I am new in ION-Auth, I want to make admin panel unique login form where admin can only login (no other user groups can allows to login here) and one for unique login form for employee group where employee can login only.
Let's say Group A is the Admin.
In the Group A controller, allow everyone to login first so you are able to check in what group that user belonged to.
Right after logging in, check if the user is an admin so he can access the Group A panel. You can check if the current user is admin by call thie is_admin metho
if($this->ion_auth->login($email, $password, $remember))
{
// It means the user has logged in. He has the correct user/pass
// Check if he is an admin
if(!$this->ion_auth->is_admin())
{ // Log out if not
$this->ion_auth->logout();
}
else
{
// Allow the access to the Group A pages
}
}
else
{
// Show the form again
}
Related
I'm trying to do this thing where if the user logging is an admin then Laravel needs to send them to the admin route and if the user is a customer then it needs to send them to the customer route.
I'm not sure how to go about doing this.
Any help would be much appreciated.
users table add new column role different role admin user and customer
and login controller check role and return view with different route
$user= Auth::user()->role;
if ($user->admin){
return redirect()->route('')
}else if($user->user){
return redirect()->route('')
}else{
return redirect()->route('')
}
I have a system where Admin will Enter his Client Dashboard with Client's Credentials. Admin has all information of Clients.
---------------------
Client1 Login
Client2 Login
---------------------
Now in my Controller I want to do this action. Admin will go to his Client Dashboard.
Is it possible to do?
public function login(User $user)
{
$credentials = $user->only('email', 'password');
Auth::logout();
// But after logout() it will stop, I know that.
if (Auth::attempt($credentials)) {
// Authentication passed...
return redirect('/');
}
}
Is it possible to Login in two accounts (Admin & Client) at the same time? :-P
for two login in same time in laravel u have to create admin table or client table and make seprate login in admin guard and default login u have to overwrite login with user guard then only u can maintain 2 login in same time in laravel
GUARD doc link here
I have overwritten Login and Logout functionality as I need to check many more conditions to authenticate the user like below.
public function login(Request $request)
{
$this->validateLogin($request);
$input=$request->all();
$user=User::where('username',$input['username'])->first();
//If Temp Password is set
if(strlen($user->temp_password)>10)
{
if (Hash::check($input['password'], $user->temp_password))
{
Auth::login($user);
$this->setUserSession($user);
$landing_page=Menu::find($user->landing_page);
return redirect()->route($landing_page->href);
}
else {
session()->put('failure','Invalid Username or Password');
return redirect('/login');
}
}
else{ //If Temp password is not set
if (Hash::check($input['password'], $user->password))
{
Auth::login($user);
$this->setUserSession($user);
$landing_page=Menu::find($user->landing_page);
return redirect()->route($landing_page->href);
}
else {
session()->put('failure','Invalid Username or Password');
return redirect('/login');
}
}
}
Now I need to restrict Same user from login once again in some other screen or place. I have checked Session Data but nothing is stored as Unique for a User.
ie. If a username admin is loged in US the same username admin must not be allowed to login from UK.
Update
Oh bagga, question wasn't quite clear. You are trying to restrict the number of sessions to 1 only. If I get it, then you will have to use a database session driver. Right now, I think you may be using the default driver (file). It only checks the session within the same browser. Using database session may allow you to check for session everywhere, and restrict the number of connections.
First, make sure your routes are within the web middleware so they can access sessions. Then, inside of the web middleware, create a group of routes that are only accessible for users who are not logged in.
Route::group(['middleware' => 'guest'], function () {
Route::get('login', 'LoginController#login');
// any other route
});
Logged in users won't be able to access the login route anymore.
You could also do the check in your login function to see if the user's is already connected by using
if (Auth::check()) {
// user is connected
// redirect them
}
What does this->setUserSession($user) do?
You can do this using login token.
Generate a login token and keep it in database.
And check for it's entry in database while logging in.
If it doesn't exist let log in success.
Else fail.
And delete login token every time user logs out.
Or
you can generate new token on each login success. And deleting old token and invalidating the old login.
But in this case you have to keep that token in session and for each request you have to check that token with database token.
If it matches, allow user
Else logout the user with notice.
I'll prefer the second method personally.
As you can check for the token in the middleware itself.
I have two user types in my registration page one is admin and another one is user,I have login page.when I logged as a admin it goes to dashboard, in dashboard I have 10 different types of components.when I logged as admin,dashboard should be display all components.but when I logged as a user dashboard should be display only 5 components(those who are related to user).I want to display these by using sessions.can you please help me how to do this by using sessions.and when I open any component in dashboard,username should be displayed on the top of the page.
public function login()
{
$data['error'] ="Invalid Login";
$this->load->view('auth/header');
if($this->input->post())
{
$user = $this->UserModel->login($this->input->post());
if(count($user)>0)
{
$array = array(
'client_id' => $user['client_id'],
'client_type_id'=>$user['client_type_id'],
'email' => $user['email'],
'password' => $user['password'],
);
$this->session->set_userdata($array);
}
else
{
$data["error_message"]="Invalid User Name and Password combination";
}
}
}
In your logging process, you can check user id and get query using id. Then you can check what are the components for logged user can access.
Get these details and put it to variable.then you can use session.
$this->session->set_userdata('set name',your variable);
and you can access this session anywhere you want.
$this->session->userdata('set name');
You can get user name via user id.
set user info in $your_var
$this->session->set_userdata('user_info', $your_var);
pass user info in array
$this->data['user_info']=$this->session->userdata['user_info'];
distroy session user info
$this->session->unset_userdata("user_info");
I'm just working on the user management-component of our new project.
The plan is:
User registers on the page with minimal amount of account data (username, pass, email)
User gets an email with an activation link to activate the account
User clicks on the link and activates his account
The system logs in the user after automatically after activation and redirects him to kind of a dashboard with account information (last login, hi "username", etc.)
But there are some problems with the auto login. this is the part of the code i use:
<?php
...
// set userstatus to "active" and delete meta information "activation_key"
// then automatically login
$this->User->id = $id;
$this->User->saveField('modified', date('Y-m-d H:i:s') );
$this->User->saveField('status', 1 );
// $this->User->deleteActivationKey ....
$this->Auth->login($this->User->read());
$this->Session->setFlash(__('Successfully activated account. You are now logged in.'));
$this->User->saveField('last_login', date('Y-m-d H:i:s') );
$this->redirect(array('controller' => 'pages'));
...
This works so far, until you want to get information about the logged in user with the user() function of the Auth Component.
We're using this in AppController->beforeRender, to have user information application wide:
$this->set('auth', $this->Auth->user());
but after that auto login action, i'm getting undefined index notices. (e.g. by accessing $auth['id'] in a view). print_r() shows me only the username and hashed password of the current user.
If you login manually, everything works fine. it must be something with the automatic login after the account activation.
Seems to be a problem with the session? What am i doing wrong?
Found a solution after testing many variations.
Works now with:
$user = $this->User->findById($id);
$user = $user['User'];
$this->Auth->login($user);
Don't know why, i thought i tried this way already and that did not work.
Have you tried this? (CakePHP 2.x)
public function signup() {
if (!empty($this->request->data)) {
// Registration stuff
// Auto login
if ($this->Auth->login()) {
$this->redirect('/');
}
}
}
That simple!