Skip weeks of boilerplate. This is a complete, production-ready authentication system for Laravel — not a tutorial, not a skeleton. Real code you can drop into your project today.

What's included:
- 4 auth controllers: Login, Register, OTP Password Reset, Force Password Change
- RoleMiddleware — guards routes by role with a clean, extensible design
- ForcePasswordChange middleware — intercepts sessions and redirects until password is updated
- 6 Form Request classes covering all auth inputs with proper validation rules
- User model + StaffInfo model with relationships
- Full database migration with role columns and indexes
- Admin seeder — seed your first superadmin with one command

The flow this covers:
User registers → role assigned → login → OTP reset if needed → force-change on first login (for staff) → role-based route access

Who this is for:
Any Laravel developer building a system with admins, staff, managers, or customers — SaaS apps, HR systems, clinic portals, POS systems, internal dashboards.

Stop rewriting auth from scratch on every project.

- LoginController with remember-me and role-aware redirect
- RegisterController with role assignment on signup
- OTP Password Reset — generates and validates one-time codes
- ForcePasswordChange controller and middleware flow
- RoleMiddleware supporting multiple roles per route
- 6 Form Request classes (Login, Register, OtpRequest, OtpVerify, ResetPassword, ChangePassword)
- User model with role relationship
- StaffInfo model linked to User
- Migration with role column, indexes, and foreign keys
- Admin seeder for first superadmin account
- Compatible with Laravel 10 and 11
- No third-party auth packages required

- PHP 8.1 or higher
- Laravel 10 or Laravel 11
- MySQL 5.7+ or MariaDB 10.3+
- Composer
- An SMTP mail driver (for OTP email delivery)

1. Copy the provided files into your Laravel project following the included directory structure.
2. Run: php artisan migrate
3. Run: php artisan db:seed --class=AdminSeeder  (creates your first superadmin)
4. Register the auth routes in routes/web.php or routes/api.php as shown in the README.
5. Add RoleMiddleware to your Kernel $routeMiddleware array.
6. Add ForcePasswordChange middleware to the middleware group or specific route groups for staff.
7. Configure your SMTP settings in .env for OTP email delivery.
8. Customize role names and redirect paths in the config file if needed.
9. See README for full route examples and role guard usage.