I have classic user id table where the primary key is BigIncrement.
I need to hide the id value from user. So my idea is to use hashIds packages.
What I've done to mask the id is by creating mutator on id column:
public function getIdAttribute($id)
{
return Hashids::connection(User::class)->encode($id);
}
The masking working good, but problem happens when I try to login.
Seems the login session is not created.
My questions are:
Why the login is failed after creating id mutator? I assume that to create session it involve the id value
Any better way to mask the id, besides using mutator?
Related
My User Class uses a Trait which creates tables on behalf of a new user registered.
I want to access the new user id number to use it in the table naming like below (which does not work).
static::creating(function($obj)
{
if (empty($obj->db_name)) {
$obj->attributes['table_id'] = 'user_' . $obj->id;
}
});
How can I access the id of this new user during the creating process so I can create and save the record without going back using created method to update the column.
creating occurs before the record is saved - it has no ID yet. You may want to hook into the created event instead, which occurs after the record has been saved and has an ID.
i have custom password reset in my project where user can change his password, now how can i secure the route where the user cannot manipulate the id..does laravel has it in the middleware?
Example:http://localhost:8000/changepassword/1/edit if user attempt to changes the id parameter it will redirect to access denied page.. is this possible?
Yes it is possible
In your controller function, you can check the current/login user id and that id which you are going to get from the URL
Also for admin user you can add one condition that
if(ADMINUSER || LOGIN_USER_ID == URL_ID){
}
But I recommend that add an extra column with the random and unique string use that column instead of Id, In that case your URL will be like this
/changepassword/wcdftgHYuj346DERFD/edit
then you need to get the user on the base of random_string 'wcdftgHYuj346DERFD'
I been using my session id to identify all the items that are added to a shopping cart temporary items table.
What I didn't know is that once the user login into the system the session id changes so I can't query the temporary items table anymore as there is no products containing the new session id value.
I am using file session driver and I was thinking to use db sessions but I think it will be exactly the same.
Any ideas on how to keep the session id after login?
Instead of using user's session_id you can store the cart items in a separate session key.
Like so -
Session::put('cart.items.0', $item_id);
Now you can access it as -
$cart = Session::get('cart');
Not exactly what you asked for, but to me this seems like a better way.
is it possible to set another table & column to store my remember tokens? I know that the framework tries to automatically find a remember_token column in my "users" model, but I want to store it separately from users. Is there a way to configure my default tokens table? Thank you
P.S - I'm using laravel 5
First, you need to create separate model for storing remember tokens and define a relationship on your User model like so
public function rememberToken() {
return $this->hasOne('RememberToken');
}
Then you need to override methods on your User model, originally defined in Authenticatable trait. Override getRememberToken() and setRememberToken() methods. You will also need to override getRememberTokenName() as it is used in where clause in EloquentUserProvider::retrieveByToken() see EloquentUserProvider line 60. In order for this to work properly you probably have to add global scope to your User model to join remember_tokens table on every query, and return 'remember_tokens.token' from getRememberTokenName() method.
Think twice as it seems more trouble than it is worth. Why would you want to store your tokens separately anyway?
I believe the way Laravel works uses a seperate column in the users table to store a single remember_me token. From my understanding it seems that logging out resets this token regardless of storing the token in a cookie (correct me if I'm wrong).
https://github.com/laravel/ideas/issues/971
If you log in with remember_me checked on your personal computer,
then again on your phone,
and maybe again with any other device,
then finally the act of signing out on any device using the remember_me token or not will reset this token in the DB.
If Laravel had a separate table, able to remember each device, it might solve the problem.
I have found that Code Igniter has already ci_sessions table which stores users session ids in it. I understand the main purpose of that table. Just I want to clarify how I can validate with ci_session table data with my current user login session id?
Basically , I am trying to do User login one place at a time. Multiple login's to be prevented. How can I do this?
You couldn't do that with session ID's since logging in from another location would create a new session ID at that new location.
Store the userID to the session then check it on login.
$this->db->where('userId',$userId);
$result = $this->db->get('ci_session');
if($result->num_rows() > 0)
{
//log out old user, throw error, whatever
} else {
//continue with login
}
By storing the user id in the session data and adding it as a column to the sessions table, you can remove all sessions of that user id on login before the session data is created. This will invalidate any session of the same user. For further explanation on how to do this, see here: https://stackoverflow.com/a/9564433/89211