I have two user types in my registration page one is admin and another one is user,I have login page.when I logged as a admin it goes to dashboard, in dashboard I have 10 different types of components.when I logged as admin,dashboard should be display all components.but when I logged as a user dashboard should be display only 5 components(those who are related to user).I want to display these by using sessions.can you please help me how to do this by using sessions.and when I open any component in dashboard,username should be displayed on the top of the page.
public function login()
{
$data['error'] ="Invalid Login";
$this->load->view('auth/header');
if($this->input->post())
{
$user = $this->UserModel->login($this->input->post());
if(count($user)>0)
{
$array = array(
'client_id' => $user['client_id'],
'client_type_id'=>$user['client_type_id'],
'email' => $user['email'],
'password' => $user['password'],
);
$this->session->set_userdata($array);
}
else
{
$data["error_message"]="Invalid User Name and Password combination";
}
}
}
In your logging process, you can check user id and get query using id. Then you can check what are the components for logged user can access.
Get these details and put it to variable.then you can use session.
$this->session->set_userdata('set name',your variable);
and you can access this session anywhere you want.
$this->session->userdata('set name');
You can get user name via user id.
set user info in $your_var
$this->session->set_userdata('user_info', $your_var);
pass user info in array
$this->data['user_info']=$this->session->userdata['user_info'];
distroy session user info
$this->session->unset_userdata("user_info");
Related
I have created a few forms in laravel. I want to restrict access to one of them only to a specific user.
I want to create a user and password myself.
This is my routes excerpt. This is the route I want to protect from access
Route::get('/tabledata_id_title', 'KedivimController#appearanceiddata');
This is my controller excerpt:
public function appearanceiddata()
{
//$magic = DB::table('prog_title')->select('pr_id', 'pr_title')->get();
$magic = DB::table('prog_title')->select('pr_id', 'pr_title')-> where('pr_index', '=', 1)->get();
return view ('takealook', ['magical' => $magic]);
}
This is a short fix for your problem.
public function appearanceiddata()
{
if (!Auth::guard('web')->check()) //check if someone is logged in
{
//redirect to login page.
}
else {
/*Check if the logged in user is your desired user.
Maybe try matching the logged in id with your desired id.
If you find that a user is logged in but they are not your desired user
then you may redirect them in some other place or show them a message. */
}
//$magic = DB::table('prog_title')->select('pr_id', 'pr_title')->get();
$magic = DB::table('prog_title')->select('pr_id', 'pr_title')-> where('pr_index', '=', 1)->get();
return view ('takealook', ['magical' => $magic]);
}
However, this practice is ok if you have one or two restricted field. But if you have more than that then you should read about middleware.
I use laravel 5.3
I created an online store website.
If user logs in and chooses a product then okay button, there will be realtime notification in icon cart.
My code looks like this :
If user selects product and okay button, it will run this function :
public function addNotificationCart()
{
Notification::send(auth()->user(), new CartNotification($cart));
}
Then :
public function toBroadcast($notifiable) {
return new BroadcastMessage([
'id' => $this->data->id,
'time' => $this->data->created_at,
'group' => 'cart'
]);
}
And my javascript code looks like this :
Echo.private('App.User.' + window.Laravel.authUser.id).notification((notification) => {
// run this statement if exist notification
})
If the code run, it works
I want to add a new feature on my website. So when the user is not logged in, the user can also add cart and there is will display notification cart
What matters to me is how I do it?
In this section :
Notification::send(auth()->user(), new CartNotification($cart));
And :
window.Laravel.authUser.id
It requires user data being logged and id
How do I fill it if the user is not logged on?
I am new in ION-Auth, I want to make admin panel unique login form where admin can only login (no other user groups can allows to login here) and one for unique login form for employee group where employee can login only.
Let's say Group A is the Admin.
In the Group A controller, allow everyone to login first so you are able to check in what group that user belonged to.
