I've made a CMS, in Laravel, for a local charity, as part of my final research project. I have to present it in the morning and I have one niggling problem, that I can't figure out.
I have posts and comments, users and admins. Any authenticated user-type can comment on a post. I have a modal, for logging in, on the single post page and this is just a simple #if statement, that replaces the button.
If I login as an admin, I'm redirected to the admin panel, which is what I wanted. If I login as a user, i'm redirected to home; not good. I simply want to redirect a user using return back()->withInput I cannot seem to find the right class that deals with a user's redirect. I have tried in the login controller and the redirectIfAuthenticated middleware and neither works.
I'm tired, it's 4am and I'm probably looking in the wrong files. A little help would be great though, thank you.
the simplest solution is to define an authenticated method inside your AuthController and put the logic there:
protected function authenticated($request, $user)
{
if($user->role === 'admin') {
return redirect()->intended('/admin_path_here');
}
return redirect()->intended('/path_for_normal_user');
}
Related
I'm currently working on a inventory system with login for Admin and different units and what I need to make is the Login to redirect users deppending on their ROLE
I've read through the documentation and found loads of information but nothing I work on works.
I know the gist is to put an IF inside the onAuthenticationSuccess, and check the roles and redirect them accordingly, the problem is that I don't know how to retrieve the role after login.
I've tried checking isGranted, getRoles and the Custom APi suggestion on Symfony documentation.
Sorry if the post doesn't have the format, but I'm brand new to stackoverflow and quite new in PHP coding.
You can change the default target path for a login, see Changing the default page in the security documentation.
This will guide all your users to the same page after login. On this page you can perform a role check and display different content or redirect again based on their role. This might not be perfect - for example if you are not careful, you might get too many redirects in your browser - but it is probably the fastest and easiest way to solve your problem, because you can just use the helper methods in the Controller that you are probably more accustomed to.
If you want to already decide where to redirect your users while they login, you will need a custom Authenticator. See Step 3 in How to Build a Login Form to see how an Authenticator generally looks. You will then have to change onAuthenticationSuccess, e.g. something like this:
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
// the $token holds the user object. You might have stumbled upon this in the context of the service `security.token_storage`
$user = $token->getUser();
if (in_array('ROLE_ADMIN', $user->getRoles(), true)) {
return new RedirectResponse($this->urlGenerator->generate('app_admin_dashboard'));
}
return new RedirectResponse($this->urlGenerator->generate('default_route'));
}
Be careful that the role check I do there, might not work when you use hierarchical roles, see: Hierarchical Roles.
I know i is a very common question, but i am purely new to laravel and i know very little about laravel thats's why i am asking it.
So point is that when a user enters http://dytube.cric4fun.com/ he must be automatically redirected to the http://dytube.cric4fun.com/login
So, how i do this, in past in simple non-laravel based we used .htaccess and in laravel how we will do it.
You can change your home directory route in web.php file like this:
Route::get('/', function(){
return redirect()->route('login');
});
This way, if the user is logged in, he/she will be automatically redirected to home page and anywhere you have chosen for redirection after successful login.
I have a controller that displays a page depending on whether a user has already signed up for something when initially registering for the site.
If their organisation has already been registered, the page shows their profile which they can edit etc. (That bit works fine)
But if they haven't the page is supposed to show a registration page where they can sign up
I've done this using:
$this->call('\Controllers\RegisterOrgController');
The user has an option of a free basic package, or a premium/premium plus package, which will require the user to be redirected to a payment page. My problem is, while this does show the registration page, it just registers the organisation when they choose 'premium' or 'premium plus' and doesn't show a payment page.
I know that it would be best to extend the organisation registration page from the profile page to get it to use the functionality; however, as the organisation profile page is primarily supposed to display a profile, I have it extending its own controller (from my recollection, you can't extend two classes) and using the register organisation controller to display the form.
