I have this Laravel application, in which I want to display the name of the logged in user in the pages.. Thing is, I'm getting the data in the web.php file, like this:
Route::get('/', function () {
$welcomeNames = DB::table('users')->get();
return view('welcome', ['welcomeNames' => $welcomeNames]);
});
And then, in my welcome.blade.php, I return the data like this:
#if (!Auth::guest())
#foreach($welcomeNames as $key => $data)
#if ($data->name == Auth::user()->name )
<tr>
<th>{{$data->name}}</th>
</tr>
#endif
#endforeach
<a href="{{ route('logout') }}" onclick="event.preventDefault(); document.getElementById('frm-logout').submit();" class="text-sm text-gray-700 dark:text-gray-500 underline">
Logout
</a>
<form id="frm-logout" action="{{ route('logout') }}" method="POST" style="display: none;">
{{ csrf_field() }}
</form>
#else
#endif
My question is: is this a safe practice? I don't know if getting the data from the DB in my route is safe. Thanks in advance!
It is safe as long as you do not show it somewhere where it doesn't belong. But its bad practice and shouldn't be done if not really needed. AND controllers are way more organised in any way.
Related
I'm working with Laravel 8 and I wanted to build my own logout method like this:
public function logout(Request $request)
{
$this->guard()->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
if ($response = $this->loggedOut($request)) {
return $response;
}
return $request->wantsJson()
? new JsonResponse([], 204)
: redirect('/');
}
And I have created this link just like the Laravel's default auth system:
<div class="profile-user-loggedin">
<a href="{{ route('logout') }}">
<img src="img/icon-logout.png" style="width: 26px;" alt="" onclick="event.preventDefault(); document.getElementById('logout-form').submit();">
</a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
{{ csrf_field() }}
</form>
</div>
And here is the route:
Route::post('/logout', [App\Http\Controllers\Auth\LoginController::class, 'logout'])->name('logout');
Now when I click on the link to logout the user, it properly redirects to the homepage of website but the problem is that the user is still logged in somehow!
I don't know really what's going wrong here since I the route and method looks fine.
So if you know, please help me out with this...
Thanks.
Use the below code in your custom logout function
Auth::logout();
I'm building a new Laravel app, using Breeze.
What i'm trying to do is get the authenticated user id to redirect it to the profile route, which is:
Route::group([
'prefix' => 'profile',
'as' => 'profile.',
'middleware' => ['auth']
], function () {
Route::get('/{id}', [ProfileController::class, 'show'])->name('profile');
}
);
But, on the layout of navigation, as shown below, i can't manage to get it on the :href.
I already tried some approaches, like:
:href="{{ route('profile', [Auth::user()->id]) }}"
:href="{{ route('profile',/([Auth::user()->id])) }}"
But none of them seems to work.
The navigation.blade.php dropdown part:
<x-slot name="content">
<x-dropdown-link :href="route('admin.aprovar')">
{{ __('Aprovações') }}
</x-dropdown-link>
<x-dropdown-link>
{{ __('Perfil') }}
</x-dropdown-link>
<!-- Authentication -->
<form method="POST" action="{{ route('logout') }}">
#csrf
<x-dropdown-link :href="route('logout')"
onclick="event.preventDefault();
this.closest('form').submit();">
{{ __('Log Out') }}
</x-dropdown-link>
</form>
</x-slot>
Any help or hint would be appreciated.
Thanks for your time!
Credits to #aynber to answering, what i needed to do was:
{{ route('profile', ['id' => Auth::user()->id]) }}
I'm trying to use Policies inside a Post Component, using Laravel. This is how I'm iterating through the posts in my page.
#foreach($posts as $post)
<x-post
:id="$post->id"
:title="$post->title"
:description="$post->description"
:userId="$post->user_id"
:img="$post->img"
:author="$post->user->name"/>
#endforeach
In the post.blade.php I'm trying to use a 'update' policy method to define which users can see the post:
#can('update', Auth::user(), /*What shoud I pass here?*/)
<a class="btn btn-success"href="{{route('posts.edit', $id)}}">
<i class="bi bi-pencil"></i>
</a>
#endcan
What should I pass as the second parameter of the policy? Normally, it would be a post variable. Since I'm already inside a post, I don't know to proceed.
