Authenticate users from more than two tables in laravel 5

Stefan Bogdanescu

Founder & Senior Architect · 2026-06-29

Laravel Company
Title: Tackling Multiple User Authentication Sources in Laravel 5: A Comprehensive Guide Body:

In many web applications, the need for multiple tables containing user information may arise. This can include managers from a 'managers' table and administrators from an 'admins' table. While Laravel provides a built-in Auth system to authenticate users from the standard 'users' table, we are often tasked with customizing existing functionality or creating our own AuthServiceProvider for handling multiple user authentication sources. In this blog post, we'll break down the process of implementing multi-table user authentication in a Laravel 5 application.

Prerequisites

  1. Familiarity with Laravel 5 framework and its concepts such as Eloquent ORM, Blade templates, etc.
  2. Basic understanding of Laravel's authentication system and AuthServiceProvider
  3. Knowledge of working with multiple database tables or models in Laravel

Creating the Models for Multiple Tables

Let’s first create database models for each table. You can do this using php artisan make:model ModelName -migration, where ModelName is replaced with your model name. For example, you may have:
  • php artisan make:model Manager -migration
  • php artisan make:model Admin -migration
Next, create the migrations for these tables using php artisan migrate:install. Then define their respective migration files in your database. You can also add relationships between these related models if necessary.

Defining Custom Login Controllers and Routes

Since we are creating multiple AuthServiceProviders, we need to create custom login controllers for each table: 1. Create a new folder App/Http/Controllers/Auth. 2. Inside this folder, add the ManagerLoginController file with the following content:
namespace App\Http\Controllers\Auth;
use Illuminate\Foundation\Application;
use Laravel\Passport\Clients\AbstractClient as OauthClient;
use Auth;
class ManagerLoginController extends \Illuminate\Foundation\Unauthenticated\{
	public function authenticate($request) {
		$credentials = $request->only('email', 'password');
		if (Auth::attempt(['email' => $credentials['email'], 'password' => $credentials['password']], true)) return redirect()->intended('/manager-dashboard');
		return back()->withInput()->withErrors([
			'message' => 'Invalid credentials',
		]);
	}
}
3. Create another LoginController for Administrators:
namespace App\Http\Controllers\Auth;
use Illuminate\Foundation\Application;
use Laravel\Passport\Clients\AbstractClient as OauthClient;
use Auth;
class AdminLoginController extends \Illuminate\Foundation\Unauthenticated\{
	public function authenticate($request) {
		$credentials = $request->only('email', 'password');
		if (Auth::attempt(['email' => $credentials['email'], 'password' => $credentials['password']], true)) return redirect()->intended('/admin-dashboard');
		return back()->withInput()->withErrors([
			'message' => 'Invalid credentials',
		]);
	}
}
4. Add the following routes in your route file:
Route::group(['prefix' => 'auth'], function() {
	// Manager Login Route
	Route::post('/managerLogin',['as' => 'managerLogin', 'uses' => 'App\Http\Controllers\Auth\ManagerLoginController@authenticate']);

	// Admin Login Route
	Route::post('/adminLogin', ['as' => 'adminLogin', 'uses' => 'App\Http\Controllers\Auth\AdminLoginController@authenticate']);
});

Creating Custom AuthServiceProvider

With the controllers, models and routes set up, we need to create custom AuthServiceProviders for each table. We can use the base class Illuminate\Auth\AuthManager.
  • Create a new folder named App/Providers.
  • Inside this folder, create another subfolder called Authenticators.
  • Within the Authenticators folder, create a file for each table authentication. Let's say ManagerAuthenticator.php and AdminAuthenticator.php. Each file will contain these contents:
  • namespace App\Providers\Authenticators;
    use Illuminate\Auth\Events\Login as LoginEvent;
    use Illuminate\Foundation\Application;
    class ManagerAuthenticator extends Illuminate\Auth\DatabaseManagerAuthenticator implements \Illuminate\Contracts\Auth\AuthenticatableProvider {
    	public function validateCredentials(Request $request, Application $app) {
    	    return [
    	        'email' => $request->get('email'),
    	        'password' => $request->get('password')
    	    ];
    	}
    
    	public function registerLoginAttemptEvent(Application $app) {
    	    $app['events']->listen(LoginEvent::class, function($event){
    	    	if ($event->user instanceof \App\Manager) {
    	            $this->fireSuccessfulLogin($event);
    	        }
    	    });
    	}
    
    	public function handleLoginRequest(Application $app, Request $request) {
    		$credentials = $this->validateCredentials($request, $app);
    		if ($credentials) {
    			return Auth::guard('manager')->attempt($credentials);
    		} else {
    			throw new \Illuminate\Validation\ValidationException(
    				response()->json(['message' => 'Invalid credentials'], 422)
    			);
    		}
    	}
    }
  • Create another AdminAuthenticator.php file with nearly the same content as above, but changing 'Manager' to 'Admin' and adjusting routes accordingly.

Register Custom Providers in Laravel Configuration File

To use these custom authentication providers, add them to your Laravel configuration file (usually found at /config/auth.php) within the 'guards' section, like so:
'guards' => [
	// ... existing entries
	'manager' => [
	    'driver' => 'app.authenticator.manager',
	    'provider' => 'managers',
	],
	'admin' => [
	    'driver' => 'app.authenticator.admin',
	    'provider' => 'admins',
	]
	// ... other entries
],

Conclusion

By leveraging Laravel's flexibility, you can create custom AuthServiceProvider classes for multiple authentication sources. This approach provides a reliable solution when working with large or complex web applications that involve different user roles and permissions. Always remember to ensure your code is secure, maintainable, and well-documented for future maintenance and expansion.