I have already configured with permissions the menu that starts and accesses the user, the problem is when I log in, it automatically redirects me to the home page, which is something I want that not all users have access to the home page, but for example a salesman who redirects him to the home page automatically exits.
I've read examples on the internet that create middleware but I don't know how they work, then if you have to invoke it in the paths.
The login I am using is the default one with Laravel
use AuthenticatesUsers;
protected function authenticated($request, $user){
if($user->hasRole('SuperAdmin')){
return redirect('/dashboard');
}
elseif($user->hasRole('Admin')){
return redirect('/dashboard');
}
elseif($user->hasRole('Management')){
return redirect('/managment_panel');
}
elseif($user->hasRole('FrontDesk')){
return redirect('/fdo_panel');
}
elseif($user->hasRole('DataEntry')){
return redirect('/data_panel');
}
elseif($user->hasRole('SalesMarketing')){
return redirect('/sales_panel');
}
elseif($user->hasRole('Accounts')){
return redirect('/accounts_panel');
}
elseif($user->hasRole('Dealer')){
return redirect('/dealer_panel');
}
elseif($user->hasRole('Member')){
return redirect('/user_panel');
}
else {
return redirect('/dashboard');
}
}
Related
I've added a column (is_activated) in user DB to add verification email in registration process.
I follow this tutorial:
Tutorial
It works but an user that is not activated can bypass login function using the reset password form.
How can I resolve this problem?
You should create middleware and redirect all not activated users back to home page, for example:
public function handle($request, Closure $next)
{
if (!auth()->user()->is_activated) {
return redirect('/');
}
return $next($request);
}
Then register this middleware and apply it to all non public routes with Route::group()
If user is activated the value is 1, so integrate in your function the next validation:
// if user not have value 1 (is not activated)
if (auth()->user()->is_activated != 1) {
// user is not activated so redirect to index
return redirect('/');
}
// user is activated so redirect to account
return redirect('account');
}
you need check is "is_actived" have the value 1 or not.
In LoginController.php
I want to redirect user to home page.but it always shows blank page after authenticating user.
public function authenticater($data,$request)
{
$email=$data['email'];
$check=User::where('email', '=',$email)->first();
//if not found means we need to register the user
if ($check != null) {
// Authentication passed.....
$id=intval($check->id);
Auth::loginUsingId($id,true);
//echo '<html><script>setTimeout(function(){ window.history.go(-1); }, 3000);</script></html>';
//echo '<html><script>location.href="/";</script></html>';
return redirect()->guest(route('home'));
}
Change return redirect()->guest(route('home')); to
return redirect('home');
OR
return redirect()->route('home');
And make sure that your home.blade.php has some data in there, other wise it will show blank page.
You should write this
public function authenticater($data,$request)
{
$email=$data['email'];
$check=User::where('email', '=',$email)->first();
//if not found means we need to register the user
if ($check != null) {
// Authentication passed.....
$id=intval($check->id);
Auth::loginUsingId($id,true);
//echo '<html><script>setTimeout(function(){ window.history.go(-1); }, 3000);</script></html>';
//echo '<html><script>location.href="/";</script></html>';
return redirect()->route('profile');
}
This will solve your problem
Figured it out,
My mistake was: i called authenticater() from another method of controller.So,control was going to caller method.
$this->authenticater($data,$request);
return redirect('/home');
Solved. ..
anway,i tried all of that.still thank you #Jahid26 and #Iftikhar uddin :)
I am using steam auth. Once a user authenticates in steam, he is redirected back to my form where I ask him for his username(my and steam username rules differ) and email(steam does not provide it).
The problem is that if input is invalid he is redirected back(via laravel request) but at that point all GET parameters from steam are lost and he needs to visit steam login page again.
Controller method that decides whether to redirect to steam or show my login form
public function steamLogin()
{
if ($this->steam->validate()) {
$info = $this->steam->getUserInfo();
if (!is_null($info)) {
$user = User::where('steam', $info->getSteamID64())->first();
if (is_null($user)) {
if (!Cache::has('steam_' . $info->getSteamID64())) {
Cache::put('steam_' . $info->getSteamID64(), $info, Carbon::now()->addMinutes(5));
}
return view('auth.steam', ['info' => $info]);
}
Auth::login($user, true);
return redirect('/');
}
}
return $this->steam->redirect();
}
It is taken off an example here
I am designing some part of system in Laravel 5. It is expected to behavior as described below.
User gets unique url. It could be provided in email, but that will not matter.
He clicks it, and gets logged in with some temporary token (for a session lifetime), that gives him possibility to access all the urls in allowed route group, ex. account/*, but if he wants to reach other restricted urls, then he is asked to authorize with his username/password.
If he is already authorized, token login makes no effect for him.
My question is about possibility to do something like that in Laravel out of box. I know there are some middleware services, but I'm not sure if default Guard behavior will not need to be changed to work as I expect.
I used to work with Symfony before, and there it is solved by firewalls by default, so maybe also in Laravel there is prebuilt solution?
you can absolutely doing this use laravel, here is an example code not tested,
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if (preg_match('account', $request->route()->getName()) { //if url is under account, you can get route info from $request->route();
if (!session()->get($token)) { // if not have valid token
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->route('admin.login.index',['referrer'=>urlencode($request->url())]);
}
}
} else {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->route('admin.login.index',['referrer'=>urlencode($request->url())]);
}
}
}
return $next($request);
}
then from your route just add middleware auth to your group, this is a way to define you request in on middleware, laravel 5.2 support mutiple middleware.
I've created a custom roles manager for Laravel (4.2) based on the named routes e.g.:
users.index, customers.create, vendors.update, orders.store, users.edit, customers.update, etc.
Basically anything registered as a Route::resource(...); within the routes.php file (with a few custom named routes)
I'm checking the permissions with this method:
namespace Acme\Users;
...
class User extends \Eloquent implements UserInterface, RemindableInterface {
...
public function hasPermissions($route)
{
$actions = ['users.index', 'users.create', 'users.edit', 'users.delete']; // fake data
if ( ! in_array($route, $actions))
{
return false;
}
return true;
}
}
Then, within the app/filters.php, I'm checking the current route against the User.
Route::filter('auth', function()
{
if (Auth::guest())
{
if (Request::ajax())
{
return Response::make('Unauthorized', 401);
}
else
{
return Redirect::guest('login');
}
}
// check if the current authenticated User has permissions to access this route
if ( ! Auth::user()->hasPermissions(Route::current()->getName()))
{
return Redirect::route('dashboard.index');
}
});
Everything is working with any route using the GET method, but when it comes to PUT, PATCH, POST DELETE the Route::current()->getName() doesn't return anything.
Is there a better approach? I want everything to happen automatically, and I have a solution to this issue, but it's very involved. Is there a way to get the route name during a PUT, PATCH, POST or DELETE request?
Thank you.
Try to put your verification code inside after filter.
App::after(function($request, $response)
{
if ( ! Auth::user()->hasPermissions(Route::current()->getName()))
{
return Redirect::route('dashboard.index');
}
});