I got a multi-step form where a user select a phone model, brand, etc and when they click get quote they get a price based on their selection.
To be able to confirm the quote, they need to put their address details or if they already have an account they can login.
The question is how can I redirect the user after they login to a different view with the quote details?
Thanks
By default after users login they get redirected to /home. If you want to change this functionality just define a redirect path in your AuthController like this:
protected $redirectPath = '/your-show-quote-page';
Check Authentication in Laravel Docs for more information
Based on your question, one way of doing what you want is:
Create a quotes table and store the quote information with your multi-step form,
Ask the user to login,
Redirect the user and show him the quote based on his selections.
Lastly, depending if the user is interested in buying the phone you can redirect him to one place or another and delete the quote when you donĀ“t need it anymore.
Other way would be to store the information about the quote in the session and display it when needed. For this you can check Session in Laravel Docs. The process would be the same.
Hope it helps.
Related
I'm trying to figure out how quickest and easiest to allow the admin user on the site I'm building to access and update any user's settings etc. E.g. I've written the code for a regular user to update their settings (and various other actions). Ideally I want an admin to be able to "be" that user as far as my code is concerned, i.e. allow the admin to do anything a user can, to that user's account. Is there any way of doing this?
If I Auth::login() as admin then from the point of view of Laravel I'm the admin user and not the user they might want to edit. If I login as the user then I don't have admin rights (which in my case means an extra admin menu on the navbar with options to suspend or delete the user, or search for other users).
Any thoughts on how to do this please, or am I overcomplicating things? I am looking for a specific functions/code to allow this, rather than a general strategy. I'm using Laravel 5.4, deployed on Heroku. I know there's middleware but it doesn't seem to do what I want as above.
Many thanks.
You could do as suggested in the above comment by Tim Lewis, or you could accept an "override" property in the user edit page where you can pass a specific user ID and then view the page as that user. For instance, the method might look like this:
public function editUser(User $user=null) {
//User that you want to edit can be provided. If not provided, $user will be null and we will load the user that is currently logged in.
if($user!=null && Auth::user()->role=='admin')
$user_to_edit = $user;
else
$user_to_edit = Auth::user();
//other code goes here
}
Then, if you pass a $user object to the method, you will be given the edit page for that user, rather than the Admin. Otherwise, a user will be able to use the same route in order to always view their own edit page.
Be very careful with code like this! You will want to make sure that non-admins do not have the ability to load in a user object and see somebody else's information. That's why I added the $user->role check in the if/else statement, but you might want to add extra security in the form of middleware.
spatie permissions is a wonderful package that I use to make permissions to resources available to super-administrators. https://github.com/spatie/laravel-permission
I'm building a system in Codeigniter 3.
Now as an admin user, i want to have the ability to login as a customer, so basically see what they see when they login.
Is it possible to manipulate the session within Codeigniter to allow an admin user to login to a different users account?
Thanks
I think it's question of how you build your app. I would make a switch which sets the session variable - f.e. "see_as_user" = 1, and than on the layout check this variable. Basically you should take control over what user sees.
I've got a Laravel app set up with user authentication, and a form on the user's homepage after logging in. The form posts to a custom controller. What I need is to be able to retrieve the ID of the current user (the one logged in) from within the controller, so it can be saved to a model along with the formdata.
It seems extremely easy, but I'm struggling to get it working. I have:
use Auth;
at the top of my custom controller. Inside the function that the form posts to I have tried:
var_dump(Auth::id());
var_dump(Auth::user()->id);
var_dump(Auth::user());
All of these return null.
As per mokiSRB's suggestion, I added a check for:
if (Auth::check())
And found that the user had been timed out without my knowing. This check is thus important to wrap anywhere you need to retrieve information about the logged in user.
In my codeigniter application following is the format of user profile
http://example.com/foo/view_profile/userid
how can I restrict a user to view others profile? that means he cannot browse any other link than his profile.
so user foobar420 can not browse following links for example
http://example.com/foo/view_profile/foobar250
http://example.com/foo/view_profile/
http://example.com/any-this-else
How can I achieve this?
Was going to comment this, but it's sort of an answer. Well an idea on this subject at least.
Instead of having "/view-profile/userId" why not just "/view-profile" and send the user model as an object to the page. Then you can just render the proper information only for the user who is actually logged in to the server. Assuming you have access to the user model in your server side script, this is the preferred method.
And if no user model is present, redirect to the login page.
I'm very new to ion-auth so apologies in advance if this is a dumb question.
I have a feature request from a user (an admin) where they would like to be able to switch into another user's account to see the app from their point of view. The use-case here is that the admin would find the user in question's account in our user admin page in the app, then click a button to effectively 'become' that user.
Any ideas how this would be achieved?
Many thanks
Pete
#Pete,
What you're asking for is what is sometimes called "hijacking" the account.
There isn't currently a feature for that, but essentially what you need to do is:
1) destroy the current session
2) rebuild the session as the user you want to highjack
3) make sure the logged_in session variable is also set.
Passwords are all hashed, but I think it would be pretty straightforward to write a login function for yourself that doesn't go through the password hashing as part of the login steps.
In other words,
1) log out
2) look up the user id's username & password
3) login directly with that password, not a hashed version
Of course, you'll want to be very careful about your security
You need to alter the users_groups table adding a "status" field, in order to set true/false the current user_group.
Then, upgrade the model with a function that makes the following:
Get the current group and sets his status to false.
Get the new group and set his state to true.
Redirect to home page of selected group.
With this change, you can regenerate all the user`s data session and navigate as the selected user.