# Admin Login Guide ## Overview The KiyoKart application uses **OTP-based authentication** (not password-based). All users, including admins, must login using their mobile number and OTP. ## Admin Access Setup ### Default Admin Credentials - **Mobile Number**: `9999999999` - **Login Method**: OTP (One-Time Password) ### Verify Admin Setup Run this command to check if admin is properly configured: ```bash php artisan admin:check-access ``` This will verify: - Admin role exists - Admin user exists - Admin user has admin role assigned ## Login Process ### Step 1: Access Login Page Navigate to: `http://your-domain.com/login` ### Step 2: Request OTP 1. Enter mobile number: `9999999999` 2. Click "Request OTP" 3. Wait for OTP to be generated ### Step 3: Get OTP (Development Mode) In **development/local environment**, the OTP is **NOT sent via SMS**. Instead, it's logged to Laravel logs. **To find the OTP:** ```bash # View latest logs Get-Content storage\logs\laravel.log -Tail 50 # Or search for OTP Get-Content storage\logs\laravel.log | Select-String -Pattern "OTP Generated" ``` Look for a log entry like: ``` [2025-11-12 08:00:00] local.INFO: OTP Generated (Development Mode) {"mobile":"9999999999","otp":"123456"} ``` ### Step 4: Verify OTP 1. Enter the 6-digit OTP from the logs 2. Click "Verify OTP" 3. You will be logged in and redirected ### Step 5: Access Admin Panel After successful login, navigate to: `http://your-domain.com/admin` ## Troubleshooting ### Issue: "Unable to login" **Solution:** 1. Check if admin user exists: ```bash php artisan admin:check-access ``` 2. If admin role is missing, run: ```bash php artisan db:seed --class=RolesAndPermissionsSeeder php artisan db:seed --class=AdminUserSeeder ``` 3. If admin user exists but doesn't have role: ```bash php artisan tinker ``` ```php $admin = User::where('mobile', '9999999999')->first(); $admin->assignRole('admin'); ``` ### Issue: "OTP not received" **In Development Mode:** - OTP is logged, not sent via SMS - Check `storage/logs/laravel.log` for the OTP **In Production:** - Ensure `FAST2SMS_API_KEY` is set in `.env` - Check Fast2SMS account balance - Verify mobile number format (10 digits) ### Issue: "Access Denied" after login **Solution:** 1. Verify user has admin role: ```bash php artisan tinker ``` ```php $user = User::where('mobile', '9999999999')->first(); $user->hasRole('admin'); // Should return true ``` 2. If false, assign role: ```php $user->assignRole('admin'); ``` 3. Clear permission cache: ```bash php artisan permission:cache-reset ``` ## Quick Fix Commands ### Create/Reset Admin User ```bash php artisan db:seed --class=AdminUserSeeder ``` ### Reset Roles and Permissions ```bash php artisan db:seed --class=RolesAndPermissionsSeeder ``` ### Assign Admin Role to Existing User ```bash php artisan tinker ``` ```php $user = User::where('mobile', 'YOUR_MOBILE')->first(); $user->assignRole('admin'); ``` ### Check All Admin Users ```bash php artisan tinker ``` ```php User::role('admin')->get(['id', 'name', 'mobile', 'email']); ``` ## Production Setup ### Change Admin Mobile Number ```bash php artisan tinker ``` ```php $admin = User::where('mobile', '9999999999')->first(); $admin->update(['mobile' => 'YOUR_NEW_MOBILE']); ``` ### Configure SMS Service In `.env` file: ```env FAST2SMS_API_KEY=your_api_key_here FAST2SMS_SENDER=KIYO FAST2SMS_ROUTE=dlt_manual ``` ## Security Notes ⚠️ **Important:** - The default admin mobile (`9999999999`) is for development only - Change the admin mobile number in production - Ensure Fast2SMS API key is properly configured - Monitor OTP requests for suspicious activity - Rate limiting is already configured (3 requests per 15 minutes)