I have a "Logout" link in my top navigation bar. I'm wondering how I can make it so that while I'm logged in, it'll log me out when I click on it and return me to the homepage.
To be specific, what changes to which files do I make in Laravel? Also, what code do I need to write in the view, which currently contains just HTML, to trigger this?
When you run php artisan make:auth, the default app.php in Laravel 5.5 does it like this:
<a href="{{ route('logout') }}" onclick="event.preventDefault(); document.getElementById('logout-form').submit();">
Logout
</a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
{{ csrf_field() }}
</form>
Edited 28/12/2019: It's work, but This answer contains a serious security issue. Please consider before using it. The Answer by Lucas Bustamante maybe a better choice. Refer to the comment section of this answer.
1) if you are using the auth scaffold that laravel contains. You can do this, in your navigation bar add this:
logout
then add this to your web.php file
Route::get('/logout', '\App\Http\Controllers\Auth\LoginController#logout');
Done. This will logout you out and redirect to homepage. To get the auth scaffold, from command line, cd into your project root directory and run
php artisan make:auth
2) add this to your navigation bar:
logout
then add this in your web.php file
Route::get('/logout', 'YourController#logout');
then in the YourController.php file, add this
public function logout () {
//logout user
auth()->logout();
// redirect to homepage
return redirect('/');
}
Done.
Read:
https://mattstauffer.co/blog/the-auth-scaffold-in-laravel-5-2
https://www.cloudways.com/blog/laravel-login-authentication/
Use the logout() method:
auth()->logout();
Or:
Auth::logout();
To log users out of your application, you may use the logout method on the Auth facade. This will clear the authentication information in the user's session.
if you want to use jQuery instead of JavaScript:
<a href="javascript:void" onclick="$('#logout-form').submit();">
Logout
</a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
#csrf
</form>
As the accepted answer mentions that logging out via GET has side effects you should use the default POST route already created by Laravel auth.
Simply create a little form and submit it via link or button HTML tag:
<form action="{{ route('logout') }}" method="POST">
#csrf
<button type="submit">
{{ __('Logout') }}
</button>
</form>
If you use guard you can logout using this line of code :
Auth::guard('you-guard')->logout();
in laravel 8.x
#csrf
<x-jet-dropdown-link href="{{ route('logout') }}"
onclick="event.preventDefault();
this.closest('form').submit();">
{{ __('Logout') }}
</x-jet-dropdown-link>
</form>
Related
I have domain for example aaa.com. And I deploy Laravel on my webhost succesfully. Login, pages, all things etc. works fine. but whenever I logout it redirects me to 127.0.0.1 not aaa.com. Of course, I have to point out that I am using Laravel Breeze
and here is what I wrote:
my logout form inside any page.
<form method="POST" action="{{ route('logout') }}">
#csrf
<button type="submit" class="underline text-sm text-gray-600 hover:text-gray-900">
{{ __('Log Out') }}
</button>
</form>
My web.php include require __DIR__.'/auth.php'; . Does not contain any logout redirects.
and inside auth.php
Route::post('logout', [AuthenticatedSessionController::class, 'destroy'])
->name('logout');
and finally AuthenticatedSessionController.php
public function destroy(Request $request)
{
Auth::guard('web')->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
return redirect('/');
}
I don't understand why I am being redirected to 127.0.0.1 instead of aaa.com?
Edit:
and forgot to mention my .env file include
APP_URL=https://aaa.com
In .env file, Change APP_URL
APP_URL=http://aaa.com
Thank you to everyone who replied. It fixed itself the next day. It must be something left in the web host's cache, or your browser's. It's not a Laravel thing.
I'm using tailwind, Laravel 8 and Breeze.
After installing Breeze I would like to customize (change size, color and text) the log out button but I have no idea how to do that.
Here is the code :
<form method="POST" action="{{ route('logout') }}">
#csrf
<x-dropdown-link :href="route('logout')"
onclick="event.preventDefault();
.closest('form').submit();">
{{ __('Log Out') }}
</x-dropdown-link>
</form>
and the auth.php
Route::post('/logout', [AuthenticatedSessionController::class, 'destroy'])
->middleware('auth')
->name('logout');
Thanks for your help
To begin, you should be aware that the dropdown-link is rendered using a component. When you alter the components, it may affect all pages that use that component.
You can modify that component in this file: resources/views/components/dropdown-link.blade.php
use this code in your blade file
Logout
#csrf
its on working
Odd question here. Im using the default Auth::routes(['verify' => true]); In Laravel 6. So I register ( Custom registration form ) and all works fine ( added to database etc ) then I am taken to the verification page where it has an email link to resend. When I click this I get:
The GET method is not supported for this route. Supported methods: POST.
The View has this named routed in the link route('verification.resend')
As you can see here. Verify resend is a POST route. So GET method is not allowed. So it should be a form Post instead.
If you are using blade something like this will get you there.
<form method="POST" action="{{ route('verification.resend')) }}">
</form>
Because in laravel 6+ they added this route as a post so you can do it by below code
<a onclick="event.preventDefault(); document.getElementById('email-form').submit();">{{ __('click here to request another') }}
</a>.
<form id="email-form" action="{{ route('verification.resend') }}" method="POST" style="display: none;">
#csrf
</form>
hi m trying to get product details by clicking on product at product listing page, when I click on product link then at next page URL is fine http://127.0.0.1:8000/product/2 but product is not showing
controller:
public function productdetail(Request $request, Product $product)
{
return view('product.detail', compact('product'));
}
route:
Route::get('/product/{product}','Admin\ProductController#productdetail')->name('product.productdetail');
detail.blade.php
<form method="POST" action="{{ route('product.productdetail', $product->id) }}" enctype="multipart/form-data">
#csrf
{{ $product->product_name }}
</form>
at listening page m using this link for detail page:
<a href="{{ route('product.productdetail', $product->id) }}" class="block2-name dis-block s-text3 p-b-5">
{{ $product->product_name }}
</a>
Ok, I found where problem is when you provide your controller and routes.
You got route resource:
Route::resource('product','ProductController');
And your route for details:
Route::get('/product/{product}','Admin\ProductController#productdetail')->name('product.productdetail');
Resource will provide same route for show, so you need to change your route with additional parameter like:
Route::get('/product/{product}/details','Admin\ProductController#productdetail')->name('product.productdetail');
Now you can point to that route and I think now will work.
I have form like this
<form action="{{ url('/reviews/delete', ['id' => $review->id]) }}"method="POST">
{{ method_field('DELETE') }}
{!! csrf_field() !!}
<a class="delete right-button"> <i class="fa fa-trash-o" aria-hidden="true"></i> </a>
</form>
When I use inspect I see the id and if I change it I can delete different record depends on which id I fill into inspection. How to avoid this?
You can check in the controller like so
abort_if($user->id !== $review->user_id, 404)
personally I like using policies https://laravel.com/docs/5.6/authorization#writing-policies
$this->authorize('delete', $review);
The thing is that HTML already renders the form and when you submit it, request reads the URL inside the action and goes there, so there is no 'real' answer on how to prevent it, but you can put some validation in the FormRequest.
If you want to go further you can create Model Policy and check if the review belongs to the user which is trying to remove it, or some other kind of validation.