Laravel 5.4 Disable Register Route

Question

I am trying to disable the register route on my application which is running in Laravel 5.4.

In my routes file, I have only the

Auth::routes();

Is there any way to disable the register routes?

In current laravel version 5.7.5 there's is option for this. `Auth::routes(['register' => false]);` — Zohaib, Sep 22 '18 at 11:16
see https://github.com/laravel/framework/blob/5.7/src/Illuminate/Routing/Router.php#L1152 — Zohaib, Sep 22 '18 at 11:26

dparoli · Accepted Answer · 2019-08-24T23:32:13.403

The code:

Auth::routes();

its a shorcut for this collection of routes:

// Authentication Routes...
Route::get('login', 'Auth\LoginController@showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController@login');
Route::post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...
Route::get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
Route::post('register', 'Auth\RegisterController@register');

// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController@reset');

So you can substitute the first with the list of routes and comment out any route you don't want in your application.

Edit for laravel version => 5.7

In newer versions you can add a parameter to the Auth::routes() function call to disable the register routes:

Auth::routes(['register' => false]);

The email verification routes were added:

Route::get('email/verify', 'Auth\VerificationController@show')->name('verification.notice');
Route::get('email/verify/{id}', 'Auth\VerificationController@verify')->name('verification.verify');
Route::get('email/resend', 'Auth\VerificationController@resend')->name('verification.resend');

BTW you can also disable Password Reset and Email Verification routes:

Auth::routes(['reset' => false, 'verify' => false]);

why to write this whole section of every auth route, when you can just simply do as `Auth::routes(['register' => false]);`, why? — Haritsinh Gohil, Jul 17 '19 at 07:50
@Haritsinh. The question was about laravel version **5.4**. In **5.4** version the `Auth::routes()` function does not accept any argument, that was introduced only in more recent versions. — dparoli, Jul 17 '19 at 08:05
ok, you are right my friend, `Auth::routes()` supports argument after laravel **5.7** but you can also do like this in laravel version < **5.7** `Route::redirect('register', 'login', 301);` which looks simple than above isn't it? — Haritsinh Gohil, Jul 17 '19 at 08:17
@Haritsinh I want to point that this question is tagged and explicity asked for Laravel 5.4. In version 5.4 the function `Route::redirect()` did not exist. — dparoli, Jul 17 '19 at 09:02
ok, @dparoli it's my fault, i have not seen that, `redirect` also added in `laravel 5.5`, sorry thanks for clearing. — Haritsinh Gohil, Jul 17 '19 at 10:13

score 37 · Answer 2 · edited Jul 17 '19 at 14:46

37

Since Laravel 5.7, a new $options parameter is introduced to the Auth::routes() method; through which you can pass an array to control the generation of the required routes for user-authentication (valid entries can be chosen from the 'register', 'reset', or 'verify' string literals).

Auth::routes(['register' => false]);

edited Jul 17 '19 at 14:46

someOne

1,975
2
14
20

answered Oct 09 '18 at 02:37

Irwing Reza

371
3
2

1

The other option is to add email verification routes, which are disabled by default. `Auth::routes(['verify' => true]);` – Grant Nov 09 '18 at 05:18
This should be the answer as it is the best [practice] way to do it if you only want to disable the register route without wanting to edit the other default Auth routes. – Solid Feb 28 '19 at 09:51
2

This should be considered as the perfect answer, as this is the proper way to ignore the register routes and works with Laravel 5.8 also. – Mehul Panchasara Apr 14 '19 at 18:05

score 23 · Answer 3 · edited May 25 '17 at 17:50

23

You could try this.

Route::match(['get', 'post'], 'register', function(){
    return redirect('/');
});

Add those routes just below the Auth::routes() to override the default registration routes. Any request to the /register route will redirect to the baseUrl.

edited May 25 '17 at 17:50

Jason

4,079
4
22
32

answered Apr 01 '17 at 21:27

Elvis Mugabi

349
1
5

Disables `/login` page. – Jason May 25 '17 at 17:54
Works really well. Simple solution! Thanks! – iaforek Nov 14 '17 at 14:58
Quite Simple Solution and Efficiently Worked. – M Uzair Qadeer Jan 29 '19 at 08:13
@Jason false. I tested it with laravel 8 using larave ui auth bootstrap – Freddy Daniel Jul 06 '21 at 17:26

score 7 · Answer 4 · answered Sep 20 '17 at 11:30

This is deceptively easy! You just need to override two methods in your app/Http/Controllers/Auth/RegisterController.php Class. See below which will prevent the form from being displayed and most importantly block direct POST requests to your application for registrations..

/**
 * Show the application registration form.
 *
 * @return \Illuminate\Http\Response
 */
public function showRegistrationForm()
{
    return redirect('login');
}

/**
 * Handle a registration request for the application.
 *
 * @param  \Illuminate\Http\Request  $request
 * @return \Illuminate\Http\Response
 */
public function register(Request $request)
{
    abort(404);
}

score 6 · Answer 5 · answered Nov 03 '18 at 04:37

6

In web.php, Replace

Auth::routes();

With

Auth::routes(['register' => false]);

So that you can remove register route from default auth route list. i tried in 5.7 and it worked fine.

answered Nov 03 '18 at 04:37

Karthik M

61
1
3

When I did this it also disabled my login page? – rubendn Nov 22 '18 at 19:43

score 3 · Answer 6 · answered Oct 03 '17 at 03:40

3

Though the above solutions work but, I think changing the middleware to 'auth' in the App\Http\Controllers\Auth\RegisterController will be one of the easiest solutions. This will redirect all visitors to login page if they want to access any of the registration routes. Like this:

namespace App\Http\Controllers\Auth;
class RegisterController extends Controller
{
    public function __construct()
    {
        $this->middleware('auth');
    }

answered Oct 03 '17 at 03:40

asmmahmud

4,844
2
40
47

This will redirect user to the login page. And if user enters correct email/password there. He will still be redirected to the Registration page, which is incorrect as per OP's requirement. – Waqas May 06 '18 at 17:46