I've seen ways to redirect pages in javascript, angularJS asp.net/C# but none of them have worked so far when adapted for PHP
I was thinking of setting the header:
header('location: ' . [function to get URL for new location]);
But this wouldn't work as the path is a subpath (register/organisation) and 'register' cannot be viewed if the user is logged in and the organisation profile has its own path name (organisation-profile).
TL;DR: it there a way to display a page by calling a controller that does this from another controller and still have the functionality, despite having a different path
Any help would definitely be appreciated,
Thanks in advance!
Ok, so I figured out what I was doing wrong when it comes to the registration flow.
My idea was ok, but the execution was terrible, so I thought I'd share the solution just in case anyone was having a similar issue (although this may be statistically unlikely)
The Problem
The registration process allowed the user to register an organisation either when they initially registered for the site, or after they had signed up and had their account verified.
The registration page was not supposed to be view-able if the user was logged in; however, the organisation registration page stemmed from this page, which was causing a conflict as the paths were different.
The Solution
Change the organisation profile controller to redirect to the organisation registration page instead of calling the registration controller.
Change the registration controller to show the page even if the user is logged in to keep the registration flow
In the go() function check the subpath of the page and if it is 'register', run the unauthenticated function to make sure the registration form doesn't ever show when logged in. This will allow you to follow the registration flow for an organisation but not have the registration page appear.
Hope this helps anyone having a similar problem with their registration flow!
I have a Laravel 5.1 app using Sentinal for security. Right now we're just using the two stock groups, Users and Admins. Recently I invited a colleague to start testing my app, so I created a user for him. I forgot to add him to the Admins group. When he logged on in infinite redirect loop started because the authentication redirect sends users to a route called home, but you can't load home if you aren't in Admins, and get redirected back to login. Which redirects you back to home.
This is a business rule, we only want Admins using the part of the app that they need to authenticate to, but we'd like to do something friendlier than sending a 403 if you aren't an Admin. I would like to send Authenticated Users to a specific route, or even just redirect them to a static page.
I think I've almost worn out Google trying to get a clue about how to do this. Seems like this should be easy-peasy. I could start hacking the vendor code, but I can't believe that there isn't a more graceful way to do this.
Sorry if this is a dumb question. I'm fairly new to Laravel.
OK folks, I got this working. I wrote a piece of middleware called RedirectIfNotAdmin.
I couldn't find a Sentry or Guard property/method that could tell me about group membership, so I made plain ol' eloquent models for my users and groups tables. I created a many-to-many between those models. In my middleware I use Sentry to get a user id, with that I instantiate one of my own User models. In my User model I implemented a method isAdmin() which gets the groups for the User and returns true if one of them is 'Admins'.
If that isAdmin() method returns false, I redirect to a page that explains that the user doesn't have permissions.
Quite a bit more elaborate solution than what I expected I would need to write. I really thought rydurham/sentinal would have this pretty much solved. Maybe Sentinal does have a cleaner solution and I'm too dense to find it. If anybody would like to comment on a better way to solve this, I'm all ears.
I've been using CakePHP for some time now. But I still fail to solve some issues on my own.
Its been difficult to understand how Cake Auth works but in these past few weeks I've managed to work with it.
Now to my issue:
I have 2 separate tables(Say for Admin Users and Normal Users). Both have different Controllers (Lets say they are AdminsController and UsersController).
Now I have completed Users module without any trouble. Users login and Admin Login are different views. As I dont want any normal User to be able to get their hands on Admin login page I've kept it separate from normal user login.
Users login works fine with Auth. But now I want to use another Auth for AdminController for some reason I am unable to make use the second Auth from AdminController and control automatically transfers to the Users Login
It would be great if someone could point in the correct direction. Please!
Thank You. In advance!!
P.S : I've also tried using Auth->userModel
Sorry everyone I was using Auth->userModel slightly wrong way.
I was adding it to my Admin Controller but not in User Controller so if you came here looking for an answer please use
$this->Auth->userModel="User";
in every controller in beforeFilter()
enjoy.......