I have the following table
id email password role
1 someemail password admin
2 someemail password guest
Guest is the one who can access few privileged section of front end (eg: commenting blog post etc)
Guest is normally registered via facebook using oauth. I have blocked guest from admin login like below
if (Auth::attempt(array('email'=>Input::get('email'), 'password'=>Input::get('password'),'role'=>'admin'))) {
But problem is that , when ever user login from facebook , the session is shared and can access admin as well.
facebook login code is as below
//$result hold facebook information
$user->firstname = $result['first_name'];
$user->lastname = $result['last_name'];
$user->email = $result['email'];
$user->password ='sample';
$user->role='facebook';
//check user with same email is already there
$usr = User::where('email', '=', $result['email'])->count();
if($usr==0)
$user->save();
//automatically login the registered user
$user = User::where('email', '=', $user->email)->where('role', '=', 'facebook')->first();
Auth::login($user);
Now in each controller i have called following function on constructor
public function __construct() {
$this->beforeFilter('auth');
}
This is not sufficient to stop the session sharing from guest user.. any help will be appreciated