I want to send a random generated number along with password and email field when the user is logging and attach that number where laravel is grabbing the user password (i want to attach the random number to the password that laravel grabs from the user table then check it against the password that the user entered in the login field)
However i am not able to send the random number from the login blade in a hidden field. Please help
You can overwrite default login function of laravel and create your own to send extra data after logging in.
Below is the code to get random number in session after logging in. Implement in your Controllers\Auth\LoginController.php .
class LoginController extends Controller
{
use AuthenticatesUsers {
login as traitLogin
}
public function login(Request $request)
{
$randomNumber = mt_rand();
$request->session()->flash('random_number', $randomNumber);
return $this->traitLogin($request);
}
}
After that, if you wish to use it in HomeController then you can do as below,
class HomeController extends Controller
{
public function index(Request $request)
{
$form = $request->session()->get('form_type');
// the rest of your logic
}
}
Note: If you want to use random number anywhere else, then you have to specify the place where you want to use it.
Hope this helps!
Related
I am using laravel framework to develop api’s ,it’s an existing application .there is a requirement if more than 5users registered from 6th user onwards i have to restrict them to use application until they approved by manager or they paid for registration fee then only the user will allow to use the application.
Can anyone give me the idea how to acheive this scenario or suggest me any package in laravel
Solution:
You can add 'status' field in your table. Now when your api is registering a user, you can check the No. of users in the database. If more than or equals to 5, you can set the status to 0. Now show the manager list of user with status 0 and when the status changes you can use the application.
Make sure to add condition where status = 1 when user is getting logged in.
I hope it helps!
Well, you can just put a isApproved column to indicate if the user is already approved or just like the email_verified_at that accepts timestamp as a value then create a middleware where you can check if the user is approved or not. then add a method to the user model to check if the user is approve :
User model
class User extends Authenticatable
{
public function isApproved()
{
// check if the account_approved_at column is not null.
return ! is_null($this->account_approved_at);
}
}
Middleware
class EnsureUserIsApproved
{
public function handle(Request $request, Closure $next)
{
if(! $request->user()->isApproved()) {
// can also use abort(403) instead of redirect
return redirect('route-where-you-want-the-user-to-redirect')
}
return $next($request);
}
}
You can check this for more information about middleware
I want to hide the login form and display an error message instead, but I can't.
I tried to put the code below that rewrites the action on the controller that shows the form, but the method that checks for too many login attempts doesn't seem to work and never returns true.
public function showLoginForm(Request $request)
{
if (method_exists($this, 'hasTooManyLoginAttempts') &&
$this->hasTooManyLoginAttempts($request) ) {
$seconds = $this->limiter()->availableIn($this->throttleKey($request));
return view('auth.block', array(
'seconds' => $seconds
));
}
return view('auth.login');
}
I managed the authentication process with php artisan make: auth login controller is the default generated by Laravel, the only change is in the action that displays the form.
The function hasTooManyLoginAttempts() needs, in the $request, the username (usually the email) as a key to know if the user has reached his max login attempts.
If, in the $request, there is not the username with a value the function is unable to verify the user login attempts.
So you cannot really know who is the user that wants to get your login form, you know who is only after he submitted the form.
IMHO the only way could be to add a username parameter to the GET request but you shoud provide it with some workarounds: cookies, session etc.
Looking at Laravel's code, it checks for hasTooManyLoginAttempts based on throttleKey and maxAttempts.
The throttleKey is dependent on the user's email and IP address. So the output of the following code is something like: info#example.com|127.0.0.1 and that is your throttleKey.
protected function throttleKey(Request $request)
{
return Str::lower($request->input($this->username())).'|'.$request->ip();
}
Now Laravel gets the user's email (username) from $request->input($this->username()) when you send a POST request, which you don't have access to in the showLoginForm method because it's called on the GET request.
Anyway, if you want to block the login form you'll need to come up with your own unique throttleKey and then override the method. Say you want your throttleKey to be based only on the IP address - which is not recommended. Here's how you do it:
// In LoginController.php
protected function throttleKey(Request $request)
{
return $request->ip();
}
Here is an "update" In the previous version of my project we didn't have any proper hashing on password. So I want to use Laravel's hashing, and invite the users to make a new password.
What I have is a new password column in my User table. If when the user tries to log in, the new password doesn't exist (empty column), we automatically do a "reset password." I would like to know where to do this verification:
class LoginController extends Controller
{
public function login(Request $request)
{
//check if the user has an empty password
//if yes
redirect('/password/reset');
//else
//use normal login function
}
}
Is that the correct place? And do I need to rewrite all login content in the "else" ? (sorry this is a basic question)
I suggest that you create a middleware ( EnsurePasswordIsAdded as an example ) for your case and not include the verification process in a controller, because a controller usually contains functions that interact either a database or an external API to provide a response to the user which is not the case for you, you're just filtering/verifying the request.
here's the documentation link about middlewares in Laravel:
https://laravel.com/docs/5.8/middleware
here's a code suggestion:
public function handle($request, Closure $next)
{
if ( !User::find($request->email)->hasPassword() ) {
return redirect('password-reset')->with('email',$request->email);
}
return $next($request);
}
I need to set up JWT authentication for my Yii2 app. The authentication itself works fine, the token gets parsed and I can read it's data in my User model. But the problem is that I need to compare this data to a real user in my DB. So, I've got this method in the User model which extends ActiveRecord
public static function findIdentityByAccessToken($token, $type = null) {
$user = User::findOne(['ID' => 1]);
die(json_encode($user));
}
It's very simplified just to see that it finds a user. It does not and it always returns this:
{"id":null,"userLogin":null,"userPass":null,"userNicename":null,"userEmail":null,"userUrl":null,"userRegistered":null,"userActivationKey":null,"userStatus":null,"displayName":null}
The data is not populated. But if I do the same inside any controller, like so
class TokenController extends ActiveController
{
public $modelClass = 'app\models\User';
public function actionFind(){
return User::findOne(['ID' => 1]);
}
}
It works great and I get the User object populated with correct data.
Is it possible to get user from not within an ActiveController class?
Well, I don't know exactly what is wrong with this line here die(json_encode($user));
But it actually finds and populates the user and I can access it later via
Yii::$app->user->identity
so I can also blindly compare its ID and password to the real ones here
I am using laravel5.2 auth and I have added an additional field : verified(y/n) in users table. Now before login I want to check if user is verified(Y) in database and if not verified display a message that your account is not yet verified.
If method authenticated exists in the AuthController it will be called from Laravel trait AuthenticatesUser. Use this method to block the user if it is not verified yet and, if required, resend the email.
public function authenticated(Request $request, $user)
{
if (!$user->activated) {
$this->activationService->sendActivationMail($user);
auth()->logout();
return back()->with('warning', 'You need to verify your account. We have sent you an activation code, please check your email.');
}
return redirect()->intended($this->redirectPath());
}
In /vendor/laravel/framework/src/Illuminate/Foundation/Auth you will find AuthenticatesAndRegistersUsers.php there you define what you want to do with your login.