Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello, I'm new to laravel and I've been following the "Laravel 5 Fundementals" videos hoping to learn how to work with laravel. I made it to episode 15 but now I'm running into a problem. I can confirm that if I use /auth/registration I can sign up new users successfully as they show up in my database with all the fields that were filled in successfully inserted. However trying to sign in a user doesn't seem to work.
I've set the AuthController (App\Http\Controllers\Auth\AuthController) to redirect to my homepage (/) and set some custom validation rules to reflect stricter rules / reflect new fields I added.
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
protected $redirectTo = '/';
public function __construct()
{
$this->middleware($this->guestMiddleware(), ['except' => 'logout']);
}
protected function validator(array $data)
{
return Validator::make($data, [
'username' => 'required|max:255|unique:users,username',
'email' => 'required|email|max:255|unique:users,email',
'password' => ['required', 'min:8', 'max:255', 'confirmed',
'regex:~^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}|.{20,}$~'],
'realName' => 'max:255'
]);
}
protected function create(array $data)
{
return User::create([
'username' => $data['username'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
'realName' => empty($data['realName']) ? null : $data['realName']
]);
}
}
In my controller for the root domain (/) I've set it as following:
public function index()
{
if(\Auth::check())
return \Auth::user();
return view('home');
}
And I always get the view instead of the user, var_dump'ing \Auth::user() gives me a null value. My app\Http\User.php is as follows:
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
public $primaryKey = 'userName';
public $incrementing = false;
public $redirectPath = '/auth/login';
protected $fillable = ['username', 'email', 'realName','password']; // Allow mass assigning
protected $hidden = [
'password', 'remember_token',
];
}
And I have not modified any class it inherits from. Could someone please tell me how to further debug this, from what I've understood from the tutorial video if I get redirected I should have a successful login, otherwise I would have been redirected to the form itself. I seem to have the awkward situation where I'm not logged in successfully but I am redirected.
Doing a var_dump($errors) in my root view isn't giving me any insight either.
I can only assume that you have "double web middleware". There was a change in Laravel recently that moved the middleware back into the service provider for the routes.
Try removing the web middleware from your routes.php file. You can verify that it is in your service provider by opening RoutesServiceProvider (or something like that) :)
Anyway, try that first
Thank you for responding :).
I've yet to reach the episode discussing middleware so I'm not sure if I fully understand you. My route.php file however is free of anything I didn't add myself.
<?php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
Route::get('/', 'HomeController@index');
// Static routes for static pages
Route::get('about', 'StaticPageController@about');
Route::get('bootleg', 'StaticPageController@bootleg');
//Registration routes
Route::get('auth/register', 'Auth\AuthController@getRegister');
Route::post('auth/register', 'Auth\AuthController@postRegister');
//Authentication routes
Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::post('auth/login', 'Auth\AuthController@postLogin');
Route::get('auth/logout', 'Auth\AuthController@getLogout');*/
//All of the color REST routes, except delete?
Route::resource('colors', 'ColorsController');
Route::get('colors/{name}/delete', 'ColorsController@delete');
//All of the plushy REST routes, except delete?
Route::resource('plushies', 'PlushiesController');
Route::get('/home', 'HomeController@index');
If I run php artisan route:list I do get the following which contains quite a few more routes then I thought I had and the last column does have two different types of middleware for both App\Http\Controllers\Auth\AuthController and App\Http\Controllers\Auth\PasswordController.
