Authentication System Dashboard Laravel includes a complete authentication system built with Laravel 11’s native authentication features, providing secure user login, registration, and session management.
Overview The authentication system handles:
User Login Secure login with email and password validation
User Registration New user registration with validation rules
Session Management CSRF protection and session regeneration
Password Security Bcrypt hashing for password storage
Authentication Controller The AuthController manages all authentication operations. Located at:
app/Http/Controllers/AuthController.php
Controller Structure namespace App\Http\Controllers ; use Illuminate\Http\ Request ; use Illuminate\Support\Facades\ Auth ; use App\Models\ User ; use Illuminate\Support\Facades\ Hash ; class AuthController extends Controller { // Login, Register, and Logout methods }
Authentication Routes All authentication routes are defined in routes/web.php:
use App\Http\Controllers\ AuthController ; // Login routes Route :: get ( '/' , [ AuthController :: class , 'showLogin' ]) -> name ( 'home' ); Route :: post ( '/login' , [ AuthController :: class , 'login' ]) -> name ( 'login' ); // Registration routes Route :: get ( '/signup' , [ AuthController :: class , 'showRegister' ]) -> name ( 'signup' ); Route :: post ( '/signup' , [ AuthController :: class , 'register' ]) -> name ( 'register' ); // Logout route Route :: post ( '/logout' , [ AuthController :: class , 'logout' ]) -> name ( 'logout' );
Login System
Display Login Form
The showLogin() method checks if a user is already authenticated and redirects accordingly: public function showLogin () { if ( Auth :: check ()) return redirect ( '/dashboard' ); return view ( 'home' ); }
If the user is already logged in, they are automatically redirected to the dashboard.
Process Login Request
The login() method handles authentication with comprehensive validation: public function login ( Request $request ) { $request -> validate ([ 'email' => 'required|email' , 'password' => 'required|min:6' , ], [ 'email.required' => 'El correo es obligatorio.' , 'email.email' => 'Ingresa un correo válido.' , 'password.required' => 'La contraseña es obligatoria.' , 'password.min' => 'Mínimo 6 caracteres.' , ]); if ( Auth :: attempt ( $request -> only ( 'email' , 'password' ), $request -> has ( 'remember' ))) { $request -> session () -> regenerate (); return redirect ( '/dashboard' ); } return back () -> withErrors ([ 'email' => 'Credenciales incorrectas.' ]) -> withInput (); }
Session Regeneration
After successful login, the session ID is regenerated to prevent session fixation attacks: $request -> session () -> regenerate ();
Session regeneration is a critical security measure that prevents attackers from hijacking user sessions.
Login Validation Rules Field Rules Error Messages email required, emailEl correo es obligatorio / Ingresa un correo válido password required, min:6La contraseña es obligatoria / Mínimo 6 caracteres
Remember Me Feature The login system includes a “Remember Me” checkbox:
Auth :: attempt ( $request -> only ( 'email' , 'password' ), $request -> has ( 'remember' ))
When checked, Laravel creates a long-lived session cookie for the user.
Registration System
Display Registration Form
The showRegister() method ensures unauthenticated access: public function showRegister () { if ( Auth :: check ()) return redirect ( '/dashboard' ); return view ( 'signup' ); }
Process Registration
The register() method creates new users with secure password hashing: public function register ( Request $request ) { $request -> validate ([ 'name' => 'required|string|max:255' , 'email' => 'required|email|unique:users,email' , 'password' => 'required|min:6|confirmed' , ], [ 'name.required' => 'El nombre es obligatorio.' , 'email.required' => 'El correo es obligatorio.' , 'email.unique' => 'Este correo ya está registrado.' , 'password.min' => 'Mínimo 6 caracteres.' , 'password.confirmed' => 'Las contraseñas no coinciden.' , ]); $user = User :: create ([ 'name' => $request -> name , 'email' => $request -> email , 'password' => Hash :: make ( $request -> password ), ]); Auth :: login ( $user ); return redirect ( '/dashboard' ); }
Automatic Login
After successful registration, the user is automatically logged in: Auth :: login ( $user ); return redirect ( '/dashboard' );
Registration Validation Rules
View All Validation Rules
Field Rules Description name required, string, max:255User’s full name email required, email, unique:users,emailMust be unique in database password required, min:6, confirmedMust match password_confirmation
Password Confirmation The registration form requires password confirmation:
< input type = "password" name = "password" placeholder = "Mínimo 6 caracteres" required > < input type = "password" name = "password_confirmation" placeholder = "Repite la contraseña" required >
Laravel’s confirmed validation rule automatically checks that password matches password_confirmation.
