I have a laravel built blog, and to comment on a post (if you're logged out) you must login. I put a link like this:
login to do this.
This redirects to the login form, which once filled out and user is authenticated, I have this:
return Redirect::intended('/');
Which takes the user to the homepage, not the page they intended to be on, in this case, the page with the post that they clicked the login link from to be able to comment. How can I return them back to the intended url in this case?
Actually, Redirect::intended('/') works if there is a key available in the session as url.intended otherwise it redirects to the default URL which is in your case '/', so definitely you didn't put the URL in the session. To accomplish this, you may put the URL in the session using something like this:
Session::put('url.intended', 'url...');
So, probably, in the login link, you may add a query string like this:
login
So, you can track the redirect and in that route's method (before return View) just put the previous URL in the session, using something like this:
if(Input::get('intended')) {
Session::put('url.intended', URL::previous());
}
Then before you redirect from there, you should remove the URL from the session using something like this:
$intendedUrl = Session::get('url.intended', url('/'));
Session::forget('url.intended');
return Redirect::to($intendedUrl);
This should solve the issue. Also, you may check this answer, could be helpful.
Redirect::intended requires two parts to work. The first is when the user tries to access a restricted page /orders but they aren't logged in you redirect them to the login page via:
redirect()->guest('/login');
Then on your login post-back if authentication is successful you call:
redirect()->intended('/dashboard');
Related
I have 2 laravel projects, 1 for the front end where i m using html css angularjs. The second for api controllers. I call using http post and get the api controllers functions using angularjs to get content data.
In the front end i have a menu this menu appears differently based on user role, if admin or no.
This is done. My problem is the access for views using the url in the browser.
So I have a query where I get for each user what modules in the menu can he see. Now I'm putting the result in Laravel session.
$menu = DB::select menu by user id ... //Getting menu query based on user if admin or no
session(["menu" => $menu);
return session('menu');
I'm getting the results and the menu is showing good in the website based on the logged user if he s admin or no.
Now, to solve the direct url access issue, I want to use this session and compare the url to this session, if the url exists in the session i will let him access, if no i will redirect him to somewhere.
any idea?
I would strongly suggest looking at the Laravel documentation on Authorization before going too far down a custom implementation:
https://laravel.com/docs/5.1/authorization
Without knowing more about how your front-end and back-end applications interact with each other, it is a little difficult to get into speciifics but i shall do my best.
Each page returned by Laravel has access to a Request object which contains information about the request which returned the page. You can access this Request and its assocaited Route using Laravels helper functions (if you are not passing it to the view already). The getPrefix() method will return the root relative url which you can then use as you see fit. For example:
// Return and store the URL as a string
$url = request()->route()->getPrefix();
// Check your session for the URL/s you want to allow and compare to the stored URL
if (session()->get('URL') == $url) {
// User is allowed access to the page
// Do something ...
} else {
// User is not allowed access to this page
// Redirect back or to a route of your choice
return redirect()->back();
}
I hope this gives you some ideas, good luck!
i have a Laravel 5.4 application where i do all Authentication based logic through PHP and then redirect the user to a catchAll route when they are authenticated, and let VueRouter take it from there...
I'd like to also use Entrust because my app will have several types of users and some elements (like an Edit User button) will only be visible to some user Roles.
I might also want to implement specific permissions, like some Admins can edit user Permissions, while others do not.
The issue is, alright i'm in Javascript territory now, so how do i know what my current Auth user is? Setting a global JS variable for Auth::user doesn't seem like a good idea to me.
Perhaps i would instead pass just an ID, but how exactly without making it globally visible as a window variable?
I think you may create an auth/check API call, like this:
protected function check()
{
if(Auth::guard('api')->check()) {
return Auth::guard('api')->user();
}
return ['success' => false];;
}
And then get current user with this call.
I am working on codeigniter and I am making a login page. When i validate the credentials I wan to move the user to next view if the credentials are correct.
