Password Protect
I'm buiding a design portfolio and showcasing case studies. Some of which are protected under a NDA - i have permision to show the work to future clients but not advertise so I'm going to put them behind a password. I'm currently using voyager as a blog and content loader but I dont want the visitor to login, just use a password that i will supply.
So basically, I need some routes to be protected with out using Auth? Doable?
Hey, thanks for the suggestions but I can't get either to work... head meet desk!!!
Yeah man, that's totally doable,
Do you want these routes that are not protected with authentication to still use the admin interface?
Anything inside of your routes/web.php that are outside of the Voyager routes:
Route::group(['prefix' => 'admin'], function () {
Voyager::routes();
});
Will be accessible without authentication. Let me know if that helps or feel free to share some code samples and I can help further ;)
1
So as I only want a password that I supply to be used (and not an email address) I was wondering if I just set up a user and password in voyager and have that stored in the controller (or somewhere) then have a middlewere on my ProjectsController@show.
This is my routes for the case studies
Route::get('case-studies', 'ProjectsController@index')->name('case-studies.index');
Route::get('case-studies/{project}', 'ProjectsController@show')->name('case-studies.show');
Route::group(['prefix' => 'admin'], function () {
Voyager::routes();
});
My case-studies controller currently looks like this:
use App\Project;
use Illuminate\Http\Request;
class ProjectsController extends Controller
{
// Get Case Studies page (/case-studies)
public function index() {
$projects = Project::all();
return view('case-studies.index', ['projects' => $projects]);
}
// Get Case Study (/case-studies/slug)
public function show($slug) {
$project = Project::where('slug', $slug)->firstOrFail();
return view('case-studies.show', ['project' => $project]);
}
}
I don't really mind where the user puts the password to be honest but the only thing with using the voyager login is it shows the email address as well. Possibly a simple pop-up on the show routes would be better?
I'm still at an early stage of learning so any guidance on what I should be doing would be greatly appreciated.
Here's probably the easiest way to do this. You could create a new user in Voyager, say that you created a user with an email [email protected], with password as password123.
You could then create a view with a form and have that email be a hidden field like this:
<form action="POST" method="/login">
@csrf
<input type="hidden" name="email" value="[email protected]">
<input type="password" name="password">
<input type="submit" value="login">
</form>
After the user has logged in, you could then hardcode that email inside of your ProjectsController like so:
use App\Project;
use Illuminate\Http\Request;
class ProjectsController extends Controller
{
// Get Case Studies page (/case-studies)
public function index() {
$projects = Project::all();
return view('case-studies.index', ['projects' => $projects]);
}
// Get Case Study (/case-studies/slug)
public function show($slug) {
if(auth()->guest() || (!auth()->guest() && auth()->user()->email != '[email protected]')){
return redirect('/');
}
$project = Project::where('slug', $slug)->firstOrFail();
return view('case-studies.show', ['project' => $project]);
}
}
A better way might be to create a new row in the projects table called project_email, and then you can add the email address you want in that column for that project (ex. [email protected]), and you could rewrite your controller like so:
use App\Project;
use Illuminate\Http\Request;
class ProjectsController extends Controller
{
// Get Case Studies page (/case-studies)
public function index() {
$projects = Project::all();
return view('case-studies.index', ['projects' => $projects]);
}
// Get Case Study (/case-studies/slug)
public function show($slug) {
$project = Project::where('slug', $slug)->firstOrFail();
if(auth()->guest() || (!auth()->guest() && auth()->user()->email != $project->project_email)){
return redirect('/');
}
return view('case-studies.show', ['project' => $project]);
}
}
And in this case, only the email address you want to allow access to that project will be allowed to view that page.
Hope that helps :)
1
This is working great, thanks so much. One last thing before I finish up - once the user has signed in, whats the best practice to re-direct them to:
Route::get('case-studies', 'ProjectsController@index')->name('case-studies.index');
The user within the database has a role id of 2 - standard Voyager user. Currently when the new form submits, it redirects to /