please help!!!

• Reply •

tom • 10 days agoNice to see a Laravel tutorial on nettuts Good work


• Reply •

SoranAwla • 11 days agoImportant tutorial and easy to follow, Thanks Andrew.


• Reply •

Jubi • 9 days ago SoranAwlaThis tutorial is really awesome! Like it very much.

• Reply •

Hemant Singh • 10 days ago SoranAwlaAwesome tutorial, since long long time I was looking authentication tutorial like this, now i have no doubt haha, bunch of thanks to Andrew for this nice writeup.

• Reply •

Jecson Singh • 5 hours agogreat dear.

Eduardo Vásquez • 6 hours ago

Share ›


Share ›


Share ›

Share ›

Share ›


Share ›


pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

• Reply •

I'm aware that this is a beginners tutorial, but for authentication I would use Sentry, it is quick, simple, powerful, and itfits perfect with laravel.

• Reply •

Brennan Hoeting • 3 days agoWhen I try to click on the Submit button for either the Login or Register page (regardless of what's in the fields), I get


Has anyone experienced this with this project? I've checked for solutions elsewhere but it seems there are manydifferent things causing this problem.

• Reply • • 4 days agoIt's cool. But now any framework (for example Zend Framework, Symfony 2) has a internal tool for authorization. Ithink, the best practice to use internal functionality, with minimal count of third-party instrumentary.

• Reply •

Sosana • 6 days agoWell done my good sir!!! Wanna hear something funny? On laracasts they have a bower tut bring in bootstrap andpeople on there were complaining about not using composer!!! Can't make everyone happy happy happy!

• Reply •

Gahe • 7 days agoI am glad to catch idea from your article. It has information I have been searching for a long time. Thanks so much.

• Reply •

asfdas • 9 days agoafsasdfas

• Reply •

Janek Kowalski • 9 days agoAdding In the CSRF Before Filter - what with timeout issue and 50x error?

Romain • 9 days agoHI, good post, just a thing or two:-Why create a new route for creating a user? Isn't User a resource? Therefore maybe it would be better to simplycreate a resource (maybe using the nice tool in sublime text created by your colleague Jeffrey Way?) and thensimply access user.create... It's RESTful, it's easy, it's pretty.-Following that, I think a User model, should not have to login, or logout, or display a dashboard. Hence, maybe


Share ›


Share ›


Share ›


Share ›


Share ›


Share ›


Share ›


pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API

Nettuts+ is part of the Tuts+ Network, teaching creative skills to millions worldwide.

Load more comments

• Reply •

-Following that, I think a User model, should not have to login, or logout, or display a dashboard. Hence, maybecreating a simple AuthController and AdminController, with login/logout methods (and dashboard) should be enoughto handle everything you need. Make it simpler as well and keeps code separated

• Reply •

Andrew Perkins • 9 days ago RomainHi Romain, yep you could easily create a resource controller if you'd prefer and separate out theauthentication if you wanted. Laravel gives you many options.

• Reply •

Jesus Bejarano • 10 days agoWasn't this a Laravel Auth tutorial or a Bootstrap one?. Good tut Mr.Perkins but you could just skip and drop thestylesheet there and go straight to the point.

• Reply •

Andrew Perkins • 9 days ago Jesus BejaranoThanks Jesus. I included the styling because some people like seeing how to integrate things into theirframework. You don't have to do the styling yourself, you could just skip it :)


Subscribe Add Disqus to your site

Share ›

Share ›


Share ›

Share ›