I'm using codeigniter 2.1.4 with datamapper 1.8.2, have loaded bcrypt however, cannot access it during validation, what could i be missing out? code snippet below.
$validation = array(
'password' => array(
'label' => 'Password',
'rules' => array('required', 'min_length' => 6, 'encrypt')
)
);
function _encrypt($field)
{
if (!empty($this->{$field}))
{
$this->{$field} = $this->bcrypt->hash($this->{$field});
}
}
I assume, that you've loaded bcrypt as a Codeigniter's library and you can access it in the controller (by $this->bcrypt), but can't access it in your model, right?
If so, in your model call the get_instance() function and change $this to $CI:
$CI =& get_instance();
$this->{$field} = $CI->bcrypt->hash($this->{$field});
Related
This question already has answers here:
Where API credentials should be stored in laravel?
(2 answers)
Closed 4 months ago.
I am wiring an laravel web application for a small project.
One of the features is to access the API of a foto database (piwigo).
I am very new to laravel and have 0 experience in web security so I was wondering what is the best way to set it up.
I managed to setup the API access trough laravel by creating a PiwigoClient model with a login method, that will pass the response coockies to other request to piwigo:
class PiwigoClient extends Model
{
use HasFactory;
public static $apiURL = 'https://not-actual-piwigo-link/ws.php';
public function login() {
$response = Http::asForm()
->post($this::$apiURL . '?format=json', [
'method' => 'pwg.session.login',
'username' => 'UserName',
'password' => 'PassWord'
]);
return $response;
}
public function test() {
$login = $this->login();
$cookies = $login->cookies();
$response = Http::withOptions(['cookies' => $cookies])
->get($this::$apiURL, [
'format' => 'json',
'method' => 'pwg.tags.getImages',
'tag_name' => 'ImageTag'
]);
return $response->json();
}
}
Now I was wondering, it does not feel safe to leave the 'PassWord' like this in the PiwigoClient model file. What would be the safest and most convenient way to "store" the password?
Standard practices are to store "secret" keys in .env and then reference them in your codebase via a config file.
https://laravel.com/docs/9.x/helpers#method-config
// PiwigoClass
public function login() {
$response = Http::asForm()
->post(config('piwigo.url') . '?format=json', [
'method' => 'pwg.session.login',
'username' => config('piwigo.username'),
'password' => config('piwigo.password')
]);
return $response;
}
// config file piwigo.php
<?php
return [
'password' => env('PIWIGO_PASSWORD', 'PassWord'),
'username' => env('PIWIGO_USERNAME', 'UserName'),
'url' => env('PIWIGO_URL', 'https://my_api_url...')
]
?>
I am trying to make auth based on third party api in laravel. not storing or using data from my local db. Here I am keeping api response data as an array just for visualization . It shows error Argument 1 passed to Illuminate\Auth\SessionGuard::login() must be an instance of Illuminate\Contracts\Auth\Authenticatable, string given, called in vendor\laravel\framework\src\Illuminate\Auth\AuthManager.php . How can I fix that. I also made R&D on it. Thanks in advance
$user = [
'status' => '200',
'token' => 'aWsIpvOEZfv4sfSRUGS2dDeGw7',
'id' => '12454545412',
'user' => [
'name' => 'xyz',
'email' => 'xyz#gmail.com',
'phone' => '12344787',
],
];
$user = json_encode($user);
Auth::login($user);
return redirect( '/home' );
You should create User class as a dummy model if you prefer.
namespace App\Helpers; // depends on you
use Illuminate\Foundation\Auth\User as Authenticatable;
class AuthUser extends Authenticatable
{
protected $guarded = [];
}
And you can use like this:
$user = [
'id' => '12454545412',
'name' => 'xyz',
'email' => 'xyz#gmail.com',
'phone' => 1234564897,
'token' => 'aWsIpvOEZfv4sfSRUGS2dDeGw7' // if you need in your user Object
];
$user = new AuthUser($user);
Auth::login($user);
dd(auth()->user());
I am creating an API POST request, but I want to hash some of the user input (referenceID and phone_no) and save into hash field using SHA512. I want to put it in the Controller.
I have create the Model Class and also the Controller
Model
protected $fillable = [
'referenceID' ,
'phone_no',
'hash'
];
Controller
public function store(Request $request)
{
$request->validate([
'referenceID' => 'required',
'phone_no' => 'required',
'hash' => 'required'
]);
$valrequest = Task::create($request->all());
return response()->json([
'message' => 'Great success! New validation request created',
'valrequest' => $valrequest, 201
]);
}
I want to hash the user input (referenceID and phone_no) and save into the hash field using SHA512. I want to put it in the Controller. How do I do this.
Should work fine like this, but the code's not tested at all and there's like a million different ways to do this. You won't need to validate the hash because it's no user input.
public function store(Request $request)
{
$request->validate([
'referenceID' => 'required',
'phone_no' => 'required',
]);
$referenceID = $request->referenceID;
$phone_no = $request->phone_no;
$hash = hash('sha512', $referenceID . $phone_no);
$valrequest = Task::create(compact('referenceID', 'phone_no', 'hash'));
return response()->json([
'message' => 'Great success! New validation request created',
'valrequest' => $valrequest, 201
]);
}
Laravel hash provides Bcrypt and Argon2 hashing. If you want to use sha512 you should use php hashing function. hash("sha512","your string");
How can I simply validate an email in laravel, without creating a validator?
Validator::email($email)
does not work
By laravel ref
We can do like this Validator::make(['email' => $email], [ 'email' => 'email'])
OR
By using laravel helper we can do like this
validator(['email' => $email], ['email' => 'required|email']);
OR
Edit: We can further simplefy this by using macro
Add this in Service provider
$this
->app
->make(Validator::class)
->macro('email', function ($email) {
return Validator::make(['email' => $email], [ 'email' => 'email'])
});
And now we can use like this
Validator::email($email)
Note: Not test this just throwing some idea we can do this way.
The BaseController uses ValidatesRequests trait so in the controller you can do...
public function store(Request $request)
{
$this->validate($request, [
'email' => 'email',
]);
//
}
How about using PHP filter_var?
https://www.php.net/manual/en/filter.filters.validate.php
filter_var($email, FILTER_VALIDATE_EMAIL)
I load my models like this
class Admin_user extends CI_Controller {
function __construct()
{
parent::__construct();
CheckLoginIn();
$this->load->model('admin_user_model','model');
}
function index(){
//my function..
}
}
Initially every thing was good...
then i had to use hooks..
my hooks.php file
$hook['pre_controller'] = array(
'class' => 'MyClass',
'function' => 'get_code',
'filename' => 'Myclass.php',
'filepath' => 'hooks'
);
now i get this error.
The model name you are loading is the name of a resource that is already being used: model
however if i set $config['enable_hooks'] = FALSE; everything works fine...
Got the answer.. i had to user post_controller_constructor instead of pre_controller so my hooks file will be
$hook['post_controller_constructor'] = array(
'class' => 'MyClass',
'function' => 'get_code',
'filename' => 'Myclass.php',
'filepath' => 'hooks'
);