script post message without check login phpbb3 - validation

I have made an script that replaces the posting.php in some forums, but without login in, I can post with it... which code I need to add or edit to make that check?
My script only has a form with some inputs and a submit button, and some lines of phpbb3 to integrate it with theme, and to use the submit_post function.
But I dont know how to restrict the script to logged users....
I have tried to read posting.php, but nothing was solved...
Could anyone help me?

My assumption is that you already have access to the $users object from PHPBB.
Since the first user in the system is Anonymous (and PHPBB uses this as the guest account), you can check if that is the user currently being used.
if ($user->data['username'] == 'Anonymous')
{
echo 'Please login!';
}
else
{
// Your existing code
}

Related

User authenticating but not staying logged in Laravel 8.x

When testing my application and trying to create a new user then on form submission I am getting error 419.
If I use a helper to log in using Auth::loginUsingId(x) for an existing user then dd(auth()->user()) is successful but when I redirect to another page the user is no longer logged in. eg running the following code, you end up getting redirected to /login:
Route::get('/logInAs/{id}', function ($id) {
Auth::loginUsingId((int) $id);
dd(\auth()->user());
return redirect()->route('dashboard');
});
I would share more code but I'm not sure what would be useful at this point?
I've probably spent about seven hours trying to fix this so far. It's driving me up the wall!
The app works fine on other environments, such as staging. I've even gone so far as to re-download it from github as a fresh install (in case I was messing about in vendor directory and changed something), but that hasn't fixed it.
I get the same issue on Chrome, using different signed in users on Chrome, using incognito mode on Chrome, using Firefox, and using valet share and accessing my local version on another device, like a phone, so I don't think it is to do with browser caching.
When other devs working on the project run it locally on their machines I haven't had reports of this issue, so it seems to just me my local environment.
I've variously tried changing CACHE_DRIVER and SESSION_DRIVER in .env to no joy, but I'm beginning to lose the will to live so don't really know if I'm doing the right thing there - please help if you can!!
Edit to add more detail:
Middleware on the dashboard route:
Route::middleware(['auth:sanctum', 'verified'])->group(function(){
Route::get('/dashboard', DashboardController::class)->name('dashboard');
});
If I remove the middleware then I just get an error that user is null on dashboard.blade.php, ie the user is still not staying logged in.
A custom middleware:
class VerifyUserIsMerchant
{
public function handle(Request $request, Closure $next)
{
if ($request->user()->isMerchant()) {
return $next($request);
}
throw new AccessDeniedHttpException('You must be a merchant to access this page');
}
}
If I dd($request->user()) in this middleware it returns null.
The issue got fixed with the help of Laracasts. The full answer is here.
In short, I needed to remove the http:// protocol from SESSION_DOMAIN in .env and set it to match APP_URL.
This was the correct answer for this issue. It was deleted by a moderator. Moderator, before you delete this answer as well please can you explain why?
It provides the full answer to the issue raised in the question. I did not find this answer to this issue anywhere else (hence why it took me several days of debug to fix).
If I can know why it was deleted, I can then understand how to avoid making answers in the future that also would be deleted. Thank you.

Is it possible to get Laravel user data from Vue JS?

i have a Laravel 5.4 application where i do all Authentication based logic through PHP and then redirect the user to a catchAll route when they are authenticated, and let VueRouter take it from there...
I'd like to also use Entrust because my app will have several types of users and some elements (like an Edit User button) will only be visible to some user Roles.
I might also want to implement specific permissions, like some Admins can edit user Permissions, while others do not.
The issue is, alright i'm in Javascript territory now, so how do i know what my current Auth user is? Setting a global JS variable for Auth::user doesn't seem like a good idea to me.
Perhaps i would instead pass just an ID, but how exactly without making it globally visible as a window variable?
I think you may create an auth/check API call, like this:
protected function check()
{
if(Auth::guard('api')->check()) {
return Auth::guard('api')->user();
}
return ['success' => false];;
}
And then get current user with this call.

