This question already has answers here:
Wordpress AJAX doesn't work - response 0
(3 answers)
Closed 4 years ago.
I have a custom form in WordPress. A JavaScript (angularjs) posts the form to the admin area when the admin is logged in. How can this script call get current user id? The form is accessible only when admin user logs in.
It is always returning 0.
You should be using the following action, which will allow calls to the function current_user_id.
add_action( 'wp_ajax_nopriv_current_user_id', 'prefix_ajax_current_user_id' );
You could also just pass the user ID to the script using the wp_localize_script function from your themes enqueue scripts action.
Related
In an application with user profiles where a user can view information about themselves, I would like to add a 'Delete this user' button that only appears for logged-in admin users.
Using Inertia, I can check a user is an admin on the backend, then serve the page with return inertia('Page', [admin => true]); in the page data, and render the button based on that boolean.
My concern is that if there is sensitive information in the component that should only be shown to admins (let's say, in this example, I don't want users to know an admin can delete their account), a user has still downloaded that component when they loaded the page which imports it, even if through normal usage it would not be rendered into their DOM.
How can we get around this issue? Is it possible to entirely hide the existence of a Vue 3 component behind an authentication gate when using Laravel & InertiaJS?
For example, if I wanted to hide all evidence of the button in an application using blade for layout, I might do:
#if($admin === true)
<button onClick="http://my-secret-url.com/">Delete user</button>
#endif
Which doesn't provide the user with an opportunity to intercept the response from the server and change the 'admin' variable to true in order to see the button.
Seems like there are a lot of posts related to authentication and redirects, but I can't seem to find exactly what I need. I feel like it should be simple.
So, we have a system whereby we want users to enable 2FA and change their passwords every 60 days. We are using Laravel 8 with Jetstream. I am doing a check on login (via modifying config/fortify.php), which works fine, if the password needs to be changed or if they don't have 2FA they get directed on login to their profile page and they see a message saying they need to update their details.
The problem is they can then navigate to any other page without updating anything. Ideally I want them to be redirected back to the profile page until they update their info.
We have the routes inside a middleware group:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
routes here
});
I thought I could just add a check before any routes load using Auth::user(), but the array is empty and therefore any vars accessed are null.
Auth::users()->role;
I was hoping for something like:
Route::middleware(['auth:sanctum', 'verified'])->group(function() {
if (pass needs resetting and current route isn't profile) {
redirect('/profile');
}
});
I'm assuming that Laravel doesn't authenticate the user until after the middleware has run? Not sure, but that would explain the null values.
So, how would you guys accomplish this? Do I need to modify a controller instead? I just need the user to stay on their profile page until they have updated their data, then they can proceed as normal.
Many thanks for your help.
I created a laravel 8 project using jetstream authentication. As stack I have used inertia+vue. After successful login, I need to redirect to a blade file. But the problem is when I redirect to the blade file, the blade file opens as a modal like the image attached below. And the URL doesn't change (I mean the browser doesn't get refreshed). I would be grateful if you can suggest me the solution. Thanks in advance.
I eventually found this that allowed me to redirect to a page directly from a controller without it appearing in a modal—https://inertiajs.com/redirects#external-redirects.
Example:
return Inertia::location($url);
I am utilizing a custom MY_Controller to authenticate users on my Codeigniter website.
I utilize $this->load->vars($data); such that I can access the users information in views.
My first question is, does $this->load->vars($data); allow access in models, and if so how - i couldn't find any information. If not, how can I get my logged in users username to my models without having to pass it through a controller every time?
Secondly... if the user is not logged in, I redirect them redirect(base_url() . 'account/login');
This works great, except because my account controller also extends MY_Controller, it gets stuck in an infinite redirect loop. I can just not extend the custom controller for this page, but I see no reason why a logged in user should not still be able to look at the login page.. any ideas?
Finally.. if a user is logged in, $user['username'] is defined in my views.
If a user is not logged in, it is not defined.
As such if i have if($user['username']!=''){ within my code, when a user IS logged in, all is fine and the code executes, however when no user is logged in errors pop up as regards an undefined variable being used in an if statement...
Codeigniter being difficult..
What is the work around here?
Many Thanks !!
I agree with Chris about storing user details in the session.
To check if a user is logged in you could write a gatekeeper function and place it in the controllers construct to protect controllers (and therefore the views).
Something like;
function gatekeeper()
{
if (!isset($this->session->item('username')) || !$this->session->item('username'))
{
redirect('/account/login);
}
}
I would consider storing the userdata for the currently logged in user in the session so that you don't need to query it and pass it to the view every time. You can access session data in the controllers, views and models with $this->session->userdata('your_userdata_var_name');.
The reason $user['username'] displays an error is probably because it's being completely removed, not set to an empty string (''), in which case you are trying to access an undefined array key.
i have 3 tabs at top of page i.e
home | profile | +
now i want that user can create their own custom page while click the (+) icon/button...!! how can i do that with php ajax
One way may be like this:
1: When + link is clicked, you prompt the user for entering title of the page to be created.
2: User enters page name; request goes to a php script via ajax
3: PHP scripts creates a page in db with submitted title.
4: With ajax response; you redirect user to new created page and edit it.
There can be many solutions to that though.