Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm using Laravel 7 with make:auth and I have several routes after users have successful login. ie.
/profile /todo /some_other_routes etc
Now I would like to create a "I agree to terms and conditions" page, so if they have never accepted the TOS before, after login it will be redirected to the TOS page and they cannot access any other pages, not until they have accepted the TOS.
If I implemented the login in authenticated function in LoginController, user can still bypass the TOS page by manually entering /profile /todo /some_other_routes
So what's the best practice of implementing the "TOS" feature?
It would work very similarly to Email verification in Laravel.
You can make an additional field in your users table that checks if the terms were agreed to (boolean or datetime). You would also have additional middleware alongside your auth middleware that redirects to the TOS page if that field is null (meaning the TOS has not been agreed to yet).
Hope this helps!
Thanks @drehimself for quick response.
I'm thinking if there's another way of doing this instead of having an additional middleware.
\App\Http\Controllers\Controller.php
Is it ok to add the construct function to this file? putting the logic into that function, check if that field is null, if so redirect back to the TOS page.
Please advise.
@redjersey theres really no issue with having an additional middleware to do this. You've got to add code somewhere and middleware is as good as any.
@redjersey You were given an appropriate answer by @drehimself. Use middleware to restrict routes that require the user to have had accepted the terms before viewing.
Don’t put it in your base controller file as then you’re clogging that file up; you can’t decide which routes the logic should and shouldn’t apply to without loads of horrible conditional logic; and it now means that if you want to define a constructor in another controller (i.e. for dependency injection) you now have to remember to call parent::__construct() as well. It’s just going to make your code messy.
Use middleware. It was made for cases like these.
Thank you all, I'll read some documentations of how to add an additional middleware.
Please or to participate in this conversation.