{"id":47,"date":"2026-03-27T16:58:11","date_gmt":"2026-03-27T16:58:11","guid":{"rendered":"https:\/\/kr0311.com\/projects\/?p=47"},"modified":"2026-04-02T13:02:05","modified_gmt":"2026-04-02T13:02:05","slug":"custom-hosting-control-panel-build-phase-3","status":"publish","type":"post","link":"https:\/\/kr0311.com\/projects\/custom-hosting-control-panel-build-phase-3\/","title":{"rendered":"Phase 3: Authentication, Panel Layout &amp; Core Structure"},"content":{"rendered":"<p>With the application now running, Phase 3 of the custom hosting control panel build focuses on authentication, panel layout, and core structure.<\/p>\n<p>Phase 2 gave us a working Laravel environment, connected to MariaDB and served through Nginx.<\/p>\n<p>This phase builds directly on <a href=\"\/projects\/custom-hosting-control-panel-build-phase-2\/\">Phase 2<\/a>, where the application layer was first established.<\/p>\n<p>Which was great \u2014 but let\u2019s be honest, at that stage it was still basically a framework sitting there politely waiting for instructions.<\/p>\n<p>Phase 3 is where that changes.<\/p>\n<p>This phase focuses on building the <strong>foundation layer of the control panel itself<\/strong>: authentication, protected routing, and a structured UI shell that everything else will sit on top of.<\/p>\n<hr \/>\n<h2>\ud83e\udde9 What This Phase Does in the Custom Hosting Control Panel Build<\/h2>\n<p>This phase introduces the core building blocks required for a real control panel:<\/p>\n<ul>\n<li>Secure authentication system<\/li>\n<li>Protected panel routes<\/li>\n<li>Reusable UI layout (sidebar + top navigation)<\/li>\n<li>Initial dashboard<\/li>\n<li>Clean routing structure<\/li>\n<\/ul>\n<p>There\u2019s no hosting logic yet. No provisioning. No system interaction.<\/p>\n<p>This is purely about <strong>structure, access control, and UI foundation<\/strong>.<\/p>\n<p>Not the flashy part of the build \u2014 but definitely the part that stops everything becoming a mess later.<\/p>\n<hr \/>\n<h2>\ud83d\udd10 Authentication System<\/h2>\n<p>The first step was implementing a secure authentication layer using Laravel\u2019s built-in tooling, following the <a href=\"https:\/\/laravel.com\/docs\/authentication\" target=\"_blank\" rel=\"noopener\">official Laravel authentication documentation<\/a>.<\/p>\n<p>The goal was simple:<\/p>\n<ul>\n<li>Login-only access<\/li>\n<li>No public registration<\/li>\n<li>All panel routes protected<\/li>\n<\/ul>\n<h3>\ud83d\udeaa Login-Only Access<\/h3>\n<p>Out of the box, Laravel makes it very easy to enable full authentication scaffolding.<\/p>\n<p>Useful\u2026 but this panel is not a public-facing app where random people should be able to wander in and make themselves an account.<\/p>\n<p>Registration was deliberately disabled so that only manually created users can access the system.<\/p>\n<p>This keeps the panel locked down and avoids unnecessary exposure.<\/p>\n<h3>\ud83d\udee1\ufe0f Middleware Protection<\/h3>\n<p>All panel routes are protected using Laravel\u2019s <strong>auth middleware<\/strong>.<\/p>\n<p>This ensures:<\/p>\n<ul>\n<li>Unauthenticated users are redirected to <strong>\/login<\/strong><\/li>\n<li>Authenticated users gain access to panel routes<\/li>\n<\/ul>\n<p>Authentication is now enforced at the framework level \u2014 not manually stitched together route by route like a future headache.<\/p>\n<hr \/>\n<h2>\ud83d\udc64 User System<\/h2>\n<p>The default Laravel <strong>users<\/strong> table is used as the base for the panel.<\/p>\n<p>No over-engineering here.<\/p>\n<p>At this stage, the goal is simply to have a reliable user model that supports authentication properly.<\/p>\n<p>Minor preparation has been made for future expansion, such as:<\/p>\n<ul>\n<li>Admin flag or role field<\/li>\n<li>Scalability for future permission systems<\/li>\n<\/ul>\n<p>Full role-based access control (RBAC) is intentionally deferred to a later phase.<\/p>\n<p>Because before building a permissions empire, it helps to first have a login screen that works.<\/p>\n<hr \/>\n<h2>\ud83d\udda5\ufe0f Panel Layout<\/h2>\n<p>This is one of the most important parts of Phase 3.<\/p>\n<p>The panel UI is built using a reusable <strong>Blade layout<\/strong>, designed to act as the shell for the entire system.