I am using following command to redirect the user but it is merging the new view to the existing view and the url being shown in the browser is also getting appended.
$this->load->view('DataEntry');
URL before executing this command :http://127.0.0.1:8080/ci/
URL after executing this command : http://127.0.0.1:8080/ci/index.php/CI/DataEntry
how can i redirect the user from one view to another without appending the url and what is the right way to do it ?
I am an abolute beginner. so accept my apologies for dumb questions.
In general, it should be something like this:
//pseudo code
if ($validation_passed)
{
redirect('secret_page_controller/secretpage_method');
}
else
{
//if validation failed
$this->load->view('view_where_login_form_is');
}
Follow basic example from docs.
Please, format your code appropriate and add controller/method(s) code.
I am using Symfony 1.4 with sfGuardDoctrinePlugin. The problem is:
Lets us say the current page URL is www.pg.com/blog/edit.php
Now the session times-out and I click the blog index link
This redirects to www.pg.com/blog but since I need to login, the template for login_module and login_action is served on the same URL (www.pg.com/blog)
Post login, the user is taken to blog index (or even if the user clicks that link), the login template is served since it is cached for the "blog/index".
I suspect that somewhere in sfAuth plugin, there is a forward instead of a redirect that is serving the login template on the other page URL. How can I prevent this?
EDIT: I even got the line where it is happening, but I do not wish to modify Symfony source code. Can I do it outside?
Jul 31 10:02:59 symfony [info] {sfBasicSecurityFilter} Action "blog/index" requires authentication, forwarding to "sfGuardAuth/signin"
The user has to wait for quite some time or clear cache to avoid this.
Thanks
The forwarding is done by the sfBasicSecurityFilter filter. If you want to change the forward to a redirect, you will have to overwrite the forwardToLoginAction in your own security filter:
class mySecurityFilter extends sfBasicSecurityFilter
{
protected function forwardToLoginAction()
{
$this->getContext()->getController()->redirect(sfConfig::get('sf_login_module') . '/' . sfConfig::get('sf_login_action'));
throw new sfStopException();
}
}
I have the following controller action, which redirects to the login page if no user is logged in:
public function requireloginAction() {
if(!Mage::getSingleton('customer/session')->isLoggedIn()) {
// Not logged in
// Save requested URL for later redirection
Mage::getSingleton('customer/session')->setBeforeAuthUrl($this->getRequest()->getRequestUri());
header("Status: 301");
header('Location: '.Mage::helper('customer')->getLoginUrl()); // send to the login page
}
else {
// Logged in
.. do something ..
}
}
By using setBeforeAuthUrl, once the user logs in he/she is redirected back to this action.
Problem:
If instead of logging in, the user, creates an account he/she is then redirected to the main page, rather then to the url set in setBeforeAuthUrl.
Question:
Is there something similar to setBeforeAuthUrl that works with Account Creation too? Or how can I achieve the desired effect?
(Magento Version 1.6)
You can try using the following extension. http://www.magentocommerce.com/magento-connect/MagePsycho/extension/3763/custom_login_redirect
Or you can also open app/code/core/Mage/Customer/controllers/AccountController.php and look for the createPostAction() function around line 328 edit:
$url = $this->_welcomeCustomer($customer);
$this->_redirectSuccess($url);
to
$url = 'http://www.mycustomrediurecturl.com';
$this->_redirectSuccess($url);
If you want to do it the nice way override the controller add configuration options and make it a module :)
Cheers
Found solution.
First of all, setBeforeAuthUrl($url) does work for both "Log In" and "New Account Creation"!
The main difference (and the reason I had the problem) is that for a "New Account Creation" Magento checks if $url is within the domain name of the current store and if it is not, it redirects to the "My Account" page. While the redirection for "Log In" redirects to any $url.
I do not know if this is a bug or a feature (I'm using V1.6.0.0).
So just make sure to redirect to a url within the domain name of the current store - especially in a Multi Store configuration.