I am using Tank Auth, and require my users validate their email addresses. Upon validation, users are still not logged in. I would like users to be automatically logged in when activating their account.
In my previous version (home-grown auth) I wrote a login function that didn't require a password, that was only callable in that situation. However, I can't see a way of doing that in Tank Auth. One solution would be to cache passwords until activation, but I really don't want to do that...
You can just bypass your login system.
Store either thier email address OR alias in a cookie.
when they activate grab the cookie, search(verify they exist) for the user, then setup a normal login session.
A login is just a set of session rules.
inside your activation script/email process, append
$this->_set_ac_cookie({email});
-
protected function _set_ac_cookie({email})
{
return $this->input->set_cookie(array(
'name' => 'ac_cookie_'.{email},
'expire' => '7200', //You may mirror when/if your activation key expires
'domain' => 'yourdomain.com',
'path' => '/'
));
}
check cookie exists
protected function _before_activation({email})
{
return $this->input->cookie('ac_cookie_'.{email})) ? TRUE : FALSE;
//make sure {email} has a UNIQUE db constraint
}
when the user clicks the activation link
if($this->_before_activation({email}))
{
//check user exists AND activation status === false (0)
//grab the user details from db based on {email}, set activation status to true (1)
//setup login session
$this->session->set_userdata(array(
'logged_in' => (int)1,
'user_id' => {user->id},
'alias' => {user->alias}
));
redirect('dashboard');
}
else
{
//sorry!
}
If you take a look at the code inside tank auth that handles the email activation, you'll see that it explicitly logs the user out on email verification.
https://github.com/ilkon/Tank-Auth/blob/master/application/controllers/auth.php
Line 243.
You could just comment out $this->tank_auth->logout(); on line 244 and it should work as you want it to, but this would be bad practice.
Related
Does laravel provide a way to prevent multiple logins of a user from different devices / browsers at a given time? If yes then how can i force a user to logged in from a single device at a single time. I am developing a online quiz app using laravel 5.6 where users can logged in from a single place and take test.
laravel provide this method to invalidating and "logging out" a user's sessions that are active on other devices logoutOtherDevices()
to work with this method you need also to make sure that the
Illuminate\Session\Middleware\AuthenticateSession
middleware is present and un-commented in your app/Http/Kernel.php class' web middleware group:
'web' => [
// ...
\Illuminate\Session\Middleware\AuthenticateSession::class,
// ...
],
then you can use it like this
use Illuminate\Support\Facades\Auth;
Auth::logoutOtherDevices($password);
Perhaps this should get you started:
Add a column in users_table.php
$table->boolean('is_logged_in')->default(false);
When a user logs in: LoginController.php
public function postLogin()
{
// your validation
// authentication check
// if authenticated, update the is_logged_in attribute to true in users table
auth()->user()->update(['is_logged_in' => true]);
// redirect...
}
Now, whenever a user tries to login from another browser or device, it should check if that user is already logged in. So, again in LoginController.php
public function index()
{
if (auth()->check() && auth()->user()->is_logged_in == true) {
// your error logic or redirect
}
return view('path.to.login');
}
When a user logs out: LogoutController.php
public function logout()
{
auth()->user()->update(['is_logged_in' => false]);
auth()->logout();
// redirect to login page...
}
I have overwritten Login and Logout functionality as I need to check many more conditions to authenticate the user like below.
public function login(Request $request)
{
$this->validateLogin($request);
$input=$request->all();
$user=User::where('username',$input['username'])->first();
//If Temp Password is set
if(strlen($user->temp_password)>10)
{
if (Hash::check($input['password'], $user->temp_password))
{
Auth::login($user);
$this->setUserSession($user);
$landing_page=Menu::find($user->landing_page);
return redirect()->route($landing_page->href);
}
else {
session()->put('failure','Invalid Username or Password');
return redirect('/login');
}
}
else{ //If Temp password is not set
if (Hash::check($input['password'], $user->password))
{
Auth::login($user);
$this->setUserSession($user);
$landing_page=Menu::find($user->landing_page);
return redirect()->route($landing_page->href);
}
else {
session()->put('failure','Invalid Username or Password');
return redirect('/login');
}
}
}
Now I need to restrict Same user from login once again in some other screen or place. I have checked Session Data but nothing is stored as Unique for a User.
ie. If a username admin is loged in US the same username admin must not be allowed to login from UK.
Update
Oh bagga, question wasn't quite clear. You are trying to restrict the number of sessions to 1 only. If I get it, then you will have to use a database session driver. Right now, I think you may be using the default driver (file). It only checks the session within the same browser. Using database session may allow you to check for session everywhere, and restrict the number of connections.
First, make sure your routes are within the web middleware so they can access sessions. Then, inside of the web middleware, create a group of routes that are only accessible for users who are not logged in.
Route::group(['middleware' => 'guest'], function () {
Route::get('login', 'LoginController#login');
// any other route
});
Logged in users won't be able to access the login route anymore.
You could also do the check in your login function to see if the user's is already connected by using
if (Auth::check()) {
// user is connected
// redirect them
}
What does this->setUserSession($user) do?
