LARAVEL AUTH STARTER KIT

Admin. Staff. Client.
Production auth
in minutes.

Three pre-built roles. OTP password reset. Force-change on first login. RoleMiddleware out of the box. Stop rebuilding auth from scratch.

Explore the roles โ†’ View the code
https://yourapp.com/admin/dashboard
Admin Panel
Staff View
Client Portal
24
Total Users
8
Active Today
3
Pending
UserRoleStatus
Maria Santosadminactive
Juan dela Cruzstaffactive
Ana Reyesclientpending
12
My Tasks
9
Completed
3
In Progress
TaskClientStatus
Process Request #42Ana Reyesdone
Review DocumentBob Cruzin progress
3
My Requests
2
Completed
1
Pending
RequestSubmittedStatus
Document RequestJun 1, 2024complete
Certificate CopyJun 3, 2024pending
Role system

Three roles, isolated access

Each role gets its own middleware guard, dashboard, and permission scope. Extend to more roles in minutes.

Admin

Full system access. Manages users, roles, settings, and has visibility across all data.

Manage all users & roles
Access all dashboards
System configuration
Seed via AdminUserSeeder

Staff

Employee-level access. Extended StaffInfo profile with job title, department, emergency contact.

Process assigned tasks
Full StaffInfo profile
role:staff,admin routes
Employee ID & department

Client

Public-facing user. Submits requests, tracks status, limited to their own data only.

Submit & track requests
View own records only
role:client routes
Self-registration support
What's included

Everything auth needs, already built

๐Ÿ›ก๏ธ

RoleMiddleware

role:admin, role:staff,admin โ€” protect any route with any role combination.

๐Ÿ”

OTP Password Reset

Email OTP โ€” no insecure link tokens that expire. 3-step flow: send โ†’ verify โ†’ reset.

๐Ÿ”„

Force Password Change

Set must_change_password=true on any user. Middleware handles the redirect with infinite-loop protection.

๐Ÿ‘ค

StaffInfo Model

Extended employee profile: employee ID, job title, employment status, gender, emergency contact, office location.

โฑ๏ธ

Auto-Timestamps

Tracks last_login_at and last_password_change_at automatically on every auth event.

๐ŸŒฑ

Admin Seeder

One command โ€” php artisan db:seed --class=AdminUserSeeder โ€” and your default admin is ready.

๐Ÿ—‘๏ธ

Soft Deletes

Users are never hard-deleted. Restore any account without data loss.

๐Ÿ“‹

6 Form Requests

Login, Register, ForcePasswordChange, SendOtp, VerifyOtp, ResetPasswordOtp โ€” all validated.

๐Ÿ“ฆ

Drop-in Ready

Copy src/ into your app, migrate, seed, register middleware โ€” done. No Composer package needed.

Code examples

Simple, readable API

Route Protection
OTP Reset Flow
User Model
Middleware Setup
// Admin-only Route::middleware(['auth', 'role:admin'])->group(function () { Route::get('/admin/dashboard', AdminDashboardController::class); Route::resource('/admin/users', UserController::class); }); // Staff AND admin Route::middleware(['auth', 'role:staff,admin'])->group(function () { Route::get('/staff/tasks', StaffTaskController::class); }); // Client only Route::middleware(['auth', 'role:client'])->group(function () { Route::get('/my-requests', ClientRequestController::class); });
1

Send OTP

User submits email. 6-digit code sent.

POST /send-otp
2

Verify OTP

User enters the code from email.

POST /verify-otp
3

Reset

New password set. Old hash replaced.

POST /reset
// Register routes Route::post('/forgot-password/send-otp', [PasswordResetOtpController::class, 'sendOtp']); Route::post('/forgot-password/verify-otp', [PasswordResetOtpController::class, 'verifyOtp']); Route::post('/forgot-password/reset', [PasswordResetOtpController::class, 'reset']);
// User model attributes $user->account_type // 'admin' | 'staff' | 'client' $user->status // 'active' | 'inactive' | 'pending' $user->must_change_password // bool โ†’ triggers force-change $user->last_login_at // auto-tracked $user->name // "Juan dela Cruz" โ€” null-safe $user->staffInfo // StaffInfo model (staff only) // Seed default admin php artisan db:seed --class=AdminUserSeeder // โ†’ admin@example.com / Admin@1234 // โ†’ must_change_password = true (auto-redirect)
// bootstrap/app.php (Laravel 11) ->withMiddleware(function (Middleware $middleware) { $middleware->alias([ 'role' => \App\Http\Middleware\RoleMiddleware::class, 'force.password' => \App\Http\Middleware\ForcePasswordChange::class, ]); })
File structure

Clean, organized code

src/
  Models/
    User.php  โ† Extended user model, soft deletes, name accessor
    StaffInfo.php  โ† Employee profile fields
  Http/Controllers/Auth/
    AuthenticatedSessionController.php
    RegisteredUserController.php
    PasswordResetOtpController.php  โ† OTP flow
    ForcePasswordChangeController.php
  Http/Middleware/
    RoleMiddleware.php  โ† role:admin, role:staff,admin
    ForcePasswordChange.php  โ† loop-safe redirect
  Http/Requests/Auth/  โ† 6 validated request classes
  database/
    migrations/create_users_table.php  โ† users + staff_infos
    AdminUserSeeder.php  โ† default admin account
README.md  โ† full setup guide
Get the starter kit

Stop rebuilding auth. Ship faster.

One-time purchase. Use in unlimited projects with Extended License.

$24/one-time

Buy on Codester โ†’