You could check outside the component. Something like
#foreach ($posts as $post)
<x-post
:id="$post->id"
:title="$post->title"
:description="$post->description"
:userId="$post->user_id"
:img="$post->img"
:author="$post->user->name"
:canUpdate="Auth::user()->can('update', $post)"/>
#endforeach
#if ($canUpdate)
<a class="btn btn-success"href="{{ route('posts.edit', $id) }}">
<i class="bi bi-pencil"></i>
</a>
#endif
I have a problem with the laravel sessions or with crsf tokens of laravel, I dont know.
My laravel installation (v7.x) has a typical login (generated with 1php artisan make:auth1), and my problem is when I need close my session (post request to /logout route), I see in my navigator network a 302 code request, but in my form I have my csrf token and I can see it in the post request.
Sometimes I can "execute" the logout, laravel redirect me to /login route, but in my navigator i put manually the /home route (I need to be athenticated to enter here) and I see that my session is still open :|
Any ideas?
My web.php
Route::get('/', function () {
return redirect('/login');
});
Auth::routes();
Route::middleware(['auth', 'web'])->group(function () {
Route::get('/home', 'AppController#index')
->name('home');
// Orders
Route::get('/order/detail/{id}', 'AppController#show_order_detail')
->name('show_order_detail');
Route::get('/order/list', 'AppController#show_order_list')
->name('show_order_list');
Route::post('/order/update/status', 'AppController#update_order_status')
->name('update_order_status');
Route::post('/order/search_order', 'AppController#search_order')
->name('search_order');
Route::post('/order/filter_orders_by_status', 'AppController#filter_orders_by_status')
->name('filter_orders_by_status');
// Refund
Route::get('/order/refund/{id}', 'AppController#show_refund')
->name('show_refund');
Route::post('/order/send_refund', 'AppController#send_refund')
->name('send_refund');
// Users
Route::get("/administration/users", "AdministrationController#users_list")
->name("users_list");
Route::get("/administration/users/add", "AdministrationController#show_form_add_user")
->name("add_user");
Route::post("/administration/users/add/send", "AdministrationController#add_user_send")
->name("add_user_send");
Route::get("/administration/users/detail/{userId}", "AdministrationController#user_detail")
->name("user_detail");
Route::post("/administration/users/setpassword", "AdministrationController#user_setpassword")
->name("user_setpassword");
// Audit Log
Route::get("/administration/audit", "AdministrationController#show_audit")
->name("show_audit");
});
My logout form (its a link with a javascript event)
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdown">
<a class="dropdown-item" href="{{ route('logout') }}"
onclick="event.preventDefault();
document.getElementById('logout-form').submit();">
{{ __('Logout') }}
</a>
<form id="logout-form" action="{{ route('logout') }}" method="POST" class="d-none">
{{ csrf_field() }}
</form>
</div>
$permissions = DB::table('file_permissions')
->leftjoin('adminfiles','file_permissions.fileid','adminfiles.id')
->where('user_id', $user)
->get();
I am getting these file permissions as per user from the database and listing them in the left column of the admin panel
<ul class="treeview-menu">
#foreach($permissions as $permission)
<li><i class="fa fa-circle-o"></i> {{ $permission->filename }}</li>
#endforeach
</ul>
But in the output it makes url like this
http://localhost/laravel/$permission-%3Efileaddress
thanks in advance
Check the Laravel route parameters
https://laravel.com/docs/5.5/routing#route-parameters
Example (see docs)
Route::get('user/{id}', function ($id) {
return 'User '.$id;
});
Link like that
link
I think this will do the trick.
<a href="{{ url('') }}/{{ $permission->fileaddress }}">