Filter Pages in laravel - filter

i'm a rookie in laravel.
I have a page in admin profile (/Profile /admin). But if someone put
http:// ... / Profile/admin
. Happen a jump directly to the admin page without login.
I tried putting:
Route::filter ('/Profile/admin',function ()
{
if (Auth::guest ()) return Redirect::guest ('login');
});
but i dosen't work.
Thanks.

You can run filters on your routes to basically check to see if someone is logged in or not. There is probably a bit you need to do to make sure all is secure.
However, suggested reading:
http://laravel.com/docs/routing#route-filters
http://laravel.com/docs/security
Hope it helps.

Related

User authenticating but not staying logged in Laravel 8.x

When testing my application and trying to create a new user then on form submission I am getting error 419.
If I use a helper to log in using Auth::loginUsingId(x) for an existing user then dd(auth()->user()) is successful but when I redirect to another page the user is no longer logged in. eg running the following code, you end up getting redirected to /login:
Route::get('/logInAs/{id}', function ($id) {
Auth::loginUsingId((int) $id);
dd(\auth()->user());
return redirect()->route('dashboard');
});
I would share more code but I'm not sure what would be useful at this point?
I've probably spent about seven hours trying to fix this so far. It's driving me up the wall!
The app works fine on other environments, such as staging. I've even gone so far as to re-download it from github as a fresh install (in case I was messing about in vendor directory and changed something), but that hasn't fixed it.
I get the same issue on Chrome, using different signed in users on Chrome, using incognito mode on Chrome, using Firefox, and using valet share and accessing my local version on another device, like a phone, so I don't think it is to do with browser caching.
When other devs working on the project run it locally on their machines I haven't had reports of this issue, so it seems to just me my local environment.
I've variously tried changing CACHE_DRIVER and SESSION_DRIVER in .env to no joy, but I'm beginning to lose the will to live so don't really know if I'm doing the right thing there - please help if you can!!
Edit to add more detail:
Middleware on the dashboard route:
Route::middleware(['auth:sanctum', 'verified'])->group(function(){
Route::get('/dashboard', DashboardController::class)->name('dashboard');
});
If I remove the middleware then I just get an error that user is null on dashboard.blade.php, ie the user is still not staying logged in.
A custom middleware:
class VerifyUserIsMerchant
{
public function handle(Request $request, Closure $next)
{
if ($request->user()->isMerchant()) {
return $next($request);
}
throw new AccessDeniedHttpException('You must be a merchant to access this page');
}
}
If I dd($request->user()) in this middleware it returns null.
The issue got fixed with the help of Laracasts. The full answer is here.
In short, I needed to remove the http:// protocol from SESSION_DOMAIN in .env and set it to match APP_URL.
This was the correct answer for this issue. It was deleted by a moderator. Moderator, before you delete this answer as well please can you explain why?
It provides the full answer to the issue raised in the question. I did not find this answer to this issue anywhere else (hence why it took me several days of debug to fix).
If I can know why it was deleted, I can then understand how to avoid making answers in the future that also would be deleted. Thank you.

clear cache on rennokki eloquent-query-cache

Hello I'm using laravel with rennokki's eloquent-query-cache I could cache queries and it works perfectly but i need my cache gone when user logs out.
I tried model::flushQueryCache(); in the logout controller but it doesn't work.
thank you.
This doesn't work like that. How many models have your application? You should import the trait and write the model::flushQueryCache(); for each model you have on logout event.
If you want it more simple, execute Artisan::call('cache:clear') on logout. This will clear everything, but for everyone.
hmrneves thanks for your answer,
public function logout() {
admins::flushQueryCache();
invitations::flushQueryCache();
customers::flushQueryCache();
rides::flushQueryCache();
users::flushQueryCache();
}
I tried this and imported the trait, it doesn't work. and I need to keep cache for other users