+--------+--------------------------------+--------------------------------------------------------+------------------+------------------------------------------------------------+------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+--------------------------------+--------------------------------------------------------+------------------+------------------------------------------------------------+------------+
| | GET|HEAD | / | | App\Http\Controllers\HomeController@index | web |
| | GET|HEAD | about | | App\Http\Controllers\StaticPageController@about | web |
| | GET|HEAD | auth/login/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\AuthController@getLogin | web,guest |
| | POST | auth/login/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\AuthController@postLogin | web,guest |
| | GET|HEAD | auth/logout/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\AuthController@getLogout | web,guest |
| | POST | auth/register/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\AuthController@postRegister | web,guest |
| | GET|HEAD | auth/register/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\AuthController@getRegister | web,guest |
| | GET|HEAD|POST|PUT|PATCH|DELETE | auth/{_missing} | | App\Http\Controllers\Auth\AuthController@missingMethod | web,guest |
| | GET|HEAD | bootleg | | App\Http\Controllers\StaticPageController@bootleg | web |
| | POST | colors | colors.store | App\Http\Controllers\ColorsController@store | web |
| | GET|HEAD | colors | colors.index | App\Http\Controllers\ColorsController@index | web |
| | GET|HEAD | colors/create | colors.create | App\Http\Controllers\ColorsController@create | web |
| | GET|HEAD | colors/{colors} | colors.show | App\Http\Controllers\ColorsController@show | web |
| | DELETE | colors/{colors} | colors.destroy | App\Http\Controllers\ColorsController@destroy | web |
| | PUT|PATCH | colors/{colors} | colors.update | App\Http\Controllers\ColorsController@update | web |
| | GET|HEAD | colors/{colors}/edit | colors.edit | App\Http\Controllers\ColorsController@edit | web |
| | GET|HEAD | colors/{name}/delete | | App\Http\Controllers\ColorsController@delete | web |
| | GET|HEAD | home | | App\Http\Controllers\HomeController@index | web |
| | GET|HEAD | password/broker/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\PasswordController@getBroker | web,guest |
| | GET|HEAD | password/email/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\PasswordController@getEmail | web,guest |
| | POST | password/email/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\PasswordController@postEmail | web,guest |
| | GET|HEAD | password/reset/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\PasswordController@getReset | web,guest |
| | POST | password/reset/{one?}/{two?}/{three?}/{four?}/{five?} | | App\Http\Controllers\Auth\PasswordController@postReset | web,guest |
| | GET|HEAD|POST|PUT|PATCH|DELETE | password/{_missing} | | App\Http\Controllers\Auth\PasswordController@missingMethod | web,guest |
| | POST | plushies | plushies.store | App\Http\Controllers\PlushiesController@store | web |
| | GET|HEAD | plushies | plushies.index | App\Http\Controllers\PlushiesController@index | web |
| | GET|HEAD | plushies/create | plushies.create | App\Http\Controllers\PlushiesController@create | web |
| | DELETE | plushies/{plushies} | plushies.destroy | App\Http\Controllers\PlushiesController@destroy | web |
| | PUT|PATCH | plushies/{plushies} | plushies.update | App\Http\Controllers\PlushiesController@update | web |
| | GET|HEAD | plushies/{plushies} | plushies.show | App\Http\Controllers\PlushiesController@show | web |
| | GET|HEAD | plushies/{plushies}/edit | plushies.edit | App\Http\Controllers\PlushiesController@edit | web |
+--------+--------------------------------+--------------------------------------------------------+------------------+------------------------------------------------------------+------------+
You're saying I should remove the web middleware, but it's not in my my own routes.php list so I'm not sure how to approach this.
[edit]
In AuthController and PasswordController I have disabled the middleware reference $this->middleware('guest'); in their constructors. If I run php artisan route:list everything only has 'web' in the middleware column. So it's at least all in the same middleware now, but that was the one you asked me to disable - I still have no idea how.
I guess it has to be the 'web' middleware that has to disable then, but how.
[edit 2] I found that App\Http\Providers\RouteServiceProvider sets the web middleware
protected function mapWebRoutes(Router $router)
{
$router->group([
'namespace' => $this->namespace, 'middleware' => 'web',
], function ($router) {
require app_path('Http/routes.php');
});
}
Removing the 'middleware' => 'web' tidbit makes my views spit out errors because they no longer have an $errors variable. Removing all references to $errors from my views and trying to login just gives me the same problem. I can register an account, but I can't log in with one.
[edit3] download link for all code in case anyone wants to dive in.
Make sure your login form is submitting a POST request rather than a GET request.
It was indeed a POST request. I seem to have resolved the issue somehow while doing some work I could do in the meantime while I couldn't login. One of the changes I made to the User class or a form or validator must have fixed whatever it was that was going wrong.
Thanks for thinking along guys :) time to move on to the middleware lessons.
Please or to participate in this conversation.