validate([ 'email' => ['required', 'email'], 'password' => ['required'], ]); // Database-backed authentication check $user = \App\Models\User::where('email', $credentials['email'])->first(); if ($user && \Illuminate\Support\Facades\Hash::check($credentials['password'], $user->password) && $user->role === 'admin') { auth()->login($user); session(['user' => (object)[ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'role' => $user->role, ]]); $request->session()->regenerate(); return redirect()->intended('/admin/dashboard'); } return back()->withErrors([ 'email' => 'The provided credentials do not match our records. (Use admin@example.com / password)', ]); } /** * Log the admin out of the application. */ public function logout(Request $request) { session()->forget('user'); $request->session()->invalidate(); $request->session()->regenerateToken(); return redirect()->route('admin.login'); } }