I have written a custom authentication module which will verify a users credentials from an external API this works fine and the user can log in and logout however i cant use #auth and #guest in a blade template. I am setting a session variable "authenticated" => true but it doesn't seem to work and despite being logged in just shows me the guest content.
laravel 5.8
I think that I am not setting the correct session variables any help is appreciated.
Thanks
Cam
ok so I made a silly mistake, I was returning a view that needed data from a controller instead of calling the controller I returned the view with no data in it which is why i was making myself confused.
In case anyone comes across this and has the same issue as me the session variable that needs to be set is something like this where the 59ba... is a token
$request->session()->put('login_web_59ba36addc2b2f9401580f014c7f58ea4e30989d', 1);
Related
Seems like there are a lot of posts related to authentication and redirects, but I can't seem to find exactly what I need. I feel like it should be simple.
So, we have a system whereby we want users to enable 2FA and change their passwords every 60 days. We are using Laravel 8 with Jetstream. I am doing a check on login (via modifying config/fortify.php), which works fine, if the password needs to be changed or if they don't have 2FA they get directed on login to their profile page and they see a message saying they need to update their details.
The problem is they can then navigate to any other page without updating anything. Ideally I want them to be redirected back to the profile page until they update their info.
We have the routes inside a middleware group:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
routes here
});
I thought I could just add a check before any routes load using Auth::user(), but the array is empty and therefore any vars accessed are null.
Auth::users()->role;
I was hoping for something like:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
if (pass needs resetting and current route isn't profile) {
redirect('/profile');
}
});
I'm assuming that Laravel doesn't authenticate the user until after the middleware has run? Not sure, but that would explain the null values.
So, how would you guys accomplish this? Do I need to modify a controller instead? I just need the user to stay on their profile page until they have updated their data, then they can proceed as normal.
Many thanks for your help.
I have created custom error pages which include a navbar.
The content is determined by a check - #if (auth()->check()).
This always results in a nav bar for a logged out user, never logged in. Once back to a valid page/request the navbar displays as expected.
I have done some research but haven't found any answers that have worked. One suggestion appeared to work but then validation redirects were not including old data or errors.
Does anyone have a solution to this?
As hinted by Joe in the comments...
In the file app/Http/Kernel.php - the line,
\Illuminate\Session\Middleware\StartSession::class,
needs to be moved from the middlewareGroups web array to the middleware array.
You should use:
if (Auth::check()) {
// The user is logged in...
}
In any case, as documentation says: https://laravel.com/docs/5.6/blade
Authentication Directives
The #auth and #guest directives may be used to quickly determine if the current user is authenticated or is a gues.
I am facing token mismatch issue in new server while working fine in localhost. I have tried every possible way to clear cache and give SESSION_DOMAIN path in env but all seems useless.
Also session cookies are not being created in web browser while creating in storage/framework/session folder.
Please help me !
Are you getting tokenMismatchException exception?
If yes, some of the possible reasons are:
Check your files for PHP end tag "?>", if exists remove it. For more detail refer to this link.
You may need to use web middleware. For more detail refer to this link (although it is about laravel 5.2 but, it may work for your situation too).
Another thing to try is checking for web middleware presence. Normally it should be automatically applied to routes/web.php
Route::group(['middleware' => ['web']], function () {
<routes>
});
Also check out https://laravel.com/docs/5.3/upgrade to see if you have any code that might have been influenced by this update.
And lastly, it would be nice if you could post a piece of code which is responsible for sessions in your app.
I've used multi Auth concept in my Laravel project,
I had follow all step from here
In this case my Auth attempt is working
(Auth::attempt('inspector',$userdata)), Is working fine, But when I'm trying to use Auth check it is not working, And it is not giving any error.
I use (Auth::check('inspector')) like this,
Could you please tell me how I can use auth check here?
Finally resolved issue, I use isset for my Dashboard page after first login,
This is the code I used at the starting of my Dashboard page dahboard.blade.php
code as below
if (isset(Auth::user('admin')->email))
{!! Auth::user('admin')->id !!}
endif
And after this I use Auth::check() in controller and it is working fine.
I am utilizing a custom MY_Controller to authenticate users on my Codeigniter website.
I utilize $this->load->vars($data); such that I can access the users information in views.
My first question is, does $this->load->vars($data); allow access in models, and if so how - i couldn't find any information. If not, how can I get my logged in users username to my models without having to pass it through a controller every time?
Secondly... if the user is not logged in, I redirect them redirect(base_url() . 'account/login');
This works great, except because my account controller also extends MY_Controller, it gets stuck in an infinite redirect loop. I can just not extend the custom controller for this page, but I see no reason why a logged in user should not still be able to look at the login page.. any ideas?
Finally.. if a user is logged in, $user['username'] is defined in my views.
If a user is not logged in, it is not defined.
As such if i have if($user['username']!=''){ within my code, when a user IS logged in, all is fine and the code executes, however when no user is logged in errors pop up as regards an undefined variable being used in an if statement...
Codeigniter being difficult..
What is the work around here?
Many Thanks !!
I agree with Chris about storing user details in the session.
To check if a user is logged in you could write a gatekeeper function and place it in the controllers construct to protect controllers (and therefore the views).
Something like;
function gatekeeper()
{
if (!isset($this->session->item('username')) || !$this->session->item('username'))
{
redirect('/account/login);
}
}
I would consider storing the userdata for the currently logged in user in the session so that you don't need to query it and pass it to the view every time. You can access session data in the controllers, views and models with $this->session->userdata('your_userdata_var_name');.
The reason $user['username'] displays an error is probably because it's being completely removed, not set to an empty string (''), in which case you are trying to access an undefined array key.