Laravel error: Sorry, the page you are looking for could not be found

I need to update a website from a colleague to just add a LDAP connexion.
I use EasyPHP devserver 17.0 with php 7.1.3 and MySQL 5.7.17.
I've read a lot of docs etc to be started and to recover the site in local as it is working actually.
Everything was working so I began to add a login form etc... but when I tried to test a link from the website, it return me the error "Sorry, the page you are looking for could not be found". So I began to search on forums I found some results about routes etc and everything I've tested didn't worked.
So, I decide to use the backup from the website as it was when I juste restore it in local(I precise link to other page and everything was working). I check the link and again, "Sorry, the page you are looking for could not be found". I decide to try another developement tool and download XAMP, exactly same error. I tried with Wamp, Laragon always same error.
In the apache conf mod_rewrite is enabled.
My laravel framework version is: 5.5.39
So my folder look like:
Laravel 5.5.39
The content of routes > web.php:
Route::get('/', function () {
return view('welcome');
})->name('welcome');
// Holidays
Route::get('/holidays/create', 'HolidayController#create')->name('holidays.create');
Route::post('/holidays', 'HolidayController#store')->name('holidays.store');
Route::get('/holidays/{holiday}/delete', 'HolidayController#destroy')->name('holidays.destroy');
Route::get('/holidays/{holiday}/edit', 'HolidayController#edit')->name('holidays.edit');
Route::post('/holidays/{holiday}', 'HolidayController#update')->name('holidays.update');
// Leave types
Route::get('/types/create', 'TypeController#create')->name('types.create');
Route::post('/types', 'TypeController#store')->name('types.store');
Route::get('/types/{type}/delete', 'TypeController#destroy')->name('types.destroy');
Route::get('/types/{type}/edit', 'TypeController#edit')->name('types.edit');
Route::post('/types/{type}', 'TypeController#update')->name('types.update');
// Users
Route::resource('users', 'UserController');
Route::get('/births', 'UserController#getAllBirths')->name('births');
// Leaves
Route::get('/calendar', 'LeaveController#index')->name('calendar');
Route::post('/leaves', 'LeaveController#store')->name('leaves.store');
Route::post('/leaves/{leave}', 'LeaveController#update')->name('leaves.update');
Route::get('/leaves/{leave}/delete', 'LeaveController#delete')->name('leaves.delete');
Route::get('/leaves', 'LeaveController#getAll')->name('leaves');
Route::get('/config', 'ConfigController#index')->name('config');
// Stats
Route::get('/statistics', 'StatsController#index')->name('stats.index');
Auth::routes();
I don't know what I could do but please ask me if you need more information to help me.
If it can help; gitLab link from the site I'm trying to restore: https://gitlab.com/balsigergil/btplan
To fix the problem I had to change the VirutalHost DocumentRoot so the root is the public directory.
DocumentRoot "C:/Users/sadm-m263733/Desktop/EasyPHP-Devserver-17/eds-www/siteBTPlan/public"

Laravel 5 Route Strange Behaviour

I have a Laravel site set up on a Homestead box, so I'm accessing it on sitename.app:8000. I have a route called "news" but when I try to go to sitename.app:8000/news I get oddly bounced out to sitename.app/news/.
If I change the routename to "news2" I can access the desired controller action as per normal at sitename.app:8000/news2. So somehow it's "news" itself that has become uncooperative - and I'm pretty sure that we aren't even getting as far as the NewsController, when I try to access that url.
Can anyone work out from these symptoms what might be going wrong? One "news"-related change I made at some point was to add $router->model('news', "App\News"); in the boot method of the RouteServiceProvider, but removing this doesn't seem to make the difference.
ETA: People keep asking for the routes.php file. I can literally remove everything from the file except
Route::get('news', function() {
return "hello world";
});
Route::get('news2', function() {
return "hello world";
});
and /news2 will work but /news will bounce me out. So I remain pretty convinced that the problem is somewhere deeper than routes.php...
I finally worked out what boneheaded action of mine had been causing this behaviour!
I had created a folder in /public named "news"... i.e. with the same name as an important route. Not sure exactly what havoc this was wreaking behind the scenes for Laravel every time a request for /news was being made, but one can assume it was nothing good.
Advice for anyone tearing their hair out over a route that "mysteriously doesn't work" - check your public folder for possible collisions!
This is a known issue Larvel missing port
The easiest way to solve this problem is to go to public/index.php and set the SERVER_PORT value.
$_SERVER['SERVER_PORT'] = 8000;
Don't forget to set the base url in the config if you are using links on website, the url generator uses the base-url defined in the config.
Last option is to change the vm portfoward in VagrantFile to point to port 80 and use port 80 for your app.

PHP session login different for url with www and without www?

I am debugging on session login, when i am login to www.domainname.com the session will be only set for with www.
When i am going to url domain.com, session login is ignored, and i will be prompted to login form again.
I have set session cookie_domain also, but not working.
Any one can help me? why?
I know this question is as old as "Who came first? The egg or the chicken?"
I had a lot of trouble about this issue.
But... if you're using php I've found a solution:
In your login script insert in the first line
<?php
session_set_cookie_params(0, '/', 'www.yourdomain.com');
session_start()
?>
or you can try yoursubdomain.yourdomain.com instead www.yourdomain.com.
It works for me. Hope it help other users too.
I highly recommend redirecting users to the canonical version of the site (probably the www.example.com domain). Look around, you'll notice that most sites do exactly this for consistency (including SO; see what happens when you go to www.stackoverflow.com).
Have you tried setting the session domain to ".example.com"?:
$lifetime = 0;
$path = '/';
$domain = '.yourdomain.com';
session_set_cookie_params($lifetime, $path, $domain);
Note the dot in the beginning of the $domain string variable.
Check the reference of the function here.

Resources