Controllers - Dashboard Laravel

Overview

Controllers in Dashboard Laravel handle incoming HTTP requests, process business logic, and return responses. They act as the intermediary between routes and models, following the MVC pattern.

All controllers are located in app/Http/Controllers/ and extend the base Controller class.

Controller Architecture

The application follows Laravel 11’s controller structure:

app/Http/Controllers/
├── Controller.php          # Abstract base controller
├── AuthController.php      # Authentication logic
└── HomeController.php      # Home page controller

Base Controller

Abstract foundation for all controllers

AuthController

Handles login, registration, and logout

HomeController

Dashboard home page logic

Base Controller

Location: app/Http/Controllers/Controller.php

abstract class Controller
{
    //
}

Base Controller Details

Purpose: Provides common functionality for all application controllers.Key Features:

Abstract class that cannot be instantiated directly
Extends Laravel’s base controller functionality
Serves as foundation for dependency injection
Can include shared helper methods

Usage:

class YourController extends Controller
{
    // Your controller methods
}

AuthController

Location: app/Http/Controllers/AuthController.php Handles all authentication-related operations including login, registration, and logout.

class AuthController extends Controller
{
    public function showLogin()
    public function login(Request $request)
    public function showRegister()
    public function register(Request $request)
    public function logout(Request $request)
}

AuthController Methods

showLogin() - Display Login Page

Route: GET /Purpose: Display the login form or redirect authenticated users to dashboard.

public function showLogin()
{
    if (Auth::check()) return redirect('/dashboard');
    return view('home');
}

Logic:

Check if user is already authenticated using Auth::check()
If authenticated, redirect to /dashboard
If not authenticated, display home.blade.php view (login page)

Returns: View or redirect response

Route: POST /loginPurpose: Validate credentials and authenticate user.

public function login(Request $request)
{
    $request->validate([
        'email'    => 'required|email',
        'password' => 'required|min:6',
    ], [
        'email.required'    => 'El correo es obligatorio.',
        'email.email'       => 'Ingresa un correo válido.',
        'password.required' => 'La contraseña es obligatoria.',
        'password.min'      => 'Mínimo 6 caracteres.',
    ]);

    if (Auth::attempt($request->only('email', 'password'), $request->has('remember'))) {
        $request->session()->regenerate();
        return redirect('/dashboard');
    }

    return back()->withErrors(['email' => 'Credenciales incorrectas.'])->withInput();
}

Validation Rules:

email - Required, must be valid email format
password - Required, minimum 6 characters

Logic Flow:

Validate incoming request data
Attempt authentication with Auth::attempt()
Check “remember me” checkbox status
On success: Regenerate session and redirect to dashboard
On failure: Redirect back with error message and preserve input

Security Features:

Session regeneration prevents session fixation attacks
Custom Spanish error messages for better UX
Remember me functionality for persistent sessions

Returns: Redirect response

showRegister() - Display Registration Page

Route: GET /signupPurpose: Display the registration form or redirect authenticated users.

public function showRegister()
{
    if (Auth::check()) return redirect('/dashboard');
    return view('signup');
}

Logic:

Check authentication status
Redirect authenticated users to dashboard
Show signup.blade.php for guests

Returns: View or redirect response

Route: POST /signupPurpose: Create new user account and auto-login.

public function register(Request $request)
{
    $request->validate([
        'name'     => 'required|string|max:255',
        'email'    => 'required|email|unique:users,email',
        'password' => 'required|min:6|confirmed',
    ], [
        'name.required'      => 'El nombre es obligatorio.',
        'email.required'     => 'El correo es obligatorio.',
        'email.unique'       => 'Este correo ya está registrado.',
        'password.min'       => 'Mínimo 6 caracteres.',
        'password.confirmed' => 'Las contraseñas no coinciden.',
    ]);

    $user = User::create([
        'name'     => $request->name,
        'email'    => $request->email,
        'password' => Hash::make($request->password),
    ]);

    Auth::login($user);
    return redirect('/dashboard');
}

Validation Rules:

name - Required, string, max 255 characters
email - Required, valid email, unique in users table
password - Required, min 6 characters, must match confirmation

Logic Flow:

Validate registration data
Create new User record with hashed password
Automatically login the new user
Redirect to dashboard

Security Features:

Password hashing with Hash::make()
Email uniqueness check prevents duplicates
Password confirmation validation
Custom Spanish error messages

Returns: Redirect response to dashboard

logout(Request) - Process Logout

Route: POST /logoutPurpose: End user session and clear authentication.

public function logout(Request $request)
{
    Auth::logout();
    $request->session()->invalidate();
    $request->session()->regenerateToken();
    return redirect('/');
}

