I have a paid members and general users. I need to check when users logins is paid membership expired or not. Currently I am checking when login redirects to profile page
if(auth()->user()->type == 'paid' || auth()->user()->type == 'subscriber') {
$user = PaymentController::checkPaid();
}
How to check paid on logging in?
I tried adding the checkpaid into AuthenticatesUsers login method is it right way to do
if ($this->attemptLogin($request)) {
if(auth()->user()->type == 'paid' || auth()->user()->type == 'subscriber') {
$user = PaymentController::checkPaid();
}
return $this->sendLoginResponse($request);
}
Related
I have added multiple roles authentication in laravel 8.6. Used common middleware for this but occurring issues for login.
i.e If i logged in as admin (role id 1) it will redirected successfully to dashboard. But if you logged out and login as user (role id 2) it will redirect to login page again and the on second time it will redirected to dashboard on second attempt.
I need solution for it.
In your login controllers authenticated method,
If you are using spatie/larave-permission package
$user = Auth::user();
if ($user->hasRole('super-admin')) {
return redirect()->route('dashboard');
}
if ($user->hasRole('admin')) {
return redirect()->route('login');
}
If using self role middleware
$user = Auth::user();
if ($user->role_id === 1) {
return redirect()->route('dashboard');
}
if ($user->role_id === 2) {
return redirect()->route('login');
}
But you can not force a logged-in user to log in again. What is your plan? I strongly advise you to try something else.
I'm working with Laravel, currently I'm only focused on permissions and I need to validate that if a user has the role of Seller and Administrator they will list all the sellers, in case they don't, just list a project.
I've tried to create my own functions but I always fall into True and only allow me to validate 1 role no more
public function isSeller(){
foreach (Auth::user()->getRoleNames() as $role) {
if ($role == 'vendedor') {
return true;
} else {
return false;
}
}
}
If in the previous query within if I put && $role == 'admin' it will always return true even if the user does not have the role.
You can directly check as given below, it will return true if user has role seller or admin
Auth::user()->hasRole('seller','admin')
If you want to check user has both roles then
Auth::user()->hasAllRoles('seller','admin')
I have route:
Route::get('#{username}', 'HomePageController#username')->name('user.profile');
that route to allow for everyone to see the profile ( contains his info and his cv .. etc ), and in the beginning of register any user user must wait to active his account by the admin
I need to see if account of user still under process show above route just for him. and when the account is active open above route for everyone can see his profile.
I tried to create middleware but don't know how can I forbid the guest user
My wrong shut:
public function username($username)
{
$user = User::where('username' , '=' , $username)->firstOrFail();
if($user->active){
return view('frontend.user_profile',compact('user','projects_last','first_project','whole_projects'));
}else{
return redirect('/');
}
}
What the best scenario to do something like that?
thanks.
if ($user->active) {
// Everyone can see
} else {
if (Auth::user() && Auth::user()->username == $username) {
// only auth and himself can see
} else {
// redirect to home page
}
}
if($user->active || $username == Auth::user()->username){
return view('frontend.user_profile',compact('user','projects_last','first_project','whole_projects'));
}else{
return redirect('/');
}
You can try this
public function username($username)
{
$user = User::where(['username' => $username,'status' => 'active'])->firstOrFail();
if($user && auth()->user()->username == $username){
return view('frontend.user_profile',compact('user','projects_last','first_project','whole_projects'));
}else{
return abort(403, 'Unauthorized action.');
}
}
}
You can also use it like this
if( $username == Auth::user()->username){
return view('frontend.user_profile',compact('user','projects_last','firs. t_project','whole_projects'));
}else{
return abort(403, 'Unauthorized action.');
}
I have two middleware that are not route middleware. They are specifically to make sure that two things are in place for logged in users. Payments and documents signed.
My kernel.php:
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'App\Http\Middleware\VerifyCsrfToken',
'App\Http\Middleware\AuthenticateSigned',
'App\Http\Middleware\FeesOwed',
'App\Http\Middleware\DeniedAccess'
];
The ones that are creating this issue are AuthenticateSigned and FeesOwed
The first AuthenticateSigned:
public function handle($request, Closure $next)
{
if ($this->auth->guest())
{
if ($request->ajax()){
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
} else if(!$this->auth->user()->role->administrator){ // the users not an admin
if(!$this->auth->user()->agreement_id || $this->auth->user()->signed_current_membership_agmt == 0 ){
if ($request->ajax()){
return response('Unauthorized.', 401);
} else {
return redirect()->route('agreement');
}
}
return $next($request);
}
return $next($request);
}
then my FeesOwed:
public function handle($request, Closure $next)
{
$uri = $request->server()['REQUEST_URI'];
if($this->auth->user()
&& $this->auth->user()->role_id != 3
&& $this->auth->user()->unpaidFees() // Does the user have past due fees
&& $uri != '/profile/investment-fees' // view of form to pay fees
&& $uri != '/profile/charge-investment-fees' // post request to pay fees
&& $uri != '/profile/pay-payment'
&& $uri != '/logout'
//&& !$this->auth->user()->role->administrator // admins shouldn't be subject to this
){
\Session::flash('message','You must pay past due management fees before using the rest of the members platform.');
return redirect()->route('profile.investment-fees');
}
return $next($request);
}
I have read a ton of SO posts and laracasts and all of the notes are either "your missing a return $next($request);" or they are route middleware.
These middleware run all the time because there are times when its important for a user to know that they need to sign a new agreement or pay fees.
Any help is greatly appreciated.
Thanks
When a guest user tries to access /login, the AuthenticateSigned middleware will redirect it to /login, causing an infinite redirect loop.
Avoid redirecting when the requested URL is the same as the one you are trying to redirect to.
I am new to Laravel and was wondering what would; be the best practice to prevent users editing each other data.
I am aware that I can handle users pages with filter and Auth, eg.
Route::filter('auth', function($route)
{
$id = $route->getParameter('id');
if( Auth::check() && Auth::user()->id != $id) {
return Redirect::route('forbidden');
}
});
However I was wondering what about relationship pages (i.e. /user_profile/14, user_settings/22 , etc ). Do I have define filter for each of these [group of] routes and check id's against the relationship?? e.g.
Route::filter('auth.user_settings', function($route)
{
$id = $route->getParameter('id');
if( Auth::check() && Auth::user()->user_settings->id != $id) {
return Redirect::route('forbidden');
});
Route::filter('auth.user_profile', function($route)
{
$id = $route->getParameter('id');
if( Auth::check() && Auth::user()->profile->id != $id) {
return Redirect::route('forbidden');
});
...etc
or is there a better way to do this??
I'm guessing you did your application in a way that your route might look like this:
Route::get('user_profile/{id}', function()
If that's how you've been defining the routes for your user you might want to change it to just:
Route::get('user_profile', function()
Then upon requesting, the controllers would then load the appropriate profile/setting from the current authenticated user using something like Profile::findOrFail(Auth::user()->id) which in this case you don't have to worry about user checking out others profile, and all you need is the 'auth' filter group for the routes.