I try to login users via ajax and I use in login form Html.AntiForgeryToken but I get error. because I after login users via ajax post another form that it has Html.AntiForgeryToken . I search and know that I should use Html.AntiForgeryToken with salt property but get me error.
How to fix this?
#Html.AntiForgeryToken(salt: "FormAjaxLogin")
Related
I'm trying to make a user logged in at back-end who is already a user of another website of mine. For now I'm able to fetch the user's data from previous website's database using an API and make user registration during the login process. Same time I want this user to be logged in when data is just inserted because now user is existing. I tried to reuse same method $this->processLogin(); but this method takes request function processLogin(Request $request) I can't feel passing email & pass to utilize this same method. I have tried guzzle self request with 3 parms 'email, password, _token' using POST request which didn't work. I don't want to exclude this route as well because it is being used for normal login. How can i make this user logged in right after inserting the required data? Please advise. Thanks in advance.
// if $id is your user that you want to login, then:
auth()->loginUsingId($id);
I am trying to update the user password via CURL call. created an API for that. But, every time user getting signed out if I do password update. I tried direct SQL method and that also not working. How do I prevent this. ?
I have tried below code after every password update. But it works only on HTTP request. Not working on API calls.
Auth::login($user);
If you are using session based auth, you can't use CURL call since the server will setup new session to the browswer when return response. Why don't you use form submit instead of CURL?
When I perform a login via FosUserBundle on my Symfony3 project I want to return an Ajax response instead of the html of the3 lgoin form.
As fas I searched I found that there is a fos_user_security_check that uses the FOSUserBundle:Security:check that checks if the user is loged in or not but I could not find either the source code of controller that performs the login or any sort of custom trigger in order to do that.
I also looked into: http://symfony.com/doc/current/bundles/FOSUserBundle/index.html but I cannot find a clue.
The problem that you are facing is that Symfony's build-in authentication handler performs a redirect after a successful login or redirects back to the login form on failure. To handle AJAX logins you have to write your own authentication handler. This article explains it:
http://www.webtipblog.com/adding-an-ajax-login-form-to-a-symfony-project/
How can I redirect to a route after clicking a button?
What I have done is this, using url() . Isn't this dangerous without passing a token?
Login
You should use the helper "route".
Like this:
Login
And, in your routes.php file, define that route name:
Route::get ('/movies/login',['uses'=>'CONTROLLER#METHOD'])->name('ROUTE_NAME');
Done! ;)
To redirect to route by it's name, you should use route():
Login
And yes, it's safe, since you're not sending any form data here.
https://laravel.com/docs/5.3/csrf
If you just want to redirect to the login page, then this should be fine, access tokens usually used with RESTful applications (because there is no session); if you are just navigating an user inside your website, then the laravel session handler should do most of it for you,
otherwise
You shouldn't handle login with GET.
Build a form, and POST it to a given route, in which you can validate the input parameters and then redirect to a given url from the server side.
This way you can add hidden inputs with CSRF tokens or other tokens.
I am trying to login the site. There are couple of GET request before moving to login screen and on the login screen:
My Request Parameter is:
username=8888888888&password=8888888888&AUTH_STATE=2c83bef4-9ab3-4549-8d3b-243e5864cc78
I know my username and password but when i capture the parameters using firebug, i found that along with that AUTH_STATE also going..
I tried to find the AUTH_STATE parameter in any of the GET Response made before login call.. But i did not find it out.. Is there any way to get that ???
I should be there in the login page. Check the HTML response of the login page.