Laravel 5.2 Authentication Tutorial

Laravel provides easy way to add authentication functionality into your web application. You only need to write a single command and rest is done by Laravel. As we know, when we create a project, Laravel creates user and password table with their model by default. Below we have created a project with name "auth" and issued make:auth command, that creates complete authentication module.

composer create-project laravel/laravel auth
php artisan migrate
php artisan make:auth

This single line will do a lot of work now if you open your "/home" link you will see, login form, create new user, password length rule i.e. 6 characters, forgot password features are automatically created. It will also create a master layout named as "app" located in layouts folder further located in views e.g. D:\wamp\www\auth\resources\views\layouts

It created the following views located in auth folder further located in views e.g. D:\wamp\www\auth\resources\views\auth


It also created the controller named HomeController for us in the controllers folder e.g. D:\wamp\www\auth\app\Http\Controllers. It even has set the routes for us like:

/home , HomeController@index

Now you can change it as you want, for example you don’t want to redirect the page when registered or logged in a user to home so you just go to the AuthController you will see the following line written, you can change it to redirect you page where ever you want.

protected $redirectTo = '/home';

Now if you want to get the authenticated user you just need to do two things first enter the following line on the top of your controller e.g. HomeController

use Auth;

And second just use a single line it will return you your authenticated user i.e.


If you make this change in your index function of your homecontroller you will see that it will return all the data related to user which is in login state.
Similarly if you want to fetch some specific data of that user you can just use “->”and write the name of the attribute for example you want to fetch only the name so you will write


But if this function is called when the user is not logged in then we will get an error so just to make sure that are user has logged in we can apply the check, we will check this by the following line

if (Auth::check())

Let’s apply them, first I will change the my redirect so when I login I am redirected to a page named info, for that I will go to the AuthticatoinController

protected $redirectTo = '/info';

Now I will set my route and it will be updated as

Route::group(['middleware' => 'web'], function () {
    Route::get('/home', 'HomeController@index');
    Route::get('/abc', 'BasicController@che');

Remember that middleware only allows authenticated user to access that page which means if you put the Route::get('/abc', 'BasicController@che') outside the middleware then it will consider you always as a guest
Now as you can see I have to make a BasicController with a functioned named “che” which will check that the user is logged in or not

namespace App\Http\Controllers;
use Auth;
use Illuminate\Http\Request;

class BasicController extends Controller{
public function abc(){
    if (Auth::guest()) {
        return "you are just a guest";
 if (Auth::check()){
        $user = Auth::user();
        return "you are authorized user $user->name";

So if you now access this page when you are logged out it will return “you are just a guest” however if you access this when you are logged in it will return “you are authorize user username”, username will be the name of the user who is logged in.

Now if you go to the Kernel.php located in HTTP folder further located in app folder e.g. D:\wamp\www\auth\app\Http you will see that there are two types of middleware, one is defined under $middlewareGroups and other under $routeMiddleware. The difference is that the $middlewareGroups is applied to every request while $routeMiddleware is applied to only those routes on which we attach them. We use middle as defined below

public function __construct() {


Let’s apply "auth" middleware on our entire controller

namespace App\Http\Controllers;

use Auth;
use Illuminate\Http\Request;
class BasicController extends Controller{

public function __construct()
public function abc(){…}}

Now you see if you are not logged in and you try to access abc function it will redirect you to login page.

You can also apply it to a specific function for example I want to apply it on only the “che” method

$this->middleware('auth',['only' => 'che']);

Similarly you can also apply it to all functions except someone for example I want to apply it on all except the “che” method

$this->middleware('auth',[ 'except' => 'che']);

You can also manually logout the user at a point by just a single line


Now let’s do it for example we want that whenever out function is called the user is logged out and we get a message in return

namespace App\Http\Controllers;
use Auth;

use Illuminate\Http\Request;

class BasicController extends Controller {

public function out(){
        return "you are logged out";