I currently have an admin panel that allows admins to login via other users accounts and view their accounts as the user would which redirects to a subdomain.
so ill be on the url http://example.local/admin/users which is a list of the users then when you log in as a particular user via this route.
Login as user
Route::get('/users/{id}/login_as', function ($id) {
$user = App\User::withTrashed()->find($id);
$user->changelogs()->create([
'action' => 'Admin logged in as user'
]);
session()->put(['og_user' => auth::user()]);
\Auth::logout();
\Auth::loginUsingId($id);
return redirect('/dashboard');
});
This will then redirect to the users page on how they see the platform but this will change to a sub domain http://subdomain.example.local/.......
I currently have a header that appears once logged in that contains a return to admin button which then logs you out of that user and returns you back to the admin page you was originally on.
Return to admin button
#if(session()->has('og_user') && auth::user())
<div class="signed_in">
<div class="container inner">
<h5 class="text-light mb-0">
Logged-in as {{ auth::user()->name }}
</h5>
<a href="/admin/{{session()->get('og_user')['id']}}/log_in_as" class="btn btn-secondary ml-auto">
Return to admin
</a>
</div>
</div>
#endif
Login as admin
Route::get('/admin/{id}/log_in_as', function ($id) {
session()->forget('og_user');
\Auth::logout();
\Auth::loginUsingId($id);
return back();
});
the problem i am having is once im logged in under another user on a subdomain and then i return to admin it directs me back to the admin page but under the sub domain still http://subdomain.example.local/dashboard with that domains UI theme when i want it to go back to example.local/dashboard
Can anyone point me in the right direction on how to do this?
You use
return back();
This function will return you to the previous page: in your case, the previous page is in the subdomain. So you don't want to go back.
Use a direct link to the page you want to visit instead:
return redirect('your desired route');
Related
I am using laravel auth application in that layout page is present, So to get name of current logged-in user in layout.blade.php I have use {{Auth :: user () -> name}} and it gives name too. But the problem is that when i get logout and try to login then login page gives error Trying to get property 'name' of non-object.
Please help me.
If no user is logged in so Auth::user() will return null,
so in your blade you can use Auth::check() to verify if a user is logged in
#if(Auth::check())
{{ Auth::user()->name }}
#endif
More info can found in
https://laravel.com/docs/7.x/authentication#retrieving-the-authenticated-user
you can use #auth #endauth helper in blade
#auth
{{ Auth::user()->name }}
#endauth
ref link https://laravel.com/docs/8.x/blade#authentication-directives
You will need to check if User is logged in first
try
#if(auth()->check())
{{auth()->user()->name}}
#endif
or in one line
{{auth()->user()->name ?? ''}}
I'm using Gate for permissions and redirect the user to the home if he doesn't have enough permission with an error message
if(Gate::denies('manage-users')){
return redirect(route('home'))->withErrors('You don\'t have enough permissions!');
}
But when the user navigates to another route with correct permission the page displays correctly but with an error handler in the view saying the same message "you don't have enough permissions"
How can I clear errors session once the error get displayed in home to hide it from other views?
Don't know if this is the best solution so please correct me. I Changed the validation to be this
if(Gate::denies('manage-users')){
return redirect(route('home'))->withErrors(['permission_error' => 'You don\'t have enough permissions!']);
}
In the home view
#if(session()->has('permission_error'))
{{session('errors')->get('permission_error')}}
#php session()->forget('permission_error') #endphp
#elseif( !session()->has('permission_error') && $errors->any())
<div class="alert alert-danger">
{{ $errors->first() }}
</div>
#endif
i dont know how hidden password on url
i got problem like this http://127.0.0.1:8000/bulletin/%201/edit?passwordC=11111&page=1
My View
<form>
<div class="form-row" style="specified-width:200; position: absolute; bottom:0; margin-bottom:10">
<input style="width:150px" type="password" placeholder="Password" name="passwordC">
<input type="hidden" value="{{$buletin->currentPage()}}" name="page">
<button style="margin:0 5px" formAction="/bulletin/ {{ $tampil_B->id }}/deleteOper" type="submit" class="btn btn-danger">Delete</button>
<button formAction='(url(edit))' type="submit" class="btn btn-primary">Edit</button>
</div>
</form>
My Router
route::get('/bulletin/{id}/edit','BulletinController#edit');
my controller
public function edit (Request $request, $id)
{
$buletin = \App\Dashboard::find($id);
$url = "/?page={$request->page}";
if(is_null($buletin->password)){
$request->session()->flash('failed', 'Cant Edit Because this post not had been set password ');
return view('bulletin.edit_nopass', ['buletin' => $buletin,'url'=> $url]);
}
if (hash::check($request->passwordC,$buletin->password)){
return view ('bulletin.edit', ['buletin' => $buletin, 'url'=> $url]);//save and go back to card
} else {
$request->validate([
'passwordC' => 'required|required_with:password|same:password'
],[
'passwordC.required_with' => "Password not match",
'passwordC.required' => "Password Required",
'passwordC.same' => "The Password You Entered Do Not Match.Please Try Again"
]);
}
The issue is a byproduct of how you have written this solution. To remove the password from the URL, you will have to find a different mechanism to get to the edit page.
