Second login for Administration site

@ChaoZz Firstly If you want to verify if it is a user, keep captcha. And if still you want to login 2nd time, you can create 2 routes, pointing to same login page, but 1st route will redirect to 2nd route and 2nd route will have auth middleware.

@SachinAgarwal I think u didn't untserstood me. I want the user to verify again with his password. then i want to check if password matches and that he has permission to access it. But i dont want to log out the user on the main page. It should just be a second "check" rather then a login.

@ChaoZz In this case, after login You can simply redirect to a route asking only for password. But this route will have a middleware to check if the user is logged in. If logged in then proceed to this 2nd time password page. And then you can just do this for checking:

if( ! strcmp(bcrypt($request['password']),Auth::user()->password))
{
    // Passwords match
}

P.S. Asking to enter password 2 times will annoy your users. (Just a suggestion).

@SachinAgarwal I'm just asking again, because it is an administrativ section. For example if the user leaves and his friend goes on his computer and he is logged in, then he could simply open the administrative page without entering any password.

I agree with @SachinAgarwal , if you're not talking about 'security critical' operations, like e.g. financial transactions, you'll mostly annoy your users.

What you can do on the other hand is having the user enter his password on potentially harmful actions, like deleting his account, changing his password, etc, by adding the password field to the corresponding form.

@ChaoZz Exactly like @RemiC said, You add middleware for those routes which have heavy impact on the system.

The administrative page has content about financial stuff

In the Guard API and laravel docs under authentication displays a specific method to perform a auth check exactly for your question.

The validate method.