i am following along a video course from tutsplus -getting started with laravel- and managed up to vid 19 securing the admin panel. My problem as follows. i cannot login to the system because i don't have a valid email-password. in the db there are dummy user emails and hashed pw's but i cannot use because already hashed and i don't know the pw's.
i found this post
How to create a laravel hashed password
however artisan tinker doesn't work because REPL not supported.Falling back to simple shell.
$password = 'JohnDoe';
$hashedPassword = Hash::make($password);
echo $hashedPassword; // $2y$10$jSAr/RwmjhwioDlJErOk9OQEO7huLz9O6Iuf/udyGbHPiTNuB3Iuy
makes sense - to create a new user with known pw but i don't know where and how to implement the code so it spits out the hash in the browser. I tried making a file in the model as well as route and stuck in the code.. to no avail. or maybe easier way?
Can someone help thx.
Place this in your routes.php
Route::get('hash/{password}', function($password){
echo Hash::make($password);
});
And then open your-project.dev/hash/JohnDoe in your browser.
Related
I'm trying to figure something out. I want to make a page where a user can check for domain names and if they're available or not. I'm asking for advice because I don't know where to look. TransIP does have an API but I can't understand their documentation. What can I do? I want to make this work in laravel
There are many API wrappers you can grab from github, here is one I found on a google search. https://github.com/verschoof/transip-api
Just install with composer, put your login and private key in your .env perhaps and then include it in whatever file you want.
$client = new Transip\Client(env('TRANSIP_LOGIN'), env('TRANSIP_KEY'), true);
$domainApi = $client->api('domain');
$domainInfo = $domainApi->getInfo('user-input-domain.com');
$status = $domainApi->checkAvailability();
I would put env variables into a config file and access with config('key') but this is a basic example.
I'm using Ajax to log in a user from subdomain. The Yii2 app is on another subdomain. Both subdomains are configured to use same cookie and session domains and save paths. I'm including session ID with Ajax call to write the user information to the same session used by non-app subdomain like this:
$session = Yii::$app->session;
$session->open();
$session->setId($post["session"]);
$session["user.id"] = $user->id;
echo $session->id; // This does not return the same ID originating from post!
Unfortunately the user information IS NOT written to the session already existing, but a new one. Is there a session involved somewhere in the middle of login process or why isn't it working? I've also tried session_id($post["session"]), but nothing.
This was actually working on previous domain, so I must be missing something. All of the AJAX posted info is correct and checked, the user is logged in properly (checked the logs) but into wrong session.
Thanks in advance!
yii\web\Session::setId() is a wrapper for session_id(), you should read PHP documentation about this function :
string session_id([ string $id ])
If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose.
So you should simply try :
$session = Yii::$app->session;
$session->setId($customId);
$session->open();
I Don't think you are following the correct way to SET & GET session.
Try This:
$session = Yii::$app->session;
$session->open();
$session->set('id', $post["session"]);
echo $session->get('id');
For more info, please click Session Management - Yii2
Hello there I am listing now the base_facebook.php file and can't see in there a function which gives back the username of the user. There is only a function getUser() which returns the user ID. Can you navigate me about the way how to take the username of a user with this FB SDK in codeigniter ?
You would need to make an API call to get the user details:
$me = $facebook->api('/me');
var_dump($me);
Although, the username is not included anymore since v2.0, for privacy reasons.
This is for the old PHP SDK btw, but i assume that is what you are using. The new one works completely different and needs PHP 5.4+. HereĀ“s a tutorial, just in case: http://www.devils-heaven.com/facebook-php-sdk-4-0-tutorial/
Because of european privacy law being harsly applied in the Netherlands and to keep my company's site user friendly without nagging the users with questions if it's okay to store a cookie on their computer that allows me to access their client data.
What I need is a way to "overwrite" the native php sessions class so that at the point where the native class requests the cookie that stores the phpsessid, that I can place my own code there that checks the browsers fingerprint and matches that to a session id which I can use to return the normal working of the native class.
My idea is:
table sess_fingerprints
Fields: fingerprint - phpsessid
function getsessionid()
{
$result = $this->db->query("SELECT phpsessid
FROM `sessiondatabase`.`sess_fingerprints`
WHERE `sess_fingerprints`.`fingerprint` = '$userfingerprint'");
if($result->num_rows() != 0)
{
return $result->row->phpsessid;
}
}
and at that point the native php session code just works as it would normally do.
So, my question is: is it possible to overwrite only the "cookie" part of the phpsession class? if so, how? because I haven't found that yet.
I'm aware of being able to pass along the session variable via urls etc, but that's not secure enough for my web applications.
PHP provides support for custom session handlers:
http://php.net/manual/en/session.customhandler.php
I think I have found the solution to my problem.
I'm going to override the functions related to cookies by using http://php.net/manual/en/function.override-function.php
Thank you all for thinking along.
I am debugging on session login, when i am login to www.domainname.com the session will be only set for with www.
When i am going to url domain.com, session login is ignored, and i will be prompted to login form again.
I have set session cookie_domain also, but not working.
Any one can help me? why?
I know this question is as old as "Who came first? The egg or the chicken?"
I had a lot of trouble about this issue.
But... if you're using php I've found a solution:
In your login script insert in the first line
<?php
session_set_cookie_params(0, '/', 'www.yourdomain.com');
session_start()
?>
or you can try yoursubdomain.yourdomain.com instead www.yourdomain.com.
It works for me. Hope it help other users too.
I highly recommend redirecting users to the canonical version of the site (probably the www.example.com domain). Look around, you'll notice that most sites do exactly this for consistency (including SO; see what happens when you go to www.stackoverflow.com).
Have you tried setting the session domain to ".example.com"?:
$lifetime = 0;
$path = '/';
$domain = '.yourdomain.com';
session_set_cookie_params($lifetime, $path, $domain);
Note the dot in the beginning of the $domain string variable.
Check the reference of the function here.