<\/p>\n<h3>\ud83e\uddf1 Layout Structure<\/h3>\n<p>The layout introduces a consistent structure across all panel pages:<\/p>\n<ul>\n<li>Left sidebar navigation<\/li>\n<li>Top navigation bar<\/li>\n<li>Main content area<\/li>\n<\/ul>\n<p>This is not just visual dressing.<\/p>\n<p>It defines how every future feature will be structured, displayed, and navigated.<\/p>\n<h3>\ud83d\udcda Sidebar Navigation<\/h3>\n<p>The sidebar provides a central navigation system, with sections for:<\/p>\n<ul>\n<li>Core (Dashboard)<\/li>\n<li>Future modules (Sites, Domains, Users, Services)<\/li>\n<\/ul>\n<p>Even though these modules don\u2019t exist yet, placeholders are included to define the intended structure early.<\/p>\n<p>It\u2019s a lot easier to build properly now than bolt it on later while pretending that was always the plan.<\/p>\n<h3>\ud83d\udccc Top Navigation<\/h3>\n<p>The top bar displays:<\/p>\n<ul>\n<li>Current page context<\/li>\n<li>Logged-in user information<\/li>\n<li>Logout action<\/li>\n<\/ul>\n<p>This creates a consistent user experience across the panel and gives the interface an actual sense of structure instead of just looking like a collection of pages.<\/p>\n<h3>\u267b\ufe0f Reusable Design<\/h3>\n<p>The layout is built to be reused across all future pages.<\/p>\n<p>This ensures:<\/p>\n<ul>\n<li>Consistency<\/li>\n<li>Maintainability<\/li>\n<li>Scalability as features are added<\/li>\n<\/ul>\n<p>Every new page will extend this layout rather than reinventing the wheel every time.<\/p>\n<p>Because rebuilding the same structure on every page is a brilliant way to waste time and create bugs for free.<\/p>\n<hr \/>\n<h2>\ud83d\udcca Dashboard<\/h2>\n<p>The first panel page is the dashboard, accessible at:<\/p>\n<p><strong>\/dashboard<\/strong><\/p>\n<h3>\ud83d\udd12 Protected Access<\/h3>\n<p>The dashboard is fully protected by authentication middleware.<\/p>\n<p>It cannot be accessed without logging in.<\/p>\n<p>Which is generally a good quality to have in a control panel.<\/p>\n<h3>\ud83e\udde9 Layout Integration<\/h3>\n<p>The dashboard uses the panel layout, confirming that the UI shell works as intended.<\/p>\n<p>This was the first real proof that the panel structure was no longer theoretical \u2014 it was actually working in practice.<\/p>\n<h3>\ud83d\udcdd Placeholder Content<\/h3>\n<p>For now, the dashboard includes basic placeholder data:<\/p>\n<ul>\n<li>Panel status<\/li>\n<li>Logged-in user information<\/li>\n<li>Placeholder stats for hosting accounts and sites<\/li>\n<\/ul>\n<p>No real data yet \u2014 just enough to validate structure and confirm that the plumbing underneath is doing what it should.<\/p>\n<hr \/>\n<h2>\ud83d\udee3\ufe0f Routing Structure<\/h2>\n<p>Routes have been cleaned up and organised properly.<\/p>\n<p>The application now clearly separates:<\/p>\n<ul>\n<li>Guest routes (login)<\/li>\n<li>Authenticated routes (panel)<\/li>\n<\/ul>\n<h3>\ud83d\udce6 Middleware Groups<\/h3>\n<p>Panel routes are grouped under the <strong>auth<\/strong> middleware.<\/p>\n<p>This avoids repetition and ensures consistent protection across the application.<\/p>\n<p>One rule, applied properly, beats remembering to protect every route individually and eventually missing one.<\/p>\n<h3>\ud83d\udea6 Clean Entry Point<\/h3>\n<p>The root route (<strong>\/<\/strong>) now intelligently redirects:<\/p>\n<ul>\n<li>Authenticated users \u2192 dashboard<\/li>\n<li>Guests \u2192 login page<\/li>\n<\/ul>\n<p>This creates a clean and predictable entry flow.<\/p>\n<p>No dead-end landing page. No confusing behaviour. Just the right place for the right user.<\/p>\n<hr \/>\n<h2>\ud83d\udeaa Logout System<\/h2>\n<p>Logout functionality is implemented using Laravel\u2019s standard approach.<\/p>\n<h3>\ud83d\udce8 POST-Based Logout<\/h3>\n<p>The logout action is handled via a <strong>POST request<\/strong>, not a GET request.<\/p>\n<p>This is important for security and aligns with best practices.<\/p>\n<p>Because \u201cclicking a link to destroy a session\u201d is one of those ideas that sounds convenient right up until it isn\u2019t.<\/p>\n<h3>\ud83d\udee1\ufe0f CSRF Protection<\/h3>\n<p>The logout request is protected with Laravel\u2019s built-in CSRF system.<\/p>\n<p>This prevents cross-site request forgery attacks and keeps session handling properly locked down.