Logout System The logout() method provides secure session termination:
public function logout ( Request $request ) { Auth :: logout (); $request -> session () -> invalidate (); $request -> session () -> regenerateToken (); return redirect ( '/' ); }
Logout User
Terminates the authenticated session.
Invalidate Session
$request -> session () -> invalidate ();
Clears all session data.
Regenerate CSRF Token
$request -> session () -> regenerateToken ();
Prevents CSRF attacks after logout. Security Features
Bcrypt Hashing Passwords are hashed using Laravel’s Hash::make() with bcrypt algorithm: 'password' => Hash :: make ( $request -> password )
CSRF Protection All forms include CSRF tokens automatically:
Session Regeneration Session IDs are regenerated on login to prevent fixation attacks: $request -> session () -> regenerate ();
Email Uniqueness Emails must be unique in the database: 'email' => 'required|email|unique:users,email'
Authentication Views The authentication system uses a unified login/register view at resources/views/home.blade.php:
View Features Login Tab
Register Tab
Error Handling
< div class = "tab-pane fade show active" id = "signin" > < form method = "POST" action = "{{ route('login') }}" > @csrf < div class = "mb-3" > < label class = "form-label" > Correo electrónico </ label > < input type = "email" name = "email" class = "form-control" placeholder = "[email protected] " required > </ div > < div class = "mb-3" > < label class = "form-label" > Contraseña </ label > < input type = "password" name = "password" class = "form-control" placeholder = "••••••••" required > </ div > < div class = "form-check mb-4" > < input class = "form-check-input" type = "checkbox" name = "remember" id = "remember" > < label class = "form-check-label" for = "remember" > Recordar mi sesión </ label > </ div > < button type = "submit" class = "btn btn-primary" > Entrar al panel </ button > </ form > </ div >
< div class = "tab-pane fade" id = "signup" > < form method = "POST" action = "{{ route('register') }}" > @csrf < div class = "mb-3" > < label class = "form-label" > Nombre completo </ label > < input type = "text" name = "name" class = "form-control" required > </ div > < div class = "mb-3" > < label class = "form-label" > Correo electrónico </ label > < input type = "email" name = "email" class = "form-control" required > </ div > < div class = "mb-3" > < label class = "form-label" > Contraseña </ label > < input type = "password" name = "password" class = "form-control" required > </ div > < div class = "mb-4" > < label class = "form-label" > Confirmar contraseña </ label > < input type = "password" name = "password_confirmation" class = "form-control" required > </ div > < button type = "submit" class = "btn btn-success" > Crear cuenta </ button > </ form > </ div >
@ if ( $errors -> any ()) < div class = "alert" style = "background:rgba(242,167,195,0.2);" > < i class = "fas fa-exclamation-circle" ></ i > {{ $errors -> first () }} </ div > @ endif @ if ( session ( 'success' )) < div class = "alert" style = "background:rgba(143,187,110,0.2);" > < i class = "fas fa-check-circle" ></ i > {{ session ( 'success' ) }} </ div > @ endif
Testing Authentication
Visit Login Page
Navigate to http://localhost:8000
Create Account
Click the “Crear cuenta” tab and register a new user
Access Dashboard
After login, you’ll be redirected to /dashboard
Make sure to run php artisan migrate before testing to ensure the users table exists.
Best Practices Important Security Considerations:
Never store passwords in plain text
Always use CSRF protection on forms
Regenerate session IDs after authentication
Validate and sanitize all user input
Use HTTPS in production environments
Next Steps
Dashboard Overview Learn about the main dashboard interface
Statistics Module Explore data visualization features
