I have a two different login forms for user and admin. What I want is the user should only login in their own form otherwise it should be an error, and just the same for the admin form.
I only have 1 table for both user and admin in my database. They only differ in user_type which is obviously "admin" and "user"
What I am doing is when the user tried to login in admin login form it shows an info that says 'sorry, you are not an admin in this site'. But that means that the user is still logged in.
What I want is when the tries to login in admin form I don't want it to access the system at all.
Here my code so far:
public function validateLoginResort(Request $requests){
$username = $requests->username;
$password = $requests->password;
$attempt = Auth::attempt([
'email' => $requests->username,
'password' => $requests->password,
]);
if(Auth::check()){
if(Auth::user()->type_user == 'admin'){
return redirect('home');
}
else{
Auth::logout();
return redirect('login');
}
}else{
return "Invalid input";
}
}
I tried using Auth::logout
if the user is not an admin but I dont think it is safe and right at all.
I think there is still a better way to do this, can you guys give a suggestion on how to implement this correctly? Thank you