Logic Flow:

Logout user with Auth::logout()
Invalidate current session
Regenerate CSRF token for security
Redirect to home page

Security Features:

Complete session invalidation
CSRF token regeneration prevents token reuse
Clean logout prevents session hijacking

Returns: Redirect to home page

HomeController

Location: app/Http/Controllers/HomeController.php

class HomeController extends Controller
{
    //
}

HomeController Details

Purpose: Placeholder for home page logic.Currently empty - logic is handled directly in routes using closures:

Route::get('/dashboard', fn() => view('welcome'));

Future Use Cases:

Dashboard data aggregation
Statistics calculation
Recent activity fetching
User preferences loading

Request Handling Flow

Understanding how requests flow through controllers:

Request Validation

Controllers use Laravel’s validation system for data integrity:

Validation Syntax

$request->validate([
    'field' => 'rule1|rule2|rule3',
], [
    'field.rule1' => 'Custom error message',
]);

Common Validation Rules Used

required

Field must be present and not empty

email

Must be valid email format

min:6

Minimum length of 6 characters

unique:table,column

Value must be unique in database

confirmed

Must match field_confirmation input

string

Must be a string data type

max:255

Maximum length of 255 characters

Custom Error Messages

The application uses Spanish error messages for better user experience:

[
    'email.required'    => 'El correo es obligatorio.',
    'email.email'       => 'Ingresa un correo válido.',
    'password.required' => 'La contraseña es obligatoria.',
    'password.min'      => 'Mínimo 6 caracteres.',
]

Response Handling

Controllers can return various response types:

View Responses

Return a rendered Blade view:

return view('home');
return view('signup');
return view('welcome');

Views are located in resources/views/.

Redirect Responses

Redirect to another URL:

return redirect('/dashboard');
return redirect('/');
return back(); // Return to previous page

Redirect with Data

Pass data to the redirected page:

return back()->withErrors(['email' => 'Credenciales incorrectas.']);
return back()->withInput();
return redirect('/')->with('success', 'Mensaje de éxito');

Dependency Injection

Controllers use dependency injection for accessing services:

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Illuminate\Support\Facades\Hash;

Injected Dependencies

Request - Access HTTP request data
Auth - Authentication services
Hash - Password hashing
User Model - Database operations

Route-Controller Mapping

From routes/web.php:

Route::get('/',        [AuthController::class, 'showLogin'])->name('home');
Route::post('/login',  [AuthController::class, 'login'])->name('login');
Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
Route::get('/signup',  [AuthController::class, 'showRegister'])->name('signup');
Route::post('/signup', [AuthController::class, 'register'])->name('register');

Named routes allow easy URL generation in views using route('name')

Closure-Based Routes

Some routes use closures instead of controllers:

Route::get('/dashboard',     fn() => view('welcome'))->name('dashboard');
Route::get('/estadisticas',  fn() => view('estadisticas'))->name('estadisticas');
Route::get('/ventas',        fn() => view('ventas'))->name('ventas');
Route::get('/clientes',      fn() => view('clientes'))->name('clientes');
// ... additional routes

When to use closures:

Simple view rendering without logic
Quick prototyping
Static pages

When to use controllers:

Complex business logic
Database operations
Form processing
Multiple related actions

Best Practices

Single Responsibility

Each controller method should handle one specific action

Validation

Always validate user input before processing

Session Security

Regenerate sessions after authentication state changes

Error Handling

Provide clear, user-friendly error messages

Type Hinting

Use type hints for better IDE support and error prevention

Named Routes

Use named routes for maintainable URL generation

Next Steps

Views

Learn about Blade templating

Models

Explore Eloquent models

Routing

Understand route configuration

Architecture

Database

Frontend

​Overview

​Controller Architecture

Base Controller

AuthController

HomeController

​Base Controller

​AuthController

​AuthController Methods

​HomeController

​Request Handling Flow

​Request Validation

​Validation Syntax

​Common Validation Rules Used

required

email

min:6

unique:table,column

confirmed

string

max:255

​Custom Error Messages

​Response Handling

​Dependency Injection

​Injected Dependencies

​Route-Controller Mapping

​Closure-Based Routes

​Best Practices

Single Responsibility

Validation

Session Security

Error Handling

Type Hinting

Named Routes

​Next Steps

Views

Models

Routing

Build docs developers (and LLMs) love

Overview

Controller Architecture

Base Controller

AuthController

AuthController Methods

HomeController

Request Handling Flow

Request Validation

Validation Syntax

Common Validation Rules Used

Custom Error Messages

Response Handling

Dependency Injection

Injected Dependencies

Route-Controller Mapping

Closure-Based Routes

Best Practices

Next Steps