Right after logging in, check if the user is an admin so he can access the Group A panel. You can check if the current user is admin by call thie is_admin metho
if($this->ion_auth->login($email, $password, $remember))
{
// It means the user has logged in. He has the correct user/pass
// Check if he is an admin
if(!$this->ion_auth->is_admin())
{ // Log out if not
$this->ion_auth->logout();
}
else
{
// Allow the access to the Group A pages
}
}
else
{
// Show the form again
}
I'm just working on the user management-component of our new project.
The plan is:
User registers on the page with minimal amount of account data (username, pass, email)
User gets an email with an activation link to activate the account
User clicks on the link and activates his account
The system logs in the user after automatically after activation and redirects him to kind of a dashboard with account information (last login, hi "username", etc.)
But there are some problems with the auto login. this is the part of the code i use:
<?php
...
// set userstatus to "active" and delete meta information "activation_key"
// then automatically login
$this->User->id = $id;
$this->User->saveField('modified', date('Y-m-d H:i:s') );
$this->User->saveField('status', 1 );
// $this->User->deleteActivationKey ....
$this->Auth->login($this->User->read());
$this->Session->setFlash(__('Successfully activated account. You are now logged in.'));
$this->User->saveField('last_login', date('Y-m-d H:i:s') );
$this->redirect(array('controller' => 'pages'));
...
This works so far, until you want to get information about the logged in user with the user() function of the Auth Component.
We're using this in AppController->beforeRender, to have user information application wide:
$this->set('auth', $this->Auth->user());
but after that auto login action, i'm getting undefined index notices. (e.g. by accessing $auth['id'] in a view). print_r() shows me only the username and hashed password of the current user.
If you login manually, everything works fine. it must be something with the automatic login after the account activation.
Seems to be a problem with the session? What am i doing wrong?
Found a solution after testing many variations.
Works now with:
$user = $this->User->findById($id);
$user = $user['User'];
$this->Auth->login($user);
Don't know why, i thought i tried this way already and that did not work.
Have you tried this? (CakePHP 2.x)
public function signup() {
if (!empty($this->request->data)) {
// Registration stuff
// Auto login
if ($this->Auth->login()) {
$this->redirect('/');
}
}
}
That simple!
I am using Tank Auth, and require my users validate their email addresses. Upon validation, users are still not logged in. I would like users to be automatically logged in when activating their account.
In my previous version (home-grown auth) I wrote a login function that didn't require a password, that was only callable in that situation. However, I can't see a way of doing that in Tank Auth. One solution would be to cache passwords until activation, but I really don't want to do that...
You can just bypass your login system.
Store either thier email address OR alias in a cookie.
when they activate grab the cookie, search(verify they exist) for the user, then setup a normal login session.
A login is just a set of session rules.
inside your activation script/email process, append
$this->_set_ac_cookie({email});
-
protected function _set_ac_cookie({email})
{
return $this->input->set_cookie(array(
'name' => 'ac_cookie_'.{email},
'expire' => '7200', //You may mirror when/if your activation key expires
'domain' => 'yourdomain.com',
'path' => '/'
));
}
check cookie exists
protected function _before_activation({email})
{
return $this->input->cookie('ac_cookie_'.{email})) ? TRUE : FALSE;
//make sure {email} has a UNIQUE db constraint
}
when the user clicks the activation link
if($this->_before_activation({email}))
{
//check user exists AND activation status === false (0)
//grab the user details from db based on {email}, set activation status to true (1)
//setup login session
$this->session->set_userdata(array(
'logged_in' => (int)1,
'user_id' => {user->id},
'alias' => {user->alias}
));
redirect('dashboard');
}
else
{
//sorry!
}
If you take a look at the code inside tank auth that handles the email activation, you'll see that it explicitly logs the user out on email verification.
https://github.com/ilkon/Tank-Auth/blob/master/application/controllers/auth.php
Line 243.
You could just comment out $this->tank_auth->logout(); on line 244 and it should work as you want it to, but this would be bad practice.