<\/p>\n<h3>\ud83e\uddf9 Session Handling<\/h3>\n<p>On logout:<\/p>\n<ul>\n<li>The user session is destroyed<\/li>\n<li>The user is redirected back to the login page<\/li>\n<\/ul>\n<p>Simple, clean, and secure.<\/p>\n<p>Exactly the kind of boring behaviour you want from authentication.<\/p>\n<hr \/>\n<h2>\u26a0\ufe0f Challenges &amp; Decisions<\/h2>\n<h3>\ud83d\udeab Disabling Registration<\/h3>\n<p>Laravel makes it easy to enable registration \u2014 but in this case, it had to go.<\/p>\n<p>This panel is not public-facing, so user creation will always be controlled internally.<\/p>\n<p>Letting people self-register for a hosting control panel would be\u2026 adventurous.<\/p>\n<h3>\ud83c\udfaf Keeping It Simple<\/h3>\n<p>There\u2019s no RBAC system yet.<\/p>\n<p>No permissions matrix.<\/p>\n<p>No role hierarchy.<\/p>\n<p>That\u2019s intentional.<\/p>\n<p>The focus here is on building a stable foundation before layering complexity on top.<\/p>\n<p>There\u2019s no prize for making Phase 3 unnecessarily complicated.<\/p>\n<h3>\ud83e\uddf1 Structure Before Features<\/h3>\n<p>It\u2019s tempting to jump straight into hosting logic and provisioning.<\/p>\n<p>That\u2019s the exciting bit.<\/p>\n<p>But without a solid structure, everything becomes harder to maintain later.<\/p>\n<p>This phase is about getting the architecture right first \u2014 so future features have somewhere sensible to live.<\/p>\n<hr \/>\n<h2>\ud83e\udde0 Why This Phase Matters<\/h2>\n<p>This is the point where the project stops being just a Laravel app and starts becoming a <strong>control panel<\/strong>.<\/p>\n<p>We now have:<\/p>\n<ul>\n<li>Secure access control<\/li>\n<li>A defined UI structure<\/li>\n<li>Protected routes<\/li>\n<li>A working panel shell<\/li>\n<\/ul>\n<p>Every future feature \u2014 hosting accounts, sites, provisioning \u2014 will plug into what was built here.<\/p>\n<p>This phase may not be the loudest one in the series, but it\u2019s one of the most important.<\/p>\n<hr \/>\n<h2>\ud83d\udd1c What\u2019s Next \u2013 Phase 4<\/h2>\n<p>Phase 4 moves into the actual hosting layer.<\/p>\n<p><strong>This includes:<\/strong><\/p>\n<ul>\n<li>Hosting account system<\/li>\n<li>Site management<\/li>\n<li>Database relationships for hosting structure<\/li>\n<li>Preparation for provisioning logic<\/li>\n<\/ul>\n<p>This is where the panel starts interacting with real hosting concepts instead of just preparing for them.<\/p>\n<hr \/>\n<h2>\ud83c\udfc1 Final Thoughts<\/h2>\n<p>Phase 3 is a turning point.<\/p>\n<p>The system now has structure, security, and a clear direction.<\/p>\n<p>It\u2019s no longer just an application \u2014 it\u2019s the beginning of a platform.<\/p>\n<p>Everything from here builds on top of this foundation.<\/p>\n<p>And now it\u2019s time to make it actually manage something.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phase 3 introduces authentication, protected routing, and the core panel layout for the KR0311 Control Panel. This phase transforms the project from a basic Laravel application into a structured, secure control panel foundation ready for future hosting features.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[34,20,31,35,32,37,36,38,39,33],"class_list":["post-47","post","type-post","status-publish","format-standard","hentry","category-control-panel","tag-control-panel-build","tag-custom-hosting-control-panel","tag-laravel-authentication","tag-laravel-blade-layout","tag-laravel-middleware","tag-panel-ui-design","tag-php-control-panel","tag-self-hosted-control-panel","tag-server-management-panel","tag-web-application-security"],"_links":{"self":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/47","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/comments?post=47"}],"version-history":[{"count":4,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/47\/revisions"}],"predecessor-version":[{"id":97,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/47\/revisions\/97"}],"wp:attachment":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/media?parent=47"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/categories?post=47"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/tags?post=47"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}