You can do this using login token.
Generate a login token and keep it in database.
And check for it's entry in database while logging in.
If it doesn't exist let log in success.
Else fail.
And delete login token every time user logs out.
Or
you can generate new token on each login success. And deleting old token and invalidating the old login.
But in this case you have to keep that token in session and for each request you have to check that token with database token.
If it matches, allow user
Else logout the user with notice.
I'll prefer the second method personally.
As you can check for the token in the middleware itself.
Hello guys I want to make the remember me checkbox and I want to save the user info into cookies so next time when try to login he find the user name and password in their fields I try to use :
$rememberMe = false;
if(isset($req->remember_me)) {
$rememberMe = true;
}
if(Sentinel::authenticate($req->all(), $rememberMe)) {
$slug = Sentinel::getUser()->roles()->first()->slug();
}
The cookies was set, I see it in the chrome settings but it does not do as I expect
I'm using laravel 5.2
You can use Cookies
cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity
To create:
$response->withCookie(Cookie::make('name', 'value', $minutes));
To retrieve
$value = Cookie::get('name');
Your question is not to remember the user login.. The question is how to fill the inputs based on saved auth information. You can do that if you print the authentication values in the input value attribute while loading the page.
larval Cookies Docs
Also Laravel has it's own implementation of "Remember Me"
if (Auth::attempt(array('email' => $email, 'password' => $password), true))
{
// The user is being remembered...
}
if (Auth::viaRemember())
{
//
}
More information about https://laravel.com/docs/5.4/authentication#remembering-users
There is two main thing need to taken care:
1) You must pass a bool value as second parameter to the method, make sure you cast it before passing it to the method. - In your code, it's perfect
$credentials = $req->only('LOGINNAME', 'PASSNAME')
if(Sentinel::authenticate($credentials , $req->has('remember_me'))){
//Other stuff
}
2) you can verify it works by ensuring a cookie is set with the key cartalyst_sentinel?
So first change as per 1) option and then check the 2) option, may be this is your answer.
I have two user types in my registration page one is admin and another one is user,I have login page.when I logged as a admin it goes to dashboard, in dashboard I have 10 different types of components.when I logged as admin,dashboard should be display all components.but when I logged as a user dashboard should be display only 5 components(those who are related to user).I want to display these by using sessions.can you please help me how to do this by using sessions.and when I open any component in dashboard,username should be displayed on the top of the page.
public function login()
{
$data['error'] ="Invalid Login";
$this->load->view('auth/header');
if($this->input->post())
{
$user = $this->UserModel->login($this->input->post());
if(count($user)>0)
{
$array = array(
'client_id' => $user['client_id'],
'client_type_id'=>$user['client_type_id'],
'email' => $user['email'],
'password' => $user['password'],
);
$this->session->set_userdata($array);
}
else
{
$data["error_message"]="Invalid User Name and Password combination";
}
}
}
In your logging process, you can check user id and get query using id. Then you can check what are the components for logged user can access.
Get these details and put it to variable.then you can use session.
$this->session->set_userdata('set name',your variable);
and you can access this session anywhere you want.
$this->session->userdata('set name');
You can get user name via user id.
set user info in $your_var
$this->session->set_userdata('user_info', $your_var);
pass user info in array
$this->data['user_info']=$this->session->userdata['user_info'];
distroy session user info
$this->session->unset_userdata("user_info");
I'm just working on the user management-component of our new project.
The plan is:
User registers on the page with minimal amount of account data (username, pass, email)
User gets an email with an activation link to activate the account
User clicks on the link and activates his account
The system logs in the user after automatically after activation and redirects him to kind of a dashboard with account information (last login, hi "username", etc.)
But there are some problems with the auto login. this is the part of the code i use:
<?php
...
// set userstatus to "active" and delete meta information "activation_key"
// then automatically login
$this->User->id = $id;
$this->User->saveField('modified', date('Y-m-d H:i:s') );
$this->User->saveField('status', 1 );
// $this->User->deleteActivationKey ....
$this->Auth->login($this->User->read());
$this->Session->setFlash(__('Successfully activated account. You are now logged in.'));
$this->User->saveField('last_login', date('Y-m-d H:i:s') );
$this->redirect(array('controller' => 'pages'));
...
This works so far, until you want to get information about the logged in user with the user() function of the Auth Component.
We're using this in AppController->beforeRender, to have user information application wide:
$this->set('auth', $this->Auth->user());
but after that auto login action, i'm getting undefined index notices. (e.g. by accessing $auth['id'] in a view). print_r() shows me only the username and hashed password of the current user.
If you login manually, everything works fine. it must be something with the automatic login after the account activation.
Seems to be a problem with the session? What am i doing wrong?
Found a solution after testing many variations.
Works now with:
$user = $this->User->findById($id);
$user = $user['User'];
$this->Auth->login($user);
Don't know why, i thought i tried this way already and that did not work.
Have you tried this? (CakePHP 2.x)
public function signup() {
if (!empty($this->request->data)) {
// Registration stuff
// Auto login
if ($this->Auth->login()) {
$this->redirect('/');
}
}
}
That simple!