CakePHP: When I change User session i get logout - session

I need to add possibility of Admin to enter User account, but i stucked when i change session data, i got logout.
$_SESSION['Auth']['User']['username']=$user_data['User']['username'];
To come back into admin session I made new variable
$_SESSION['Auth']['Admin']['id']=$user_id
Please help me to change admin data into user, and add possibility to come back as admin when logout

To login as a user when your are admin you can do this:
In your controller:
$user = $this->User->findById($idOfUserYouWantToLoginAs);
... // handle case where $user is empty
$this->Auth->login($user['User']);

Or you could just change the variables in the session as needed. I did it yesterday just changing the id of the logged user, but you can also change the stored username or email address or anything on session:
$this->Session->write('Auth.User.id',$newLoggedUserId);
$this->Session->write('Auth.User.username',$newLoggedUserName);
$this->Session->write('Auth.User.email',$newLoggedUserEmail);

Related

Password protected pages

I'm wondering how I can password protect pages (therefore web routes) without any auth. My website doesn't have user login/register system, it's not needed.
All I want is to have a several password protected pages that each have a unique password, these passwords are stored in a database.
How would I go about doing this?
Two steps.
create a page for requesting password, also include which page he is trying to access, if user enters the password correctly, set session variable saying pageX is authenticated and redirect to the page.
Create Middleware that checks for the session variable, if it doesn't exist redirect to password page.
I prefer to combine it with javascript window.prompt and session laravel.
Create a pop up to insert the password of the page.
https://www.w3schools.com/js/js_popup.asp
redirect the result to a route, in the controller search the password form database.
use session from laravel, so if the password exist set the session.
https://laravel.com/docs/5.0/session
4.the session isset is null, redirect it to another route.

CI Ion auth library session not working for different type of user

I am using ion auth library in CI application.In application, there are two types of group user admin and staff.It is working fine for login and logout separately but when I logged in staff module it uses same session for admin as well.I mean both user can not logged in at same time in the same browser.
Is there any trick to separate login session for bot user admin and staff?The application should allow to logged in same browser at the same time.
Any help will be great help for me.
If you are using same browser and have not logged out previous user, It will use that session. You can logout the previous user or different browser for new session.
If its your requirement and you want to achieve this, You will have to set different session keys for different users. Ex.
For Admin:
$this->session->set_userdata('admin_id', 'VALUEHERE');
For User:
$this->session->set_userdata('user_id', 'VALUEHERE');
While auth or login you will need to check:
while checking for admin
if($this->session->userdata('admin_id'))
{
//show admin content
}
while checking for user
if($this->session->userdata('user_id'))
{
//show user content
}

Laravel 5 - Manually logging in a user without password

I want to login users after authenticating them using OAuth and Google account without entering any password.
I know Auth::login functon can do such action but I don't know how to get the user instance while they haven't been authenticated yet.
Is there a way to do that?
You can 'manually' log a user in in two diefferent ways:
// log user in by ID
Auth::loginUsingId([id of user]);
Or
$user = User::find([id here]);
// or maybe
$user = User::whereUsername([username here])->first();
// and then
Auth::login($user);
See the documentation for authentication.

Laravel 5 reset password for a logged in user

I want to use laravel's reset password functionality to reset password for a logged in user (I'll use that instead of enabling users to change their password).
My problem is, when I redirect to the password reset route (/password/email/) and the user is logged in, they will be automatically redirected to the home logged in screen.
My first try then.. was to implement a method at the User model called sendResetPasswordLink. But, as I looked more into the platform I would need to generate the token and add to the password_resets table..
I looked into DatabaseTokenRepository and PasswordResetServiceProvider classes, looking for a function I could call to generate the token, but there is no function I could call statically..
I'm really lost, can someone point me the way?
From the ResetsPasswords trait, the answer is:
Password::sendResetLink(['email' => Auth::user()->email], function (Illuminate\Mail\Message $message) {
$message->subject('Your Password Reset Link');
});
You'll need to create your own route and controller method that allows this to be called for logged-in users.

Programmatically logout current user

I am trying to programmatically logout the current user from inside a listener.
I read here that
$this->get('security.context')->setToken(null);
$this->get('request')->getSession()->invalidate();
does the trick but then I can't call $this->container->get('security.context')->getToken()->getUser(); anymore as the token is now NULL.
How can I log out the user but still let the application run normally?
I have calls to getUser() in my controller functions so I should set back the token to something corresponding to an non authenticated user. How can I do this?
Also, if there is a way to programmatically start a new session and set a flash message to inform the user he has been logged out, it would be awesome.
Try
$anonToken = new AnonymousToken('theTokensKey', 'anon.', array());
$this->get('security.context')->setToken($anonToken);
first parameter is the token's key (i.e. '50cdf89882454')

Resources