As it currently stands, you are doing a GET request to the edit page from the form, and because it is a GET request, the form parameters are sent in the URL.
From the edit controller method you are then returning a view, so the URL is never re-written.
That is why you have this problem, as to how you could solve this, there are many options; you could post to an endpoint that stores the approval in a session that you then check in middleware, or in the controller, and then return the view. You could use the reconfirm password middleware from Laravel. Or even a POST-REDIRECT-GET pattern, where you post the form and then redirect to the edit page from there with whatever you need to do to protect the edit endpoint.
There are many options, but its impossible to tell you how to solve this problem given that you need to rethink how you will solve it.
First of all it is not correct to send with GET .But if it is very vital you have two way:
1.use encrypt .but it is not safe too.because there is even online sites that can decrypte .
2.use Hash:make . Hashing is an unilateral.It means that you can not dehash it
I have a Laravel app, and the password reset feature is needed. How can I flash a session message after the email is sent to the user or after clicking the submit button?
I can't seem to add a flash method to the function that returns the view of the reset password page, because the file is in the vendor folder.
After an hour of tracing of what function will be triggered after the submission of the password reset form, I have found out that:
After submission of the password reset form, the function sendResetLinkEmail will be triggered, can be found in SendsPasswordResetEmails.php.
Then in line 37
return $response == Password::RESET_LINK_SENT
? $this->sendResetLinkResponse($response)
: $this->sendResetLinkFailedResponse($request, $response);
The sendResetLinkResponse function is the one responsible for what happens if the email is sent successfully.
protected function sendResetLinkResponse($response)
{
return back()->with('status', trans($response));
}
By default, laravel auth:make doesn't display the 'status' variable in the front end or the reset password page.
I have to add these lines of code to the reset password template.
#if(session()->has('status'))
<div class="alert-container">
<div class="alert alert-success">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
{{ Session::get('status') }}
</div>
</div>
#endif
From the docs:
Sometimes you may wish to store items in the session only for the next request. You may do so using the flash method. Data stored in the session using this method will only be available during the subsequent HTTP request, and then will be deleted. Flash data is primarily useful for short-lived status messages:
$request->session()->flash('status', 'Task was successful!');
I want to check if user is login, if so then display some content, else i want to click a url or call modal.
#if(Auth::check())
.............if user registered display here
#else
I want to click the link below automatically....OR Call a view
<a class="signin_link" href="{{ action('Auth\AuthController#login') }}" rel="get:Loginform"><i class="fa fa-user" style="font-size:20px"></i></a>
#endif
This will redirect your user to the page you want:
#if(Auth::check())
.............if user registered display here
#else
//Redirect user to the link
<script>window.location = "{{ action('Auth\AuthController#login') }}";</script>
#endif
And this would open your modal, if you are using bootstrap for example:
#if(Auth::check())
.............if user registered display here
#else
//Opening a bootstrap modal
<script>$('#myModal').modal('show')</script>
#endif
Note: I assume that you already have your modal html somewhere on your page
While you can do it in the view, you shouldn't. Instead, use the auth middleware (see https://github.com/laravel/laravel/blob/master/app/Http/Middleware/Authenticate.php).
Here's an example:
Route::group(['middleware' => 'auth'], function() {
Route::get('/this/route/needs/a/logged/in/user', 'PageController#account');
});
If there's no user logged in the visitor is redirected to the login page (which you can set in the middleware).