Abdelsalam Shahlol · Answer 7 · 2020-05-03T15:44:00.260

3

On my Laravel 5.6 project this method didn't work:

Auth::routes(['register' => false]);

So I had to use the following method:

Route::match(['get', 'post'], 'register', function () {
    return abort(403, 'Forbidden');
})->name('register');

edited May 03 '20 at 15:44

answered May 08 '19 at 09:12

Abdelsalam Shahlol

1,621
1
20
31

score 2 · Answer 8 · answered Apr 15 '17 at 10:31

I suppose you want to restrict access to some pages for guests and only the admin can register a guest. You can achieve it by adding your own middleware on kernel.php file like below:

protected $routeMiddleware = [
      'authenticated' => \App\Http\Middleware\AuthenticatedMiddleware::class
];

After creating the middleware you have to use it so you can go on web.php file where your routes are and add it to the route you want to restrict like below:

Route::get('register', 'Auth\RegisterController@showRegistrationForm')->name('register')->middleware('authenticated');
Route::post('register', 'Auth\RegisterController@register')->middleware('authenticated');

This way registration is restricted to guests but the admin can still access the page if he ever want to register some other admin!

Don't forget to replace the Auth::routes(); with the detailed list as below:

// Authentication Routes...
Route::get('login', 'Auth\LoginController@showLoginForm')->name('login');
Route::post('login', 'Auth\LoginController@login');
Route::post('logout', 'Auth\LoginController@logout')->name('logout');

// Registration Routes...
Route::get('register', 'Auth\RegisterController@showRegistrationForm')->name('register')->middleware('authenticated');
Route::post('register', 'Auth\RegisterController@register')->middleware('authenticated');

// Password Reset Routes...
Route::get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
Route::post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
Route::get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
Route::post('password/reset', 'Auth\ResetPasswordController@reset');

The Auth::routes() is in the the file routes/web.php – geeves Jul 24 '18 at 05:28 — geeves, Jul 24 '18 at 05:28

score 2 · Answer 9 · answered Sep 23 '18 at 15:54

2

I guess you can do it like this, in your web.php file:

Route::redirect('register', 'login', 301);

answered Sep 23 '18 at 15:54

Evan

1,004
11
12

score 0 · Answer 10 · answered Jan 29 '19 at 09:37

0

Add this two method to app\Http\Controllers\Auth\RegisterController.php

public function showRegistrationForm(){
    return redirect('login');
}

public function register(){

}

answered Jan 29 '19 at 09:37

sachinsuthariya

435
7
11

score 0 · Answer 11 · edited May 04 '20 at 07:51

0

Just overwrite your auth showRegistrationForm() method ( place this code inside your Auth/RegisterController )

public function showRegistrationForm(){
    return redirect()->route('login');
}

I'm just redirecting my register route to the login route. Here you don't need to append or remove any other code

edited May 04 '20 at 07:51

Abdelsalam Shahlol

1,621
1
20
31

answered Feb 26 '19 at 11:33

Manu Joseph

389
4
10

score -4 · Answer 12 · answered Mar 09 '17 at 13:13

-4

Yes, there is a way

Auth::routes();

Remote that route from your web.php in your routes directory.

That route is what controls registration.

answered Mar 09 '17 at 13:13

Hanny

2,078
6
24
52

downvoters this answer not entirely wrong, its only half right – Salal Aslam Sep 14 '17 at 09:35
1

If you do that, you'll disable the login method too, so this answer is wrong! – user2519032 Sep 14 '17 at 12:07
Actually, it's only half right. `Auth::routes();` is a shortcut for a collection of routes per the documentation. If you remove `Auth::routes();` then you can put in whatever routes you *actually do want* individually (such as login). I figured that went without saying, because the documentation covered that - apparently I was wrong. This answer is technically correct and right. I don't know why people still downvoting this... it's literally half of the accepted answer. – Hanny Apr 10 '18 at 12:34

score -5 · Answer 13 · answered Aug 13 '17 at 02:15

Change to routes :

vendor\laravel\framework\src\Illuminate\Routing\Router.php

public function auth()
{
    // Authentication Routes...
    $this->get('login', 'Auth\LoginController@showLoginForm')->name('login');
    $this->post('login', 'Auth\LoginController@login');
    $this->post('logout', 'Auth\LoginController@logout')->name('logout');

    // Registration Routes...
    //$this->get('register', 'Auth\RegisterController@showRegistrationForm')->name('register');
    //$this->post('register', 'Auth\RegisterController@register');

    // Password Reset Routes...
    //$this->get('password/reset', 'Auth\ForgotPasswordController@showLinkRequestForm')->name('password.request');
    //$this->post('password/email', 'Auth\ForgotPasswordController@sendResetLinkEmail')->name('password.email');
    //$this->get('password/reset/{token}', 'Auth\ResetPasswordController@showResetForm')->name('password.reset');
    //$this->post('password/reset', 'Auth\ResetPasswordController@reset');
}

making changes to any files in vendor folder is the worst idea — Salal Aslam, Sep 14 '17 at 09:34
This is a bad idea as the next Laravel update would override the edited file. Thus your changes are lost. It also makes your code hard to follow. Another developer might not think to modify this file and thus never look their for any changes. — geeves, Jul 24 '18 at 05:27

Laravel 5.4 Disable Register Route

13 Answers13

Linked