diff --git a/app/Http/Controllers/Admin/AdminAuthController.php b/app/Http/Controllers/Admin/AdminAuthController.php index 001dc73..9bab742 100644 --- a/app/Http/Controllers/Admin/AdminAuthController.php +++ b/app/Http/Controllers/Admin/AdminAuthController.php @@ -21,32 +21,54 @@ public function showLogin() */ public function login(Request $request) { - $credentials = $request->validate([ + $validator = \Illuminate\Support\Facades\Validator::make($request->all(), [ 'email' => ['required', 'email'], 'password' => ['required'], + ], [ + 'email.required' => 'Please enter your email address.', + 'email.email' => 'Please enter a valid email address.', + 'password.required' => 'Please enter your password.', ]); + if ($validator->fails()) { + return back()->withErrors($validator)->withInput($request->only('email')); + } + + $credentials = $validator->validated(); + // Database-backed authentication check $user = \App\Models\User::where('email', $credentials['email'])->first(); - if ($user && \Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password) && $user->role === 'admin') { - $request->session()->regenerate(); - - auth()->login($user); - - session(['user' => (object)[ - 'id' => $user->id, - 'name' => $user->name, - 'email' => $user->email, - 'role' => $user->role, - ]]); - - return redirect()->intended('/admin/dashboard'); + if (!$user) { + return back()->withErrors([ + 'email' => 'This email is not registered.', + ])->withInput($request->only('email')); } - return back()->withErrors([ - 'email' => 'The provided credentials do not match our records. (Use admin@example.com / password)', - ]); + if ($user->role !== 'admin') { + return back()->withErrors([ + 'email' => 'This email is not registered as an admin.', + ])->withInput($request->only('email')); + } + + if (!\Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password)) { + return back()->withErrors([ + 'password' => 'The password you entered is incorrect.', + ])->withInput($request->only('email')); + } + + $request->session()->regenerate(); + + auth()->login($user); + + session(['user' => (object)[ + 'id' => $user->id, + 'name' => $user->name, + 'email' => $user->email, + 'role' => $user->role, + ]]); + + return redirect()->intended('/admin/dashboard'); } /** diff --git a/resources/js/Pages/Admin/Auth/Login.jsx b/resources/js/Pages/Admin/Auth/Login.jsx index 4a370bd..e3fb573 100644 --- a/resources/js/Pages/Admin/Auth/Login.jsx +++ b/resources/js/Pages/Admin/Auth/Login.jsx @@ -54,7 +54,7 @@ export default function Login() {