Redirecting from one View to another and changing the whole URL codeigniter

I am working on codeigniter and I am making a login page. When i validate the credentials I wan to move the user to next view if the credentials are correct.
I am using following command to redirect the user but it is merging the new view to the existing view and the url being shown in the browser is also getting appended.
$this->load->view('DataEntry');
URL before executing this command :http://127.0.0.1:8080/ci/
URL after executing this command : http://127.0.0.1:8080/ci/index.php/CI/DataEntry
how can i redirect the user from one view to another without appending the url and what is the right way to do it ?
I am an abolute beginner. so accept my apologies for dumb questions.
In general, it should be something like this:
//pseudo code
if ($validation_passed)
{
redirect('secret_page_controller/secretpage_method');
}
else
{
//if validation failed
$this->load->view('view_where_login_form_is');
}
Follow basic example from docs.
Please, format your code appropriate and add controller/method(s) code.

cron job on codeigniter password protected site

Hey guys hope you could help me out
I am trying to get a cron job to work with a codeigniter application but its just not happening. I have cpanel and ftp access.
The site is password protected. I have been googling for a long time with no luck.
I dont really know linux, and although I do intend to atleast learn the basics of linux commands later, but for now I just want a simple cron job to work.
basically to test the cron job, I have a method
public function update_cronjob2() {
$to = "my_email#domain.com";
$subject = "asdf!";
$message="cronjob";
mail($to,$subject,$message);
}
when I enter the url directly,i.e
http://www.site.com/my_directory/index.php/home/update_cronjob2
I get the email. but not with cron jobs.
This is what I have tried so far. Note that I have pasted everything as-is and only replaced the text for username, password and site. no symbols, etc added
wget --user='user123'--password='pass123' http://www.site.com/my_directory/index.php/home/update_cronjob2
AND
wget http://www.site.com/my_directory/index.php/home/update_cronjob2
and
$ cd /my_directory/project;$ php index.php home update_cronjob2
Is it possible for you to place the cron outside the admin/user part of the site? It sounds like you need to be logged in to access given page. That's why your browser can handle it, but not the cron.
That, or you could do add this in your login part:
if ( ! in_array($this->uri->segment(1), array('cron'))) {
// Login prompt
}
Or maybe you have some other issue?

Magento - Redirect back (similar to using setBeforeAuthUrl) when user creates a new account

I have the following controller action, which redirects to the login page if no user is logged in:
public function requireloginAction() {
if(!Mage::getSingleton('customer/session')->isLoggedIn()) {
// Not logged in
// Save requested URL for later redirection
Mage::getSingleton('customer/session')->setBeforeAuthUrl($this->getRequest()->getRequestUri());
header("Status: 301");
header('Location: '.Mage::helper('customer')->getLoginUrl()); // send to the login page
}
else {
// Logged in
.. do something ..
}
}
By using setBeforeAuthUrl, once the user logs in he/she is redirected back to this action.
Problem:
If instead of logging in, the user, creates an account he/she is then redirected to the main page, rather then to the url set in setBeforeAuthUrl.
Question:
Is there something similar to setBeforeAuthUrl that works with Account Creation too? Or how can I achieve the desired effect?
(Magento Version 1.6)
You can try using the following extension. http://www.magentocommerce.com/magento-connect/MagePsycho/extension/3763/custom_login_redirect
Or you can also open app/code/core/Mage/Customer/controllers/AccountController.php and look for the createPostAction() function around line 328 edit:
$url = $this->_welcomeCustomer($customer);
$this->_redirectSuccess($url);
to
$url = 'http://www.mycustomrediurecturl.com';
$this->_redirectSuccess($url);
If you want to do it the nice way override the controller add configuration options and make it a module :)
Cheers
Found solution.
First of all, setBeforeAuthUrl($url) does work for both "Log In" and "New Account Creation"!
The main difference (and the reason I had the problem) is that for a "New Account Creation" Magento checks if $url is within the domain name of the current store and if it is not, it redirects to the "My Account" page. While the redirection for "Log In" redirects to any $url.
I do not know if this is a bug or a feature (I'm using V1.6.0.0).
So just make sure to redirect to a url within the domain name of the current store - especially in a Multi Store configuration.

Resources